Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.4/perf-x86-intel-uncore-fix-integer-overflow-on-23-bit.patch b/queue-5.4/perf-x86-intel-uncore-fix-integer-overflow-on-23-bit.patch
new file mode 100644 (file)
index 0000000..9b4fc05
--- /dev/null
+++ b/queue-5.4/perf-x86-intel-uncore-fix-integer-overflow-on-23-bit.patch
@@ -0,0 +1,49 @@
+From fef6f778189ece82612d747207dbffced032cc42 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Jul 2021 12:45:53 +0100
+Subject: perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a
+ u32
+
+From: Colin Ian King <colin.king@canonical.com>
+
+[ Upstream commit 0b3a8738b76fe2087f7bc2bd59f4c78504c79180 ]
+
+The u32 variable pci_dword is being masked with 0x1fffffff and then left
+shifted 23 places. The shift is a u32 operation,so a value of 0x200 or
+more in pci_dword will overflow the u32 and only the bottow 32 bits
+are assigned to addr. I don't believe this was the original intent.
+Fix this by casting pci_dword to a resource_size_t to ensure no
+overflow occurs.
+
+Note that the mask and 12 bit left shift operation does not need this
+because the mask SNR_IMC_MMIO_MEM0_MASK and shift is always a 32 bit
+value.
+
+Fixes: ee49532b38dd ("perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge")
+Addresses-Coverity: ("Unintentional integer overflow")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Reviewed-by: Kan Liang <kan.liang@linux.intel.com>
+Link: https://lore.kernel.org/r/20210706114553.28249-1-colin.king@canonical.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/events/intel/uncore_snbep.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c
+index 40751af62dd3..9096a1693942 100644
+--- a/arch/x86/events/intel/uncore_snbep.c
++++ b/arch/x86/events/intel/uncore_snbep.c
+@@ -4382,7 +4382,7 @@ static void snr_uncore_mmio_init_box(struct intel_uncore_box *box)
+               return;
+ 
+       pci_read_config_dword(pdev, SNR_IMC_MMIO_BASE_OFFSET, &pci_dword);
+-      addr = (pci_dword & SNR_IMC_MMIO_BASE_MASK) << 23;
++      addr = ((resource_size_t)pci_dword & SNR_IMC_MMIO_BASE_MASK) << 23;
+ 
+       pci_read_config_dword(pdev, SNR_IMC_MMIO_MEM0_OFFSET, &pci_dword);
+       addr |= (pci_dword & SNR_IMC_MMIO_MEM0_MASK) << 12;
+-- 
+2.30.2
+

diff --git a/queue-5.4/series b/queue-5.4/series
index 8ef92e361565c5cca1041e8f5e4d239a226633f5..cca3a9011d94f0d91ab564f26791328e2249ee4e 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -24,3 +24,4 @@ net-hns3-fix-duplicate-node-in-vlan-list.patch
 net-hns3-fix-get-wrong-pfc_en-when-query-pfc-configu.patch
 drm-i915-fix-syncmap-memory-leak.patch
 usb-gadget-u_audio-fix-race-condition-on-endpoint-st.patch
+perf-x86-intel-uncore-fix-integer-overflow-on-23-bit.patch