--- /dev/null
+From foo@baz Mon Jun 20 12:08:03 PM CEST 2022
+From: Andy Chi <andy.chi@canonical.com>
+Date: Fri, 13 May 2022 20:16:45 +0800
+Subject: ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
+
+From: Andy Chi <andy.chi@canonical.com>
+
+commit 024a7ad9eb4df626ca8c77fef4f67fd0ebd559d2 upstream.
+
+The HP EliteBook 630 is using ALC236 codec which used 0x02 to control mute LED
+and 0x01 to control micmute LED. Therefore, add a quirk to make it works.
+
+Signed-off-by: Andy Chi <andy.chi@canonical.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20220513121648.28584-1-andy.chi@canonical.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+[sudip: adjust context]
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -8793,6 +8793,7 @@ static const struct snd_pci_quirk alc269
+ SND_PCI_QUIRK(0x103c, 0x8873, "HP ZBook Studio 15.6 Inch G8 Mobile Workstation PC", ALC285_FIXUP_HP_GPIO_AMP_INIT),
+ SND_PCI_QUIRK(0x103c, 0x888d, "HP ZBook Power 15.6 inch G8 Mobile Workstation PC", ALC236_FIXUP_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8896, "HP EliteBook 855 G8 Notebook PC", ALC285_FIXUP_HP_MUTE_LED),
++ SND_PCI_QUIRK(0x103c, 0x89aa, "HP EliteBook 630 G9", ALC236_FIXUP_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x1043, 0x103e, "ASUS X540SA", ALC256_FIXUP_ASUS_MIC),
+ SND_PCI_QUIRK(0x1043, 0x103f, "ASUS TX300", ALC282_FIXUP_ASUS_TX300),
+ SND_PCI_QUIRK(0x1043, 0x106d, "Asus K53BE", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
--- /dev/null
+From foo@baz Mon Jun 20 12:06:29 PM CEST 2022
+From: Ashish Kalra <ashish.kalra@amd.com>
+Date: Mon, 16 May 2022 15:43:10 +0000
+Subject: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak
+
+From: Ashish Kalra <ashish.kalra@amd.com>
+
+commit d22d2474e3953996f03528b84b7f52cc26a39403 upstream.
+
+For some sev ioctl interfaces, the length parameter that is passed maybe
+less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data
+that PSP firmware returns. In this case, kmalloc will allocate memory
+that is the size of the input rather than the size of the data.
+Since PSP firmware doesn't fully overwrite the allocated buffer, these
+sev ioctl interface may return uninitialized kernel slab memory.
+
+Reported-by: Andy Nguyen <theflow@google.com>
+Suggested-by: David Rientjes <rientjes@google.com>
+Suggested-by: Peter Gonda <pgonda@google.com>
+Cc: kvm@vger.kernel.org
+Cc: stable@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Fixes: eaf78265a4ab3 ("KVM: SVM: Move SEV code to separate file")
+Fixes: 2c07ded06427d ("KVM: SVM: add support for SEV attestation command")
+Fixes: 4cfdd47d6d95a ("KVM: SVM: Add KVM_SEV SEND_START command")
+Fixes: d3d1af85e2c75 ("KVM: SVM: Add KVM_SEND_UPDATE_DATA command")
+Fixes: eba04b20e4861 ("KVM: x86: Account a variety of miscellaneous allocations")
+Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
+Reviewed-by: Peter Gonda <pgonda@google.com>
+Message-Id: <20220516154310.3685678-1-Ashish.Kalra@amd.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[sudip: adjust context]
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/svm/sev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/svm/sev.c
++++ b/arch/x86/kvm/svm/sev.c
+@@ -537,7 +537,7 @@ static int sev_launch_measure(struct kvm
+ }
+
+ ret = -ENOMEM;
+- blob = kmalloc(params.len, GFP_KERNEL_ACCOUNT);
++ blob = kzalloc(params.len, GFP_KERNEL_ACCOUNT);
+ if (!blob)
+ goto e_free;
+
+@@ -676,7 +676,7 @@ static int __sev_dbg_decrypt_user(struct
+ if (!IS_ALIGNED(dst_paddr, 16) ||
+ !IS_ALIGNED(paddr, 16) ||
+ !IS_ALIGNED(size, 16)) {
+- tpage = (void *)alloc_page(GFP_KERNEL);
++ tpage = (void *)alloc_page(GFP_KERNEL | __GFP_ZERO);
+ if (!tpage)
+ return -ENOMEM;
+
--- /dev/null
+From foo@baz Mon Jun 20 12:06:29 PM CEST 2022
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 30 Mar 2021 19:30:25 -0700
+Subject: KVM: x86: Account a variety of miscellaneous allocations
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit eba04b20e4861d9bdbd8470a13c0c6e824521a36 upstream.
+
+Switch to GFP_KERNEL_ACCOUNT for a handful of allocations that are
+clearly associated with a single task/VM.
+
+Note, there are a several SEV allocations that aren't accounted, but
+those can (hopefully) be fixed by using the local stack for memory.
+
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Message-Id: <20210331023025.2485960-3-seanjc@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[sudip: adjust context]
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/svm/nested.c | 4 ++--
+ arch/x86/kvm/svm/sev.c | 2 +-
+ arch/x86/kvm/vmx/vmx.c | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/kvm/svm/nested.c
++++ b/arch/x86/kvm/svm/nested.c
+@@ -1198,8 +1198,8 @@ static int svm_set_nested_state(struct k
+ return -EINVAL;
+
+ ret = -ENOMEM;
+- ctl = kzalloc(sizeof(*ctl), GFP_KERNEL);
+- save = kzalloc(sizeof(*save), GFP_KERNEL);
++ ctl = kzalloc(sizeof(*ctl), GFP_KERNEL_ACCOUNT);
++ save = kzalloc(sizeof(*save), GFP_KERNEL_ACCOUNT);
+ if (!ctl || !save)
+ goto out_free;
+
+--- a/arch/x86/kvm/svm/sev.c
++++ b/arch/x86/kvm/svm/sev.c
+@@ -537,7 +537,7 @@ static int sev_launch_measure(struct kvm
+ }
+
+ ret = -ENOMEM;
+- blob = kmalloc(params.len, GFP_KERNEL);
++ blob = kmalloc(params.len, GFP_KERNEL_ACCOUNT);
+ if (!blob)
+ goto e_free;
+
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -619,7 +619,7 @@ static int hv_enable_direct_tlbflush(str
+ * evmcs in singe VM shares same assist page.
+ */
+ if (!*p_hv_pa_pg)
+- *p_hv_pa_pg = kzalloc(PAGE_SIZE, GFP_KERNEL);
++ *p_hv_pa_pg = kzalloc(PAGE_SIZE, GFP_KERNEL_ACCOUNT);
+
+ if (!*p_hv_pa_pg)
+ return -ENOMEM;
--- /dev/null
+From 787af64d05cd528aac9ad16752d11bb1c6061bb9 Mon Sep 17 00:00:00 2001
+From: Zi Yan <ziy@nvidia.com>
+Date: Wed, 30 Mar 2022 15:45:43 -0700
+Subject: mm: page_alloc: validate buddy before check its migratetype.
+
+From: Zi Yan <ziy@nvidia.com>
+
+commit 787af64d05cd528aac9ad16752d11bb1c6061bb9 upstream.
+
+Whenever a buddy page is found, page_is_buddy() should be called to
+check its validity. Add the missing check during pageblock merge check.
+
+Fixes: 1dd214b8f21c ("mm: page_alloc: avoid merging non-fallbackable pageblocks with others")
+Link: https://lore.kernel.org/all/20220330154208.71aca532@gandalf.local.home/
+Reported-and-tested-by: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Zi Yan <ziy@nvidia.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Fixes: d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks")
+Cc: stable@vger.kernel.org
+Reported-by: zjb194813@alibaba-inc.com
+Reported-by: tianhu.hh@alibaba-inc.com
+Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/page_alloc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -1049,6 +1049,9 @@ continue_merging:
+
+ buddy_pfn = __find_buddy_pfn(pfn, order);
+ buddy = page + (buddy_pfn - pfn);
++
++ if (!page_is_buddy(page, buddy, order))
++ goto done_merging;
+ buddy_mt = get_pageblock_migratetype(buddy);
+
+ if (migratetype != buddy_mt
ext4-make-variable-count-signed.patch
ext4-add-reserved-gdt-blocks-check.patch
kvm-arm64-don-t-read-a-hw-interrupt-pending-state-in-user-context.patch
+kvm-x86-account-a-variety-of-miscellaneous-allocations.patch
+kvm-svm-use-kzalloc-for-sev-ioctl-interfaces-to-prevent-kernel-data-leak.patch
+alsa-hda-realtek-fix-right-sounds-and-mute-micmute-leds-for-hp-machine.patch
+virtio-pci-remove-wrong-address-verification-in-vp_del_vqs.patch
+mm-page_alloc-validate-buddy-before-check-its-migratetype.patch
--- /dev/null
+From 7e415282b41bf0d15c6e0fe268f822d9b083f2f7 Mon Sep 17 00:00:00 2001
+From: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
+Date: Thu, 14 Apr 2022 23:30:02 -0300
+Subject: virtio-pci: Remove wrong address verification in vp_del_vqs()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
+
+commit 7e415282b41bf0d15c6e0fe268f822d9b083f2f7 upstream.
+
+GCC 12 enhanced -Waddress when comparing array address to null [0],
+which warns:
+
+ drivers/virtio/virtio_pci_common.c: In function ‘vp_del_vqs’:
+ drivers/virtio/virtio_pci_common.c:257:29: warning: the comparison will always evaluate as ‘true’ for the pointer operand in ‘vp_dev->msix_affinity_masks + (sizetype)((long unsigned int)i * 256)’ must not be NULL [-Waddress]
+ 257 | if (vp_dev->msix_affinity_masks[i])
+ | ^~~~~~
+
+In fact, the verification is comparing the result of a pointer
+arithmetic, the address "msix_affinity_masks + i", which will always
+evaluate to true.
+
+Under the hood, free_cpumask_var() calls kfree(), which is safe to pass
+NULL, not requiring non-null verification. So remove the verification
+to make compiler happy (happy compiler, happy life).
+
+[0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102103
+
+Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
+Message-Id: <20220415023002.49805-1-muriloo@linux.ibm.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Acked-by: Christophe de Dinechin <dinechin@redhat.com>
+Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/virtio/virtio_pci_common.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/virtio/virtio_pci_common.c
++++ b/drivers/virtio/virtio_pci_common.c
+@@ -254,8 +254,7 @@ void vp_del_vqs(struct virtio_device *vd
+
+ if (vp_dev->msix_affinity_masks) {
+ for (i = 0; i < vp_dev->msix_vectors; i++)
+- if (vp_dev->msix_affinity_masks[i])
+- free_cpumask_var(vp_dev->msix_affinity_masks[i]);
++ free_cpumask_var(vp_dev->msix_affinity_masks[i]);
+ }
+
+ if (vp_dev->msix_enabled) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
