--- /dev/null
+From 0efa3334d65b7f421ba12382dfa58f6ff5bf83c4 Mon Sep 17 00:00:00 2001
+From: Ross Zwisler <zwisler@chromium.org>
+Date: Mon, 29 Apr 2019 12:25:17 -0600
+Subject: ASoC: Intel: avoid Oops if DMA setup fails
+
+From: Ross Zwisler <zwisler@chromium.org>
+
+commit 0efa3334d65b7f421ba12382dfa58f6ff5bf83c4 upstream.
+
+Currently in sst_dsp_new() if we get an error return from sst_dma_new()
+we just print an error message and then still complete the function
+successfully. This means that we are trying to run without sst->dma
+properly set up, which will result in NULL pointer dereference when
+sst->dma is later used. This was happening for me in
+sst_dsp_dma_get_channel():
+
+ struct sst_dma *dma = dsp->dma;
+ ...
+ dma->ch = dma_request_channel(mask, dma_chan_filter, dsp);
+
+This resulted in:
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
+ IP: sst_dsp_dma_get_channel+0x4f/0x125 [snd_soc_sst_firmware]
+
+Fix this by adding proper error handling for the case where we fail to
+set up DMA.
+
+This change only affects Haswell and Broadwell systems. Baytrail
+systems explicilty opt-out of DMA via sst->pdata->resindex_dma_base
+being set to -1.
+
+Signed-off-by: Ross Zwisler <zwisler@google.com>
+Cc: stable@vger.kernel.org
+Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/intel/common/sst-dsp.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/sound/soc/intel/common/sst-dsp.c
++++ b/sound/soc/intel/common/sst-dsp.c
+@@ -463,11 +463,15 @@ struct sst_dsp *sst_dsp_new(struct devic
+ goto irq_err;
+
+ err = sst_dma_new(sst);
+- if (err)
+- dev_warn(dev, "sst_dma_new failed %d\n", err);
++ if (err) {
++ dev_err(dev, "sst_dma_new failed %d\n", err);
++ goto dma_err;
++ }
+
+ return sst;
+
++dma_err:
++ free_irq(sst->irq, sst);
+ irq_err:
+ if (sst->ops->free)
+ sst->ops->free(sst);
--- /dev/null
+From ben@decadent.org.uk Thu May 9 19:42:50 2019
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 7 May 2019 20:04:04 +0100
+Subject: timer/debug: Change /proc/timer_stats from 0644 to 0600
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin <sashal@kernel.org>
+Cc: stable@vger.kernel.org
+Message-ID: <20190507190404.ub43rr4iuvqfkbsq@decadent.org.uk>
+Content-Disposition: inline
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+The timer_stats facility should filter and translate PIDs if opened
+from a non-initial PID namespace, to avoid leaking information about
+the wider system. It should also not show kernel virtual addresses.
+Unfortunately it has now been removed upstream (as redundant)
+instead of being fixed.
+
+For stable, fix the leak by restricting access to root only. A
+similar change was already made for the /proc/timer_list file.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/timer_stats.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/time/timer_stats.c
++++ b/kernel/time/timer_stats.c
+@@ -417,7 +417,7 @@ static int __init init_tstats_procfs(voi
+ {
+ struct proc_dir_entry *pe;
+
+- pe = proc_create("timer_stats", 0644, NULL, &tstats_fops);
++ pe = proc_create("timer_stats", 0600, NULL, &tstats_fops);
+ if (!pe)
+ return -ENOMEM;
+ return 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
