5.4-stable patches

added patches:
	erspan-check-ifla_gre_erspan_ver-is-set.patch
	firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch
	ip_gre-do-not-report-erspan-version-on-gre-interface.patch

diff --git a/queue-5.4/erspan-check-ifla_gre_erspan_ver-is-set.patch b/queue-5.4/erspan-check-ifla_gre_erspan_ver-is-set.patch
new file mode 100644 (file)
index 0000000..fbbf2c4
--- /dev/null
+++ b/queue-5.4/erspan-check-ifla_gre_erspan_ver-is-set.patch
@@ -0,0 +1,33 @@
+From 51fa960d3b5163b1af22efdebcabfccc5d615ad6 Mon Sep 17 00:00:00 2001
+From: William Tu <u9012063@gmail.com>
+Date: Tue, 12 May 2020 10:36:23 -0700
+Subject: erspan: Check IFLA_GRE_ERSPAN_VER is set.
+
+From: William Tu <u9012063@gmail.com>
+
+commit 51fa960d3b5163b1af22efdebcabfccc5d615ad6 upstream.
+
+Add a check to make sure the IFLA_GRE_ERSPAN_VER is provided by users.
+
+Fixes: f989d546a2d5 ("erspan: Add type I version 0 support.")
+Cc: Eric Dumazet <eric.dumazet@gmail.com>
+Signed-off-by: William Tu <u9012063@gmail.com>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ip_gre.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -1106,7 +1106,8 @@ static int erspan_validate(struct nlattr
+       if (ret)
+               return ret;
+ 
+-      if (nla_get_u8(data[IFLA_GRE_ERSPAN_VER]) == 0)
++      if (data[IFLA_GRE_ERSPAN_VER] &&
++          nla_get_u8(data[IFLA_GRE_ERSPAN_VER]) == 0)
+               return 0;
+ 
+       /* ERSPAN type II/III should only have GRE sequence and key flag */

diff --git a/queue-5.4/firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch b/queue-5.4/firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch
new file mode 100644 (file)
index 0000000..88d5d9d
--- /dev/null
+++ b/queue-5.4/firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch
@@ -0,0 +1,34 @@
+From f2ed165619c16577c02b703a114a1f6b52026df4 Mon Sep 17 00:00:00 2001
+From: Zhang Shurong <zhang_shurong@foxmail.com>
+Date: Sat, 15 Jul 2023 22:13:38 +0800
+Subject: firmware: meson_sm: fix to avoid potential NULL pointer dereference
+
+From: Zhang Shurong <zhang_shurong@foxmail.com>
+
+commit f2ed165619c16577c02b703a114a1f6b52026df4 upstream.
+
+of_match_device() may fail and returns a NULL pointer.
+
+Fix this by checking the return value of of_match_device.
+
+Fixes: 8cde3c2153e8 ("firmware: meson_sm: Rework driver as a proper platform driver")
+Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
+Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
+Link: https://lore.kernel.org/r/tencent_AA08AAA6C4F34D53ADCE962E188A879B8206@qq.com
+Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/firmware/meson/meson_sm.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/firmware/meson/meson_sm.c
++++ b/drivers/firmware/meson/meson_sm.c
+@@ -302,6 +302,8 @@ static int __init meson_sm_probe(struct
+               return -ENOMEM;
+ 
+       chip = of_match_device(meson_sm_ids, dev)->data;
++      if (!chip)
++              return -EINVAL;
+ 
+       if (chip->cmd_shmem_in_base) {
+               fw->sm_shmem_in_base = meson_sm_map_shmem(chip->cmd_shmem_in_base,

