--- /dev/null
+From 0872b2c0abc0e84ac82472959c8e14e35277549c Mon Sep 17 00:00:00 2001
+From: Yuanjun Gong <ruc_gongyuanjun@163.com>
+Date: Fri, 28 Jul 2023 01:03:18 +0800
+Subject: fbdev: mmp: fix value check in mmphw_probe()
+
+From: Yuanjun Gong <ruc_gongyuanjun@163.com>
+
+commit 0872b2c0abc0e84ac82472959c8e14e35277549c upstream.
+
+in mmphw_probe(), check the return value of clk_prepare_enable()
+and return the error code if clk_prepare_enable() returns an
+unexpected value.
+
+Fixes: d63028c38905 ("video: mmp display controller support")
+Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/mmp/hw/mmp_ctrl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/video/fbdev/mmp/hw/mmp_ctrl.c
++++ b/drivers/video/fbdev/mmp/hw/mmp_ctrl.c
+@@ -523,7 +523,9 @@ static int mmphw_probe(struct platform_d
+ ret = -ENOENT;
+ goto failed;
+ }
+- clk_prepare_enable(ctrl->clk);
++ ret = clk_prepare_enable(ctrl->clk);
++ if (ret)
++ goto failed;
+
+ /* init global regs */
+ ctrl_set_default(ctrl);
--- /dev/null
+From 4f3175979e62de3b929bfa54a0db4b87d36257a7 Mon Sep 17 00:00:00 2001
+From: Nathan Lynch <nathanl@linux.ibm.com>
+Date: Thu, 10 Aug 2023 22:37:55 -0500
+Subject: powerpc/rtas_flash: allow user copy to flash block cache objects
+
+From: Nathan Lynch <nathanl@linux.ibm.com>
+
+commit 4f3175979e62de3b929bfa54a0db4b87d36257a7 upstream.
+
+With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the
+/proc/powerpc/rtas/firmware_update interface to prepare a system
+firmware update yields a BUG():
+
+ kernel BUG at mm/usercopy.c:102!
+ Oops: Exception in kernel mode, sig: 5 [#1]
+ LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
+ Modules linked in:
+ CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2
+ Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries
+ NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000
+ REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.0-rc3+)
+ MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002242 XER: 0000000c
+ CFAR: c0000000001fbd34 IRQMASK: 0
+ [ ... GPRs omitted ... ]
+ NIP usercopy_abort+0xa0/0xb0
+ LR usercopy_abort+0x9c/0xb0
+ Call Trace:
+ usercopy_abort+0x9c/0xb0 (unreliable)
+ __check_heap_object+0x1b4/0x1d0
+ __check_object_size+0x2d0/0x380
+ rtas_flash_write+0xe4/0x250
+ proc_reg_write+0xfc/0x160
+ vfs_write+0xfc/0x4e0
+ ksys_write+0x90/0x160
+ system_call_exception+0x178/0x320
+ system_call_common+0x160/0x2c4
+
+The blocks of the firmware image are copied directly from user memory
+to objects allocated from flash_block_cache, so flash_block_cache must
+be created using kmem_cache_create_usercopy() to mark it safe for user
+access.
+
+Fixes: 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0")
+Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+[mpe: Trim and indent oops]
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://msgid.link/20230810-rtas-flash-vs-hardened-usercopy-v2-1-dcf63793a938@linux.ibm.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kernel/rtas_flash.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/powerpc/kernel/rtas_flash.c
++++ b/arch/powerpc/kernel/rtas_flash.c
+@@ -714,9 +714,9 @@ static int __init rtas_flash_init(void)
+ if (!rtas_validate_flash_data.buf)
+ return -ENOMEM;
+
+- flash_block_cache = kmem_cache_create("rtas_flash_cache",
+- RTAS_BLK_SIZE, RTAS_BLK_SIZE, 0,
+- NULL);
++ flash_block_cache = kmem_cache_create_usercopy("rtas_flash_cache",
++ RTAS_BLK_SIZE, RTAS_BLK_SIZE,
++ 0, 0, RTAS_BLK_SIZE, NULL);
+ if (!flash_block_cache) {
+ printk(KERN_ERR "%s: failed to create block cache\n",
+ __func__);
projects / thirdparty / kernel / stable-queue.git / commitdiff
