4.14-stable patches

added patches:
	cifs-fix-dfs-traversal-oops-without-config_cifs_dfs_upcall.patch
	input-focaltech-use-explicitly-signed-char-type.patch

diff --git a/queue-4.14/cifs-fix-dfs-traversal-oops-without-config_cifs_dfs_upcall.patch b/queue-4.14/cifs-fix-dfs-traversal-oops-without-config_cifs_dfs_upcall.patch
new file mode 100644 (file)
index 0000000..d9a2f8e
--- /dev/null
+++ b/queue-4.14/cifs-fix-dfs-traversal-oops-without-config_cifs_dfs_upcall.patch
@@ -0,0 +1,62 @@
+From 179a88a8558bbf42991d361595281f3e45d7edfc Mon Sep 17 00:00:00 2001
+From: David Disseldorp <ddiss@suse.de>
+Date: Wed, 29 Mar 2023 22:24:06 +0200
+Subject: cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
+
+From: David Disseldorp <ddiss@suse.de>
+
+commit 179a88a8558bbf42991d361595281f3e45d7edfc upstream.
+
+When compiled with CONFIG_CIFS_DFS_UPCALL disabled, cifs_dfs_d_automount
+is NULL. cifs.ko logic for mapping CIFS_FATTR_DFS_REFERRAL attributes to
+S_AUTOMOUNT and corresponding dentry flags is retained regardless of
+CONFIG_CIFS_DFS_UPCALL, leading to a NULL pointer dereference in
+VFS follow_automount() when traversing a DFS referral link:
+  BUG: kernel NULL pointer dereference, address: 0000000000000000
+  ...
+  Call Trace:
+   <TASK>
+   __traverse_mounts+0xb5/0x220
+   ? cifs_revalidate_mapping+0x65/0xc0 [cifs]
+   step_into+0x195/0x610
+   ? lookup_fast+0xe2/0xf0
+   path_lookupat+0x64/0x140
+   filename_lookup+0xc2/0x140
+   ? __create_object+0x299/0x380
+   ? kmem_cache_alloc+0x119/0x220
+   ? user_path_at_empty+0x31/0x50
+   user_path_at_empty+0x31/0x50
+   __x64_sys_chdir+0x2a/0xd0
+   ? exit_to_user_mode_prepare+0xca/0x100
+   do_syscall_64+0x42/0x90
+   entry_SYSCALL_64_after_hwframe+0x72/0xdc
+
+This fix adds an inline cifs_dfs_d_automount() {return -EREMOTE} handler
+when CONFIG_CIFS_DFS_UPCALL is disabled. An alternative would be to
+avoid flagging S_AUTOMOUNT, etc. without CONFIG_CIFS_DFS_UPCALL. This
+approach was chosen as it provides more control over the error path.
+
+Signed-off-by: David Disseldorp <ddiss@suse.de>
+Cc: stable@vger.kernel.org
+Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
+Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/cifsfs.h |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/cifs/cifsfs.h
++++ b/fs/cifs/cifsfs.h
+@@ -122,7 +122,10 @@ extern const struct dentry_operations ci
+ #ifdef CONFIG_CIFS_DFS_UPCALL
+ extern struct vfsmount *cifs_dfs_d_automount(struct path *path);
+ #else
+-#define cifs_dfs_d_automount NULL
++static inline struct vfsmount *cifs_dfs_d_automount(struct path *path)
++{
++      return ERR_PTR(-EREMOTE);
++}
+ #endif
+ 
+ /* Functions related to symlinks */

diff --git a/queue-4.14/input-focaltech-use-explicitly-signed-char-type.patch b/queue-4.14/input-focaltech-use-explicitly-signed-char-type.patch
new file mode 100644 (file)
index 0000000..46d2298
--- /dev/null
+++ b/queue-4.14/input-focaltech-use-explicitly-signed-char-type.patch
@@ -0,0 +1,50 @@
+From 8980f190947ba29f23110408e712444884b74251 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Sun, 19 Mar 2023 21:36:36 -0700
+Subject: Input: focaltech - use explicitly signed char type
+
+From: Jason A. Donenfeld <Jason@zx2c4.com>
+
+commit 8980f190947ba29f23110408e712444884b74251 upstream.
+
+The recent change of -funsigned-char causes additions of negative
+numbers to become additions of large positive numbers, leading to wrong
+calculations of mouse movement. Change these casts to be explicitly
+signed, to take into account negative offsets.
+
+Fixes: 3bc753c06dd0 ("kbuild: treat char as always unsigned")
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Reviewed-by: Hans de Goede <hdegoede@redhat.com>
+Cc: stable@vger.kernel.org
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=217211
+Link: https://lore.kernel.org/r/20230318133010.1285202-1-Jason@zx2c4.com
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/mouse/focaltech.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/input/mouse/focaltech.c
++++ b/drivers/input/mouse/focaltech.c
+@@ -206,8 +206,8 @@ static void focaltech_process_rel_packet
+       state->pressed = packet[0] >> 7;
+       finger1 = ((packet[0] >> 4) & 0x7) - 1;
+       if (finger1 < FOC_MAX_FINGERS) {
+-              state->fingers[finger1].x += (char)packet[1];
+-              state->fingers[finger1].y += (char)packet[2];
++              state->fingers[finger1].x += (s8)packet[1];
++              state->fingers[finger1].y += (s8)packet[2];
+       } else {
+               psmouse_err(psmouse, "First finger in rel packet invalid: %d\n",
+                           finger1);
+@@ -222,8 +222,8 @@ static void focaltech_process_rel_packet
+        */
+       finger2 = ((packet[3] >> 4) & 0x7) - 1;
+       if (finger2 < FOC_MAX_FINGERS) {
+-              state->fingers[finger2].x += (char)packet[4];
+-              state->fingers[finger2].y += (char)packet[5];
++              state->fingers[finger2].x += (s8)packet[4];
++              state->fingers[finger2].y += (s8)packet[5];
+       }
+ }
+ 

diff --git a/queue-4.14/series b/queue-4.14/series
index f332a386d94be518218339f6b9ad1741c3c85274..b18ae78fe465597830e94a316525fe4c12ee5830 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -52,3 +52,5 @@ fbdev-au1200fb-fix-potential-divide-by-zero.patch
 scsi-megaraid_sas-fix-crash-after-a-double-completio.patch
 can-bcm-bcm_tx_setup-fix-kmsan-uninit-value-in-vfs_w.patch
 i40e-fix-registers-dump-after-run-ethtool-adapter-se.patch
+input-focaltech-use-explicitly-signed-char-type.patch
+cifs-fix-dfs-traversal-oops-without-config_cifs_dfs_upcall.patch