--- /dev/null
+From 40d8abf364bcab23bc715a9221a3c8623956257b Mon Sep 17 00:00:00 2001
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Tue, 22 Mar 2022 17:02:05 +0100
+Subject: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
+
+From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+
+commit 40d8abf364bcab23bc715a9221a3c8623956257b upstream.
+
+If the NumEntries field in the _CPC return package is less than 2, do
+not attempt to access the "Revision" element of that package, because
+it may not be present then.
+
+Fixes: 337aadff8e45 ("ACPI: Introduce CPU performance controls using CPPC")
+BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/
+Reported-by: kernel test robot <oliver.sang@intel.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Reviewed-by: Huang Rui <ray.huang@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/acpi/cppc_acpi.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/acpi/cppc_acpi.c
++++ b/drivers/acpi/cppc_acpi.c
+@@ -719,6 +719,11 @@ int acpi_cppc_processor_probe(struct acp
+ cpc_obj = &out_obj->package.elements[0];
+ if (cpc_obj->type == ACPI_TYPE_INTEGER) {
+ num_ent = cpc_obj->integer.value;
++ if (num_ent <= 1) {
++ pr_debug("Unexpected _CPC NumEntries value (%d) for CPU:%d\n",
++ num_ent, pr->id);
++ goto out_free;
++ }
+ } else {
+ pr_debug("Unexpected entry type(%d) for NumEntries\n",
+ cpc_obj->type);
--- /dev/null
+From c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8 Mon Sep 17 00:00:00 2001
+From: Pavel Begunkov <asml.silence@gmail.com>
+Date: Fri, 25 Mar 2022 16:36:31 +0000
+Subject: io_uring: fix memory leak of uid in files registration
+
+From: Pavel Begunkov <asml.silence@gmail.com>
+
+commit c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8 upstream.
+
+When there are no files for __io_sqe_files_scm() to process in the
+range, it'll free everything and return. However, it forgets to put uid.
+
+Fixes: 08a451739a9b5 ("io_uring: allow sparse fixed file sets")
+Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
+Link: https://lore.kernel.org/r/accee442376f33ce8aaebb099d04967533efde92.1648226048.git.asml.silence@gmail.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/io_uring.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -7350,6 +7350,7 @@ static int __io_sqe_files_scm(struct io_
+ fput(fpl->fp[i]);
+ } else {
+ kfree_skb(skb);
++ free_uid(fpl->user);
+ kfree(fpl);
+ }
+
--- /dev/null
+From ffebd90532728086007038986900426544e3df4e Mon Sep 17 00:00:00 2001
+From: Prashant Malani <pmalani@chromium.org>
+Date: Wed, 26 Jan 2022 19:02:20 +0000
+Subject: platform/chrome: cros_ec_typec: Check for EC device
+
+From: Prashant Malani <pmalani@chromium.org>
+
+commit ffebd90532728086007038986900426544e3df4e upstream.
+
+The Type C ACPI device on older Chromebooks is not generated correctly
+(since their EC firmware doesn't support the new commands required). In
+such cases, the crafted ACPI device doesn't have an EC parent, and it is
+therefore not useful (it shouldn't be generated in the first place since
+the EC firmware doesn't support any of the Type C commands).
+
+To handle devices which use these older firmware revisions, check for
+the parent EC device handle, and fail the probe if it's not found.
+
+Fixes: fdc6b21e2444 ("platform/chrome: Add Type C connector class driver")
+Reported-by: Alyssa Ross <hi@alyssa.is>
+Reviewed-by: Tzung-Bi Shih <tzungbi@google.com>
+Signed-off-by: Prashant Malani <pmalani@chromium.org>
+Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Reviewed-by: Alyssa Ross <hi@alyssa.is>
+Tested-by: Alyssa Ross <hi@alyssa.is>
+Link: https://lore.kernel.org/r/20220126190219.3095419-1-pmalani@chromium.org
+Signed-off-by: Benson Leung <bleung@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/platform/chrome/cros_ec_typec.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/platform/chrome/cros_ec_typec.c
++++ b/drivers/platform/chrome/cros_ec_typec.c
+@@ -712,7 +712,13 @@ static int cros_typec_probe(struct platf
+ return -ENOMEM;
+
+ typec->dev = dev;
++
+ typec->ec = dev_get_drvdata(pdev->dev.parent);
++ if (!typec->ec) {
++ dev_err(dev, "couldn't find parent EC device\n");
++ return -ENODEV;
++ }
++
+ platform_set_drvdata(pdev, typec);
+
+ ret = cros_typec_get_cmd_version(typec);
--- /dev/null
+From 60210a3d86dc57ce4a76a366e7841dda746a33f7 Mon Sep 17 00:00:00 2001
+From: Fangrui Song <maskray@google.com>
+Date: Mon, 21 Mar 2022 18:26:17 -0700
+Subject: riscv module: remove (NOLOAD)
+
+From: Fangrui Song <maskray@google.com>
+
+commit 60210a3d86dc57ce4a76a366e7841dda746a33f7 upstream.
+
+On ELF, (NOLOAD) sets the section type to SHT_NOBITS[1]. It is conceptually
+inappropriate for .plt, .got, and .got.plt sections which are always
+SHT_PROGBITS.
+
+In GNU ld, if PLT entries are needed, .plt will be SHT_PROGBITS anyway
+and (NOLOAD) will be essentially ignored. In ld.lld, since
+https://reviews.llvm.org/D118840 ("[ELF] Support (TYPE=<value>) to
+customize the output section type"), ld.lld will report a `section type
+mismatch` error (later changed to a warning). Just remove (NOLOAD) to
+fix the warning.
+
+[1] https://lld.llvm.org/ELF/linker_script.html As of today, "The
+section should be marked as not loadable" on
+https://sourceware.org/binutils/docs/ld/Output-Section-Type.html is
+outdated for ELF.
+
+Link: https://github.com/ClangBuiltLinux/linux/issues/1597
+Fixes: ab1ef68e5401 ("RISC-V: Add sections of PLT and GOT for kernel module")
+Reported-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Fangrui Song <maskray@google.com>
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/include/asm/module.lds.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/riscv/include/asm/module.lds.h
++++ b/arch/riscv/include/asm/module.lds.h
+@@ -2,8 +2,8 @@
+ /* Copyright (C) 2017 Andes Technology Corporation */
+ #ifdef CONFIG_MODULE_SECTIONS
+ SECTIONS {
+- .plt (NOLOAD) : { BYTE(0) }
+- .got (NOLOAD) : { BYTE(0) }
+- .got.plt (NOLOAD) : { BYTE(0) }
++ .plt : { BYTE(0) }
++ .got : { BYTE(0) }
++ .got.plt : { BYTE(0) }
+ }
+ #endif
asoc-mediatek-mt6358-add-missing-export_symbols.patch
ubi-fix-race-condition-between-ctrl_cdev_ioctl-and-ubi_cdev_ioctl.patch
arm-iop32x-offset-irq-numbers-by-1.patch
+io_uring-fix-memory-leak-of-uid-in-files-registration.patch
+riscv-module-remove-noload.patch
+acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch
+platform-chrome-cros_ec_typec-check-for-ec-device.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
