]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
5.10-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 23 Sep 2021 08:07:09 +0000 (10:07 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 23 Sep 2021 08:07:09 +0000 (10:07 +0200)
added patches:
arm-qualify-enabling-of-swiotlb_init.patch
console-consume-apc-dm-dcs.patch
s390-pci_mmio-fully-validate-the-vma-before-calling-follow_pte.patch

queue-5.10/arm-qualify-enabling-of-swiotlb_init.patch [new file with mode: 0644]
queue-5.10/console-consume-apc-dm-dcs.patch [new file with mode: 0644]
queue-5.10/s390-pci_mmio-fully-validate-the-vma-before-calling-follow_pte.patch [new file with mode: 0644]
queue-5.10/series

diff --git a/queue-5.10/arm-qualify-enabling-of-swiotlb_init.patch b/queue-5.10/arm-qualify-enabling-of-swiotlb_init.patch
new file mode 100644 (file)
index 0000000..bc7beaf
--- /dev/null
@@ -0,0 +1,36 @@
+From fcf044891c84e38fc90eb736b818781bccf94e38 Mon Sep 17 00:00:00 2001
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Thu, 18 Mar 2021 21:03:33 -0700
+Subject: ARM: Qualify enabling of swiotlb_init()
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+commit fcf044891c84e38fc90eb736b818781bccf94e38 upstream.
+
+We do not need a SWIOTLB unless we have DRAM that is addressable beyond
+the arm_dma_limit. Compare max_pfn with arm_dma_pfn_limit to determine
+whether we do need a SWIOTLB to be initialized.
+
+Fixes: ad3c7b18c5b3 ("arm: use swiotlb for bounce buffering on LPAE configs")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/mm/init.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/arch/arm/mm/init.c
++++ b/arch/arm/mm/init.c
+@@ -378,7 +378,11 @@ static void __init free_highpages(void)
+ void __init mem_init(void)
+ {
+ #ifdef CONFIG_ARM_LPAE
+-      swiotlb_init(1);
++      if (swiotlb_force == SWIOTLB_FORCE ||
++          max_pfn > arm_dma_pfn_limit)
++              swiotlb_init(1);
++      else
++              swiotlb_force = SWIOTLB_NO_FORCE;
+ #endif
+       set_max_mapnr(pfn_to_page(max_pfn) - mem_map);
diff --git a/queue-5.10/console-consume-apc-dm-dcs.patch b/queue-5.10/console-consume-apc-dm-dcs.patch
new file mode 100644 (file)
index 0000000..e0880c5
--- /dev/null
@@ -0,0 +1,137 @@
+From 3a2b2eb55681158d3e3ef464fbf47574cf0c517c Mon Sep 17 00:00:00 2001
+From: nick black <dankamongmen@gmail.com>
+Date: Mon, 30 Aug 2021 04:56:15 -0400
+Subject: console: consume APC, DM, DCS
+
+From: nick black <dankamongmen@gmail.com>
+
+commit 3a2b2eb55681158d3e3ef464fbf47574cf0c517c upstream.
+
+The Linux console's VT102 implementation already consumes OSC
+("Operating System Command") sequences, probably because that's how
+palette changes are transmitted.
+
+In addition to OSC, there are three other major clases of ANSI control
+strings: APC ("Application Program Command"), PM ("Privacy Message"),
+and DCS ("Device Control String").  They are handled similarly to OSC in
+terms of termination.
+
+Source: vt100.net
+
+Add three new enumerated states, one for each of these types.  All three
+are handled the same way right now--they simply consume input until
+terminated.  I hope to expand upon this firmament in the future.  Add
+new predicate ansi_control_string(), returning true for any of these
+states.  Replace explicit checks against ESosc with calls to this
+function.  Transition to these states appropriately from the escape
+initiation (ESesc) state.
+
+This was motivated by the following Notcurses bugs:
+
+ https://github.com/dankamongmen/notcurses/issues/2050
+ https://github.com/dankamongmen/notcurses/issues/1828
+ https://github.com/dankamongmen/notcurses/issues/2069
+
+where standard VT sequences are not consumed by the Linux console.  It's
+not necessary that the Linux console *support* these sequences, but it
+ought *consume* these well-specified classes of sequences.
+
+Tested by sending a variety of escape sequences to the console, and
+verifying that they still worked, or were now properly consumed.
+Verified that the escapes were properly terminated at a generic level.
+Verified that the Notcurses tools continued to show expected output on
+the Linux console, except now without escape bleedthrough.
+
+Link: https://lore.kernel.org/lkml/YSydL0q8iaUfkphg@schwarzgerat.orthanc/
+Signed-off-by: nick black <dankamongmen@gmail.com>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Jiri Slaby <jirislaby@kernel.org>
+Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
+Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/vt/vt.c |   31 +++++++++++++++++++++++++++----
+ 1 file changed, 27 insertions(+), 4 deletions(-)
+
+--- a/drivers/tty/vt/vt.c
++++ b/drivers/tty/vt/vt.c
+@@ -2060,7 +2060,7 @@ static void restore_cur(struct vc_data *
+ enum { ESnormal, ESesc, ESsquare, ESgetpars, ESfunckey,
+       EShash, ESsetG0, ESsetG1, ESpercent, EScsiignore, ESnonstd,
+-      ESpalette, ESosc };
++      ESpalette, ESosc, ESapc, ESpm, ESdcs };
+ /* console_lock is held (except via vc_init()) */
+ static void reset_terminal(struct vc_data *vc, int do_clear)
+@@ -2134,20 +2134,28 @@ static void vc_setGx(struct vc_data *vc,
+               vc->vc_translate = set_translate(*charset, vc);
+ }
++/* is this state an ANSI control string? */
++static bool ansi_control_string(unsigned int state)
++{
++      if (state == ESosc || state == ESapc || state == ESpm || state == ESdcs)
++              return true;
++      return false;
++}
++
+ /* console_lock is held */
+ static void do_con_trol(struct tty_struct *tty, struct vc_data *vc, int c)
+ {
+       /*
+        *  Control characters can be used in the _middle_
+-       *  of an escape sequence.
++       *  of an escape sequence, aside from ANSI control strings.
+        */
+-      if (vc->vc_state == ESosc && c>=8 && c<=13) /* ... except for OSC */
++      if (ansi_control_string(vc->vc_state) && c >= 8 && c <= 13)
+               return;
+       switch (c) {
+       case 0:
+               return;
+       case 7:
+-              if (vc->vc_state == ESosc)
++              if (ansi_control_string(vc->vc_state))
+                       vc->vc_state = ESnormal;
+               else if (vc->vc_bell_duration)
+                       kd_mksound(vc->vc_bell_pitch, vc->vc_bell_duration);
+@@ -2208,6 +2216,12 @@ static void do_con_trol(struct tty_struc
+               case ']':
+                       vc->vc_state = ESnonstd;
+                       return;
++              case '_':
++                      vc->vc_state = ESapc;
++                      return;
++              case '^':
++                      vc->vc_state = ESpm;
++                      return;
+               case '%':
+                       vc->vc_state = ESpercent;
+                       return;
+@@ -2225,6 +2239,9 @@ static void do_con_trol(struct tty_struc
+                       if (vc->state.x < VC_TABSTOPS_COUNT)
+                               set_bit(vc->state.x, vc->vc_tab_stop);
+                       return;
++              case 'P':
++                      vc->vc_state = ESdcs;
++                      return;
+               case 'Z':
+                       respond_ID(tty);
+                       return;
+@@ -2521,8 +2538,14 @@ static void do_con_trol(struct tty_struc
+               vc_setGx(vc, 1, c);
+               vc->vc_state = ESnormal;
+               return;
++      case ESapc:
++              return;
+       case ESosc:
+               return;
++      case ESpm:
++              return;
++      case ESdcs:
++              return;
+       default:
+               vc->vc_state = ESnormal;
+       }
diff --git a/queue-5.10/s390-pci_mmio-fully-validate-the-vma-before-calling-follow_pte.patch b/queue-5.10/s390-pci_mmio-fully-validate-the-vma-before-calling-follow_pte.patch
new file mode 100644 (file)
index 0000000..9fee0a4
--- /dev/null
@@ -0,0 +1,39 @@
+From a8b92b8c1eac8d655a97b1e90f4d83c25d9b9a18 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Thu, 9 Sep 2021 16:59:42 +0200
+Subject: s390/pci_mmio: fully validate the VMA before calling follow_pte()
+
+From: David Hildenbrand <david@redhat.com>
+
+commit a8b92b8c1eac8d655a97b1e90f4d83c25d9b9a18 upstream.
+
+We should not walk/touch page tables outside of VMA boundaries when
+holding only the mmap sem in read mode. Evil user space can modify the
+VMA layout just before this function runs and e.g., trigger races with
+page table removal code since commit dd2283f2605e ("mm: mmap: zap pages
+with read mmap_sem in munmap").
+
+find_vma() does not check if the address is >= the VMA start address;
+use vma_lookup() instead.
+
+Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com>
+Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
+Fixes: dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap")
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/pci/pci_mmio.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/s390/pci/pci_mmio.c
++++ b/arch/s390/pci/pci_mmio.c
+@@ -128,7 +128,7 @@ static long get_pfn(unsigned long user_a
+       mmap_read_lock(current->mm);
+       ret = -EINVAL;
+       vma = find_vma(current->mm, user_addr);
+-      if (!vma)
++      if (!vma || user_addr < vma->vm_start)
+               goto out;
+       ret = -EACCES;
+       if (!(vma->vm_flags & access))
index 552a0c3d64bd06a0f3ceb644d2cb84b07e9eb6a9..c2e6b580f024f1ec1de441d061b50d15dce92ef1 100644 (file)
@@ -1,2 +1,5 @@
 pci-pci-bridge-emul-add-pcie-root-capabilities-register.patch
 pci-aardvark-fix-reporting-crs-value.patch
+console-consume-apc-dm-dcs.patch
+s390-pci_mmio-fully-validate-the-vma-before-calling-follow_pte.patch
+arm-qualify-enabling-of-swiotlb_init.patch