4.14-stable patches

added patches:
	ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch
	fbcon-fix-null-ptr-deref-in-soft_cursor.patch
	selinux-don-t-use-make-s-grouped-targets-feature-yet.patch

diff --git a/queue-4.14/ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch b/queue-4.14/ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch
new file mode 100644 (file)
index 0000000..e6c2c4a
--- /dev/null
+++ b/queue-4.14/ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch
@@ -0,0 +1,57 @@
+From aff3bea95388299eec63440389b4545c8041b357 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Tue, 23 May 2023 23:49:51 -0400
+Subject: ext4: add lockdep annotations for i_data_sem for ea_inode's
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit aff3bea95388299eec63440389b4545c8041b357 upstream.
+
+Treat i_data_sem for ea_inodes as being in their own lockdep class to
+avoid lockdep complaints about ext4_setattr's use of inode_lock() on
+normal inodes potentially causing lock ordering with i_data_sem on
+ea_inodes in ext4_xattr_inode_write().  However, ea_inodes will be
+operated on by ext4_setattr(), so this isn't a problem.
+
+Cc: stable@kernel.org
+Link: https://syzkaller.appspot.com/bug?extid=298c5d8fb4a128bc27b0
+Reported-by: syzbot+298c5d8fb4a128bc27b0@syzkaller.appspotmail.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Link: https://lore.kernel.org/r/20230524034951.779531-5-tytso@mit.edu
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/ext4.h  |    2 ++
+ fs/ext4/xattr.c |    4 ++++
+ 2 files changed, 6 insertions(+)
+
+--- a/fs/ext4/ext4.h
++++ b/fs/ext4/ext4.h
+@@ -947,11 +947,13 @@ do {                                                                            \
+  *                      where the second inode has larger inode number
+  *                      than the first
+  *  I_DATA_SEM_QUOTA  - Used for quota inodes only
++ *  I_DATA_SEM_EA     - Used for ea_inodes only
+  */
+ enum {
+       I_DATA_SEM_NORMAL = 0,
+       I_DATA_SEM_OTHER,
+       I_DATA_SEM_QUOTA,
++      I_DATA_SEM_EA
+ };
+ 
+ 
+--- a/fs/ext4/xattr.c
++++ b/fs/ext4/xattr.c
+@@ -120,7 +120,11 @@ ext4_expand_inode_array(struct ext4_xatt
+ #ifdef CONFIG_LOCKDEP
+ void ext4_xattr_inode_set_class(struct inode *ea_inode)
+ {
++      struct ext4_inode_info *ei = EXT4_I(ea_inode);
++
+       lockdep_set_subclass(&ea_inode->i_rwsem, 1);
++      (void) ei;      /* shut up clang warning if !CONFIG_LOCKDEP */
++      lockdep_set_subclass(&ei->i_data_sem, I_DATA_SEM_EA);
+ }
+ #endif
+ 

diff --git a/queue-4.14/fbcon-fix-null-ptr-deref-in-soft_cursor.patch b/queue-4.14/fbcon-fix-null-ptr-deref-in-soft_cursor.patch
new file mode 100644 (file)
index 0000000..546e8a6
--- /dev/null
+++ b/queue-4.14/fbcon-fix-null-ptr-deref-in-soft_cursor.patch
@@ -0,0 +1,58 @@
+From d78bd6cc68276bd57f766f7cb98bfe32c23ab327 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sat, 27 May 2023 08:41:09 +0200
+Subject: fbcon: Fix null-ptr-deref in soft_cursor
+
+From: Helge Deller <deller@gmx.de>
+
+commit d78bd6cc68276bd57f766f7cb98bfe32c23ab327 upstream.
+
+syzbot repored this bug in the softcursor code:
+
+BUG: KASAN: null-ptr-deref in soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
+Read of size 16 at addr 0000000000000200 by task kworker/u4:1/12
+
+CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.4.0-rc3-syzkaller-geb0f1697d729 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
+Workqueue: events_power_efficient fb_flashcursor
+Call trace:
+ dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
+ show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
+ print_report+0xe4/0x514 mm/kasan/report.c:465
+ kasan_report+0xd4/0x130 mm/kasan/report.c:572
+ kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187
+ __asan_memcpy+0x3c/0x84 mm/kasan/shadow.c:105
+ soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70
+ bit_cursor+0x113c/0x1a64 drivers/video/fbdev/core/bitblit.c:377
+ fb_flashcursor+0x35c/0x54c drivers/video/fbdev/core/fbcon.c:380
+ process_one_work+0x788/0x12d4 kernel/workqueue.c:2405
+ worker_thread+0x8e0/0xfe8 kernel/workqueue.c:2552
+ kthread+0x288/0x310 kernel/kthread.c:379
+ ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:853
+
+This fix let bit_cursor() bail out early when a font bitmap
+isn't available yet.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Reported-by: syzbot+d910bd780e6efac35869@syzkaller.appspotmail.com
+Acked-by: Sam Ravnborg <sam@ravnborg.org>
+Cc: stable@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/core/bitblit.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/video/fbdev/core/bitblit.c
++++ b/drivers/video/fbdev/core/bitblit.c
+@@ -247,6 +247,9 @@ static void bit_cursor(struct vc_data *v
+ 
+       cursor.set = 0;
+ 
++      if (!vc->vc_font.data)
++              return;
++
+       c = scr_readw((u16 *) vc->vc_pos);
+       attribute = get_attribute(info, c);
+       src = vc->vc_font.data + ((c & charmask) * (w * vc->vc_font.height));

diff --git a/queue-4.14/selinux-don-t-use-make-s-grouped-targets-feature-yet.patch b/queue-4.14/selinux-don-t-use-make-s-grouped-targets-feature-yet.patch
new file mode 100644 (file)
index 0000000..f435f6b
--- /dev/null
+++ b/queue-4.14/selinux-don-t-use-make-s-grouped-targets-feature-yet.patch
@@ -0,0 +1,42 @@
+From 42c4e97e06a839b07d834f640a10911ad84ec8b3 Mon Sep 17 00:00:00 2001
+From: Paul Moore <paul@paul-moore.com>
+Date: Thu, 1 Jun 2023 10:21:21 -0400
+Subject: selinux: don't use make's grouped targets feature yet
+
+From: Paul Moore <paul@paul-moore.com>
+
+commit 42c4e97e06a839b07d834f640a10911ad84ec8b3 upstream.
+
+The Linux Kernel currently only requires make v3.82 while the grouped
+target functionality requires make v4.3.  Removed the grouped target
+introduced in 4ce1f694eb5d ("selinux: ensure av_permissions.h is
+built when needed") as well as the multiple header file targets in
+the make rule.  This effectively reverts the problem commit.
+
+We will revisit this change when make >= 4.3 is required by the rest
+of the kernel.
+
+Cc: stable@vger.kernel.org
+Fixes: 4ce1f694eb5d ("selinux: ensure av_permissions.h is built when needed")
+Reported-by: Erwan Velu <e.velu@criteo.com>
+Reported-by: Luiz Capitulino <luizcap@amazon.com>
+Tested-by: Luiz Capitulino <luizcap@amazon.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ security/selinux/Makefile |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/security/selinux/Makefile
++++ b/security/selinux/Makefile
+@@ -22,5 +22,9 @@ quiet_cmd_flask = GEN     $(obj)/flask.h
+       cmd_flask = $< $(obj)/flask.h $(obj)/av_permissions.h
+ 
+ targets += flask.h av_permissions.h
+-$(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/genheaders/genheaders FORCE
++# once make >= 4.3 is required, we can use grouped targets in the rule below,
++# which basically involves adding both headers and a '&' before the colon, see
++# the example below:
++#   $(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/...
++$(obj)/flask.h: scripts/selinux/genheaders/genheaders FORCE
+       $(call if_changed,flask)

diff --git a/queue-4.14/series b/queue-4.14/series
index 31dd0cd1ba8a04fa5680a89fadee736476decb99..30a9d9d7fd6396729dfef2ee642e3e8ff5987429 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -49,3 +49,6 @@ wifi-rtlwifi-remove-always-true-condition-pointed-out-by-gcc-12.patch
 regulator-da905-2-5-remove-unnecessary-array-check.patch
 mmc-vub300-fix-invalid-response-handling.patch
 tty-serial-fsl_lpuart-use-uartctrl_txinv-to-send-break-instead-of-uartctrl_sbk.patch
+selinux-don-t-use-make-s-grouped-targets-feature-yet.patch
+ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch
+fbcon-fix-null-ptr-deref-in-soft_cursor.patch