diff --git a/queue-5.4/ip_gre-do-not-report-erspan-version-on-gre-interface.patch b/queue-5.4/ip_gre-do-not-report-erspan-version-on-gre-interface.patch
new file mode 100644 (file)
index 0000000..4310cb7
--- /dev/null
+++ b/queue-5.4/ip_gre-do-not-report-erspan-version-on-gre-interface.patch
@@ -0,0 +1,99 @@
+From ee496694b9eea651ae1aa4c4667d886cdf74aa3b Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <liuhangbin@gmail.com>
+Date: Sat, 3 Dec 2022 11:28:58 +0800
+Subject: ip_gre: do not report erspan version on GRE interface
+
+From: Hangbin Liu <liuhangbin@gmail.com>
+
+commit ee496694b9eea651ae1aa4c4667d886cdf74aa3b upstream.
+
+Although the type I ERSPAN is based on the barebones IP + GRE
+encapsulation and no extra ERSPAN header. Report erspan version on GRE
+interface looks unreasonable. Fix this by separating the erspan and gre
+fill info.
+
+IPv6 GRE does not have this info as IPv6 only supports erspan version
+1 and 2.
+
+Reported-by: Jianlin Shi <jishi@redhat.com>
+Fixes: f989d546a2d5 ("erspan: Add type I version 0 support.")
+Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: William Tu <u9012063@gmail.com>
+Link: https://lore.kernel.org/r/20221203032858.3130339-1-liuhangbin@gmail.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ip_gre.c |   48 +++++++++++++++++++++++++++++-------------------
+ 1 file changed, 29 insertions(+), 19 deletions(-)
+
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -1504,24 +1504,6 @@ static int ipgre_fill_info(struct sk_buf
+       struct ip_tunnel_parm *p = &t->parms;
+       __be16 o_flags = p->o_flags;
+ 
+-      if (t->erspan_ver <= 2) {
+-              if (t->erspan_ver != 0 && !t->collect_md)
+-                      o_flags |= TUNNEL_KEY;
+-
+-              if (nla_put_u8(skb, IFLA_GRE_ERSPAN_VER, t->erspan_ver))
+-                      goto nla_put_failure;
+-
+-              if (t->erspan_ver == 1) {
+-                      if (nla_put_u32(skb, IFLA_GRE_ERSPAN_INDEX, t->index))
+-                              goto nla_put_failure;
+-              } else if (t->erspan_ver == 2) {
+-                      if (nla_put_u8(skb, IFLA_GRE_ERSPAN_DIR, t->dir))
+-                              goto nla_put_failure;
+-                      if (nla_put_u16(skb, IFLA_GRE_ERSPAN_HWID, t->hwid))
+-                              goto nla_put_failure;
+-              }
+-      }
+-
+       if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) ||
+           nla_put_be16(skb, IFLA_GRE_IFLAGS,
+                        gre_tnl_flags_to_gre_flags(p->i_flags)) ||
+@@ -1562,6 +1544,34 @@ nla_put_failure:
+       return -EMSGSIZE;
+ }
+ 
++static int erspan_fill_info(struct sk_buff *skb, const struct net_device *dev)
++{
++      struct ip_tunnel *t = netdev_priv(dev);
++
++      if (t->erspan_ver <= 2) {
++              if (t->erspan_ver != 0 && !t->collect_md)
++                      t->parms.o_flags |= TUNNEL_KEY;
++
++              if (nla_put_u8(skb, IFLA_GRE_ERSPAN_VER, t->erspan_ver))
++                      goto nla_put_failure;
++
++              if (t->erspan_ver == 1) {
++                      if (nla_put_u32(skb, IFLA_GRE_ERSPAN_INDEX, t->index))
++                              goto nla_put_failure;
++              } else if (t->erspan_ver == 2) {
++                      if (nla_put_u8(skb, IFLA_GRE_ERSPAN_DIR, t->dir))
++                              goto nla_put_failure;
++                      if (nla_put_u16(skb, IFLA_GRE_ERSPAN_HWID, t->hwid))
++                              goto nla_put_failure;
++              }
++      }
++
++      return ipgre_fill_info(skb, dev);
++
++nla_put_failure:
++      return -EMSGSIZE;
++}
++
+ static void erspan_setup(struct net_device *dev)
+ {
+       struct ip_tunnel *t = netdev_priv(dev);
+@@ -1640,7 +1650,7 @@ static struct rtnl_link_ops erspan_link_
+       .changelink     = erspan_changelink,
+       .dellink        = ip_tunnel_dellink,
+       .get_size       = ipgre_get_size,
+-      .fill_info      = ipgre_fill_info,
++      .fill_info      = erspan_fill_info,
+       .get_link_net   = ip_tunnel_get_link_net,
+ };
+ 

diff --git a/queue-5.4/series b/queue-5.4/series
index ec55fa9a1e8168ed8f7925235efcd29b2f2a4adf..292bf3bb5f799230d9d1ea6681b5a2054f81c97a 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -210,3 +210,6 @@ drm-i915-gt-reset-queue_priority_hint-on-parking.patch
 x86-alternative-don-t-call-text_poke-in-lazy-tlb-mode.patch
 bluetooth-btintel-fixe-build-regression.patch
 vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch
+erspan-check-ifla_gre_erspan_ver-is-set.patch
+ip_gre-do-not-report-erspan-version-on-gre-interface.patch
+firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch