]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
5.4-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 20 Mar 2023 12:03:56 +0000 (13:03 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 20 Mar 2023 12:03:56 +0000 (13:03 +0100)
added patches:
fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch

queue-5.4/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch [new file with mode: 0644]
queue-5.4/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch [new file with mode: 0644]
queue-5.4/series
queue-5.4/x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch [new file with mode: 0644]

diff --git a/queue-5.4/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch b/queue-5.4/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
new file mode 100644 (file)
index 0000000..b029471
--- /dev/null
@@ -0,0 +1,77 @@
+From 203873a535d627c668f293be0cb73e26c30f9cc7 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Thu, 16 Mar 2023 11:38:19 +0100
+Subject: fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
+
+From: Helge Deller <deller@gmx.de>
+
+commit 203873a535d627c668f293be0cb73e26c30f9cc7 upstream.
+
+Find a valid modeline depending on the machine graphic card
+configuration and add the fb_check_var() function to validate
+Xorg provided graphics settings.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/stifb.c |   27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+--- a/drivers/video/fbdev/stifb.c
++++ b/drivers/video/fbdev/stifb.c
+@@ -922,6 +922,28 @@ SETUP_HCRX(struct stifb_info *fb)
+ /* ------------------- driver specific functions --------------------------- */
+ static int
++stifb_check_var(struct fb_var_screeninfo *var, struct fb_info *info)
++{
++      struct stifb_info *fb = container_of(info, struct stifb_info, info);
++
++      if (var->xres != fb->info.var.xres ||
++          var->yres != fb->info.var.yres ||
++          var->bits_per_pixel != fb->info.var.bits_per_pixel)
++              return -EINVAL;
++
++      var->xres_virtual = var->xres;
++      var->yres_virtual = var->yres;
++      var->xoffset = 0;
++      var->yoffset = 0;
++      var->grayscale = fb->info.var.grayscale;
++      var->red.length = fb->info.var.red.length;
++      var->green.length = fb->info.var.green.length;
++      var->blue.length = fb->info.var.blue.length;
++
++      return 0;
++}
++
++static int
+ stifb_setcolreg(u_int regno, u_int red, u_int green,
+             u_int blue, u_int transp, struct fb_info *info)
+ {
+@@ -1103,6 +1125,7 @@ stifb_init_display(struct stifb_info *fb
+ static struct fb_ops stifb_ops = {
+       .owner          = THIS_MODULE,
++      .fb_check_var   = stifb_check_var,
+       .fb_setcolreg   = stifb_setcolreg,
+       .fb_blank       = stifb_blank,
+       .fb_fillrect    = cfb_fillrect,
+@@ -1122,6 +1145,7 @@ static int __init stifb_init_fb(struct s
+       struct stifb_info *fb;
+       struct fb_info *info;
+       unsigned long sti_rom_address;
++      char modestr[32];
+       char *dev_name;
+       int bpp, xres, yres;
+@@ -1300,6 +1324,9 @@ static int __init stifb_init_fb(struct s
+       info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_COPYAREA;
+       info->pseudo_palette = &fb->pseudo_palette;
++      scnprintf(modestr, sizeof(modestr), "%dx%d-%d", xres, yres, bpp);
++      fb_find_mode(&info->var, info, modestr, NULL, 0, NULL, bpp);
++
+       /* This has to be done !!! */
+       if (fb_alloc_cmap(&info->cmap, NR_PALETTE, 0))
+               goto out_err1;
diff --git a/queue-5.4/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch b/queue-5.4/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
new file mode 100644 (file)
index 0000000..f7c4a38
--- /dev/null
@@ -0,0 +1,54 @@
+From ee92fa443358f4fc0017c1d0d325c27b37802504 Mon Sep 17 00:00:00 2001
+From: Chen Zhongjin <chenzhongjin@huawei.com>
+Date: Thu, 9 Mar 2023 16:02:30 +0800
+Subject: ftrace: Fix invalid address access in lookup_rec() when index is 0
+
+From: Chen Zhongjin <chenzhongjin@huawei.com>
+
+commit ee92fa443358f4fc0017c1d0d325c27b37802504 upstream.
+
+KASAN reported follow problem:
+
+ BUG: KASAN: use-after-free in lookup_rec
+ Read of size 8 at addr ffff000199270ff0 by task modprobe
+ CPU: 2 Comm: modprobe
+ Call trace:
+  kasan_report
+  __asan_load8
+  lookup_rec
+  ftrace_location
+  arch_check_ftrace_location
+  check_kprobe_address_safe
+  register_kprobe
+
+When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a
+pg which is newly added to ftrace_pages_start in ftrace_process_locs().
+Before the first pg->index++, index is 0 and accessing pg->records[-1].ip
+will cause this problem.
+
+Don't check the ip when pg->index is 0.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20230309080230.36064-1-chenzhongjin@huawei.com
+
+Cc: stable@vger.kernel.org
+Fixes: 9644302e3315 ("ftrace: Speed up search by skipping pages by address")
+Suggested-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/ftrace.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/kernel/trace/ftrace.c
++++ b/kernel/trace/ftrace.c
+@@ -1557,7 +1557,8 @@ unsigned long ftrace_location_range(unsi
+       key.flags = end;        /* overload flags, as it is unsigned long */
+       for (pg = ftrace_pages_start; pg; pg = pg->next) {
+-              if (end < pg->records[0].ip ||
++              if (pg->index == 0 ||
++                  end < pg->records[0].ip ||
+                   start >= (pg->records[pg->index - 1].ip + MCOUNT_INSN_SIZE))
+                       continue;
+               rec = bsearch(&key, pg->records, pg->index,
index 9eb2e66ec0caa2b8c6a3a88fc6862e5211f85c22..3cc78600be231a5c379f399c57515887b5e218de 100644 (file)
@@ -47,3 +47,6 @@ interconnect-fix-mem-leak-when-freeing-nodes.patch
 tracing-check-field-value-in-hist_field_name.patch
 tracing-make-tracepoint-lockdep-check-actually-test-something.patch
 kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch
+ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
+fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
+x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch
diff --git a/queue-5.4/x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch b/queue-5.4/x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch
new file mode 100644 (file)
index 0000000..cb3cb4f
--- /dev/null
@@ -0,0 +1,40 @@
+From cbebd68f59f03633469f3ecf9bea99cd6cce3854 Mon Sep 17 00:00:00 2001
+From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+Date: Mon, 6 Mar 2023 08:06:56 -0800
+Subject: x86/mm: Fix use of uninitialized buffer in sme_enable()
+
+From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+
+commit cbebd68f59f03633469f3ecf9bea99cd6cce3854 upstream.
+
+cmdline_find_option() may fail before doing any initialization of
+the buffer array. This may lead to unpredictable results when the same
+buffer is used later in calls to strncmp() function.  Fix the issue by
+returning early if cmdline_find_option() returns an error.
+
+Found by Linux Verification Center (linuxtesting.org) with static
+analysis tool SVACE.
+
+Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption")
+Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: <stable@kernel.org>
+Link: https://lore.kernel.org/r/20230306160656.14844-1-n.zhandarovich@fintech.ru
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/mm/mem_encrypt_identity.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/mm/mem_encrypt_identity.c
++++ b/arch/x86/mm/mem_encrypt_identity.c
+@@ -579,7 +579,8 @@ void __init sme_enable(struct boot_param
+       cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
+                                    ((u64)bp->ext_cmd_line_ptr << 32));
+-      cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer));
++      if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
++              return;
+       if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
+               sme_me_mask = me_mask;