]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.14-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 20 Mar 2023 12:03:32 +0000 (13:03 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 20 Mar 2023 12:03:32 +0000 (13:03 +0100)
added patches:
fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch

queue-4.14/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch [new file with mode: 0644]
queue-4.14/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch [new file with mode: 0644]
queue-4.14/series

diff --git a/queue-4.14/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch b/queue-4.14/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
new file mode 100644 (file)
index 0000000..18f21fb
--- /dev/null
@@ -0,0 +1,77 @@
+From 203873a535d627c668f293be0cb73e26c30f9cc7 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Thu, 16 Mar 2023 11:38:19 +0100
+Subject: fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
+
+From: Helge Deller <deller@gmx.de>
+
+commit 203873a535d627c668f293be0cb73e26c30f9cc7 upstream.
+
+Find a valid modeline depending on the machine graphic card
+configuration and add the fb_check_var() function to validate
+Xorg provided graphics settings.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/stifb.c |   27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+--- a/drivers/video/fbdev/stifb.c
++++ b/drivers/video/fbdev/stifb.c
+@@ -922,6 +922,28 @@ SETUP_HCRX(struct stifb_info *fb)
+ /* ------------------- driver specific functions --------------------------- */
+ static int
++stifb_check_var(struct fb_var_screeninfo *var, struct fb_info *info)
++{
++      struct stifb_info *fb = container_of(info, struct stifb_info, info);
++
++      if (var->xres != fb->info.var.xres ||
++          var->yres != fb->info.var.yres ||
++          var->bits_per_pixel != fb->info.var.bits_per_pixel)
++              return -EINVAL;
++
++      var->xres_virtual = var->xres;
++      var->yres_virtual = var->yres;
++      var->xoffset = 0;
++      var->yoffset = 0;
++      var->grayscale = fb->info.var.grayscale;
++      var->red.length = fb->info.var.red.length;
++      var->green.length = fb->info.var.green.length;
++      var->blue.length = fb->info.var.blue.length;
++
++      return 0;
++}
++
++static int
+ stifb_setcolreg(u_int regno, u_int red, u_int green,
+             u_int blue, u_int transp, struct fb_info *info)
+ {
+@@ -1103,6 +1125,7 @@ stifb_init_display(struct stifb_info *fb
+ static struct fb_ops stifb_ops = {
+       .owner          = THIS_MODULE,
++      .fb_check_var   = stifb_check_var,
+       .fb_setcolreg   = stifb_setcolreg,
+       .fb_blank       = stifb_blank,
+       .fb_fillrect    = cfb_fillrect,
+@@ -1122,6 +1145,7 @@ static int __init stifb_init_fb(struct s
+       struct stifb_info *fb;
+       struct fb_info *info;
+       unsigned long sti_rom_address;
++      char modestr[32];
+       char *dev_name;
+       int bpp, xres, yres;
+@@ -1302,6 +1326,9 @@ static int __init stifb_init_fb(struct s
+       info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_COPYAREA;
+       info->pseudo_palette = &fb->pseudo_palette;
++      scnprintf(modestr, sizeof(modestr), "%dx%d-%d", xres, yres, bpp);
++      fb_find_mode(&info->var, info, modestr, NULL, 0, NULL, bpp);
++
+       /* This has to be done !!! */
+       if (fb_alloc_cmap(&info->cmap, NR_PALETTE, 0))
+               goto out_err1;
diff --git a/queue-4.14/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch b/queue-4.14/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
new file mode 100644 (file)
index 0000000..0606c49
--- /dev/null
@@ -0,0 +1,54 @@
+From ee92fa443358f4fc0017c1d0d325c27b37802504 Mon Sep 17 00:00:00 2001
+From: Chen Zhongjin <chenzhongjin@huawei.com>
+Date: Thu, 9 Mar 2023 16:02:30 +0800
+Subject: ftrace: Fix invalid address access in lookup_rec() when index is 0
+
+From: Chen Zhongjin <chenzhongjin@huawei.com>
+
+commit ee92fa443358f4fc0017c1d0d325c27b37802504 upstream.
+
+KASAN reported follow problem:
+
+ BUG: KASAN: use-after-free in lookup_rec
+ Read of size 8 at addr ffff000199270ff0 by task modprobe
+ CPU: 2 Comm: modprobe
+ Call trace:
+  kasan_report
+  __asan_load8
+  lookup_rec
+  ftrace_location
+  arch_check_ftrace_location
+  check_kprobe_address_safe
+  register_kprobe
+
+When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a
+pg which is newly added to ftrace_pages_start in ftrace_process_locs().
+Before the first pg->index++, index is 0 and accessing pg->records[-1].ip
+will cause this problem.
+
+Don't check the ip when pg->index is 0.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20230309080230.36064-1-chenzhongjin@huawei.com
+
+Cc: stable@vger.kernel.org
+Fixes: 9644302e3315 ("ftrace: Speed up search by skipping pages by address")
+Suggested-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/ftrace.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/kernel/trace/ftrace.c
++++ b/kernel/trace/ftrace.c
+@@ -1646,7 +1646,8 @@ unsigned long ftrace_location_range(unsi
+       key.flags = end;        /* overload flags, as it is unsigned long */
+       for (pg = ftrace_pages_start; pg; pg = pg->next) {
+-              if (end < pg->records[0].ip ||
++              if (pg->index == 0 ||
++                  end < pg->records[0].ip ||
+                   start >= (pg->records[pg->index - 1].ip + MCOUNT_INSN_SIZE))
+                       continue;
+               rec = bsearch(&key, pg->records, pg->index,
index d0704a7e6948d5e35b8c616e2e8e99fac310d104..737e5a32e7d18b49a28abd43456b67dd15dfc215 100644 (file)
@@ -22,3 +22,5 @@ rust-arch-um-disable-fp-simd-instruction-to-match-x8.patch
 ext4-fail-ext4_iget-if-special-inode-unallocated.patch
 ext4-fix-task-hung-in-ext4_xattr_delete_inode.patch
 sh-intc-avoid-spurious-sizeof-pointer-div-warning.patch
+ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
+fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch