--- /dev/null
+From 203873a535d627c668f293be0cb73e26c30f9cc7 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Thu, 16 Mar 2023 11:38:19 +0100
+Subject: fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
+
+From: Helge Deller <deller@gmx.de>
+
+commit 203873a535d627c668f293be0cb73e26c30f9cc7 upstream.
+
+Find a valid modeline depending on the machine graphic card
+configuration and add the fb_check_var() function to validate
+Xorg provided graphics settings.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/stifb.c | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+--- a/drivers/video/fbdev/stifb.c
++++ b/drivers/video/fbdev/stifb.c
+@@ -922,6 +922,28 @@ SETUP_HCRX(struct stifb_info *fb)
+ /* ------------------- driver specific functions --------------------------- */
+
+ static int
++stifb_check_var(struct fb_var_screeninfo *var, struct fb_info *info)
++{
++ struct stifb_info *fb = container_of(info, struct stifb_info, info);
++
++ if (var->xres != fb->info.var.xres ||
++ var->yres != fb->info.var.yres ||
++ var->bits_per_pixel != fb->info.var.bits_per_pixel)
++ return -EINVAL;
++
++ var->xres_virtual = var->xres;
++ var->yres_virtual = var->yres;
++ var->xoffset = 0;
++ var->yoffset = 0;
++ var->grayscale = fb->info.var.grayscale;
++ var->red.length = fb->info.var.red.length;
++ var->green.length = fb->info.var.green.length;
++ var->blue.length = fb->info.var.blue.length;
++
++ return 0;
++}
++
++static int
+ stifb_setcolreg(u_int regno, u_int red, u_int green,
+ u_int blue, u_int transp, struct fb_info *info)
+ {
+@@ -1103,6 +1125,7 @@ stifb_init_display(struct stifb_info *fb
+
+ static struct fb_ops stifb_ops = {
+ .owner = THIS_MODULE,
++ .fb_check_var = stifb_check_var,
+ .fb_setcolreg = stifb_setcolreg,
+ .fb_blank = stifb_blank,
+ .fb_fillrect = cfb_fillrect,
+@@ -1122,6 +1145,7 @@ static int __init stifb_init_fb(struct s
+ struct stifb_info *fb;
+ struct fb_info *info;
+ unsigned long sti_rom_address;
++ char modestr[32];
+ char *dev_name;
+ int bpp, xres, yres;
+
+@@ -1300,6 +1324,9 @@ static int __init stifb_init_fb(struct s
+ info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_COPYAREA;
+ info->pseudo_palette = &fb->pseudo_palette;
+
++ scnprintf(modestr, sizeof(modestr), "%dx%d-%d", xres, yres, bpp);
++ fb_find_mode(&info->var, info, modestr, NULL, 0, NULL, bpp);
++
+ /* This has to be done !!! */
+ if (fb_alloc_cmap(&info->cmap, NR_PALETTE, 0))
+ goto out_err1;
--- /dev/null
+From ee92fa443358f4fc0017c1d0d325c27b37802504 Mon Sep 17 00:00:00 2001
+From: Chen Zhongjin <chenzhongjin@huawei.com>
+Date: Thu, 9 Mar 2023 16:02:30 +0800
+Subject: ftrace: Fix invalid address access in lookup_rec() when index is 0
+
+From: Chen Zhongjin <chenzhongjin@huawei.com>
+
+commit ee92fa443358f4fc0017c1d0d325c27b37802504 upstream.
+
+KASAN reported follow problem:
+
+ BUG: KASAN: use-after-free in lookup_rec
+ Read of size 8 at addr ffff000199270ff0 by task modprobe
+ CPU: 2 Comm: modprobe
+ Call trace:
+ kasan_report
+ __asan_load8
+ lookup_rec
+ ftrace_location
+ arch_check_ftrace_location
+ check_kprobe_address_safe
+ register_kprobe
+
+When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a
+pg which is newly added to ftrace_pages_start in ftrace_process_locs().
+Before the first pg->index++, index is 0 and accessing pg->records[-1].ip
+will cause this problem.
+
+Don't check the ip when pg->index is 0.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20230309080230.36064-1-chenzhongjin@huawei.com
+
+Cc: stable@vger.kernel.org
+Fixes: 9644302e3315 ("ftrace: Speed up search by skipping pages by address")
+Suggested-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/ftrace.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/kernel/trace/ftrace.c
++++ b/kernel/trace/ftrace.c
+@@ -1557,7 +1557,8 @@ unsigned long ftrace_location_range(unsi
+ key.flags = end; /* overload flags, as it is unsigned long */
+
+ for (pg = ftrace_pages_start; pg; pg = pg->next) {
+- if (end < pg->records[0].ip ||
++ if (pg->index == 0 ||
++ end < pg->records[0].ip ||
+ start >= (pg->records[pg->index - 1].ip + MCOUNT_INSN_SIZE))
+ continue;
+ rec = bsearch(&key, pg->records, pg->index,
tracing-check-field-value-in-hist_field_name.patch
tracing-make-tracepoint-lockdep-check-actually-test-something.patch
kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch
+ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
+fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
+x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch
--- /dev/null
+From cbebd68f59f03633469f3ecf9bea99cd6cce3854 Mon Sep 17 00:00:00 2001
+From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+Date: Mon, 6 Mar 2023 08:06:56 -0800
+Subject: x86/mm: Fix use of uninitialized buffer in sme_enable()
+
+From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+
+commit cbebd68f59f03633469f3ecf9bea99cd6cce3854 upstream.
+
+cmdline_find_option() may fail before doing any initialization of
+the buffer array. This may lead to unpredictable results when the same
+buffer is used later in calls to strncmp() function. Fix the issue by
+returning early if cmdline_find_option() returns an error.
+
+Found by Linux Verification Center (linuxtesting.org) with static
+analysis tool SVACE.
+
+Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption")
+Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: <stable@kernel.org>
+Link: https://lore.kernel.org/r/20230306160656.14844-1-n.zhandarovich@fintech.ru
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/mm/mem_encrypt_identity.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/mm/mem_encrypt_identity.c
++++ b/arch/x86/mm/mem_encrypt_identity.c
+@@ -579,7 +579,8 @@ void __init sme_enable(struct boot_param
+ cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
+ ((u64)bp->ext_cmd_line_ptr << 32));
+
+- cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer));
++ if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
++ return;
+
+ if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
+ sme_me_mask = me_mask;
projects / thirdparty / kernel / stable-queue.git / commitdiff
