--- /dev/null
+From 65a01e601dbba8b7a51a2677811f70f783766682 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sat, 25 Jun 2022 12:56:49 +0200
+Subject: fbcon: Disallow setting font bigger than screen size
+
+From: Helge Deller <deller@gmx.de>
+
+commit 65a01e601dbba8b7a51a2677811f70f783766682 upstream.
+
+Prevent that users set a font size which is bigger than the physical screen.
+It's unlikely this may happen (because screens are usually much larger than the
+fonts and each font char is limited to 32x32 pixels), but it may happen on
+smaller screens/LCD displays.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Cc: stable@vger.kernel.org # v4.14+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/core/fbcon.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/video/fbdev/core/fbcon.c
++++ b/drivers/video/fbdev/core/fbcon.c
+@@ -2468,6 +2468,11 @@ static int fbcon_set_font(struct vc_data
+ if (charcount != 256 && charcount != 512)
+ return -EINVAL;
+
++ /* font bigger than screen resolution ? */
++ if (w > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) ||
++ h > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres))
++ return -EINVAL;
++
+ /* Make sure drawing engine can handle the font */
+ if (!(info->pixmap.blit_x & (1 << (font->width - 1))) ||
+ !(info->pixmap.blit_y & (1 << (font->height - 1))))
--- /dev/null
+From 316f92a705a4c2bf4712135180d56f3cca09243a Mon Sep 17 00:00:00 2001
+From: Yian Chen <yian.chen@intel.com>
+Date: Fri, 20 May 2022 17:21:15 -0700
+Subject: iommu/vt-d: Fix PCI bus rescan device hot add
+
+From: Yian Chen <yian.chen@intel.com>
+
+commit 316f92a705a4c2bf4712135180d56f3cca09243a upstream.
+
+Notifier calling chain uses priority to determine the execution
+order of the notifiers or listeners registered to the chain.
+PCI bus device hot add utilizes the notification mechanism.
+
+The current code sets low priority (INT_MIN) to Intel
+dmar_pci_bus_notifier and postpones DMAR decoding after adding
+new device into IOMMU. The result is that struct device pointer
+cannot be found in DRHD search for the new device's DMAR/IOMMU.
+Subsequently, the device is put under the "catch-all" IOMMU
+instead of the correct one. This could cause system hang when
+device TLB invalidation is sent to the wrong IOMMU. Invalidation
+timeout error and hard lockup have been observed and data
+inconsistency/crush may occur as well.
+
+This patch fixes the issue by setting a positive priority(1) for
+dmar_pci_bus_notifier while the priority of IOMMU bus notifier
+uses the default value(0), therefore DMAR decoding will be in
+advance of DRHD search for a new device to find the correct IOMMU.
+
+Following is a 2-step example that triggers the bug by simulating
+PCI device hot add behavior in Intel Sapphire Rapids server.
+
+echo 1 > /sys/bus/pci/devices/0000:6a:01.0/remove
+echo 1 > /sys/bus/pci/rescan
+
+Fixes: 59ce0515cdaf ("iommu/vt-d: Update DRHD/RMRR/ATSR device scope")
+Cc: stable@vger.kernel.org # v3.15+
+Reported-by: Zhang, Bernice <bernice.zhang@intel.com>
+Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
+Signed-off-by: Yian Chen <yian.chen@intel.com>
+Link: https://lore.kernel.org/r/20220521002115.1624069-1-yian.chen@intel.com
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iommu/dmar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -374,7 +374,7 @@ static int dmar_pci_bus_notifier(struct
+
+ static struct notifier_block dmar_pci_bus_nb = {
+ .notifier_call = dmar_pci_bus_notifier,
+- .priority = INT_MIN,
++ .priority = 1,
+ };
+
+ static struct dmar_drhd_unit *
can-gs_usb-gs_usb_open-close-fix-memory-leak.patch
usbnet-fix-memory-leak-in-error-case.patch
net-rose-fix-uaf-bug-caused-by-rose_t0timer_expiry.patch
+iommu-vt-d-fix-pci-bus-rescan-device-hot-add.patch
+fbcon-disallow-setting-font-bigger-than-screen-size.patch
+video-of_display_timing.h-include-errno.h.patch
--- /dev/null
+From 3663a2fb325b8782524f3edb0ae32d6faa615109 Mon Sep 17 00:00:00 2001
+From: Hsin-Yi Wang <hsinyi@chromium.org>
+Date: Fri, 1 Jul 2022 01:33:29 +0800
+Subject: video: of_display_timing.h: include errno.h
+
+From: Hsin-Yi Wang <hsinyi@chromium.org>
+
+commit 3663a2fb325b8782524f3edb0ae32d6faa615109 upstream.
+
+If CONFIG_OF is not enabled, default of_get_display_timing() returns an
+errno, so include the header.
+
+Fixes: 422b67e0b31a ("videomode: provide dummy inline functions for !CONFIG_OF")
+Suggested-by: Stephen Boyd <swboyd@chromium.org>
+Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
+Reviewed-by: Stephen Boyd <swboyd@chromium.org>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/video/of_display_timing.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/include/video/of_display_timing.h
++++ b/include/video/of_display_timing.h
+@@ -9,6 +9,8 @@
+ #ifndef __LINUX_OF_DISPLAY_TIMING_H
+ #define __LINUX_OF_DISPLAY_TIMING_H
+
++#include <linux/errno.h>
++
+ struct device_node;
+ struct display_timing;
+ struct display_timings;
projects / thirdparty / kernel / stable-queue.git / commitdiff
