--- /dev/null
+From 0e6491b559704da720f6da09dd0a52c4df44c514 Mon Sep 17 00:00:00 2001
+From: Bixuan Cui <cuibixuan@huawei.com>
+Date: Sat, 11 Sep 2021 08:55:57 +0800
+Subject: bpf: Add oversize check before call kvcalloc()
+
+From: Bixuan Cui <cuibixuan@huawei.com>
+
+commit 0e6491b559704da720f6da09dd0a52c4df44c514 upstream.
+
+Commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") add the
+oversize check. When the allocation is larger than what kmalloc() supports,
+the following warning triggered:
+
+WARNING: CPU: 0 PID: 8408 at mm/util.c:597 kvmalloc_node+0x108/0x110 mm/util.c:597
+Modules linked in:
+CPU: 0 PID: 8408 Comm: syz-executor221 Not tainted 5.14.0-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:kvmalloc_node+0x108/0x110 mm/util.c:597
+Call Trace:
+ kvmalloc include/linux/mm.h:806 [inline]
+ kvmalloc_array include/linux/mm.h:824 [inline]
+ kvcalloc include/linux/mm.h:829 [inline]
+ check_btf_line kernel/bpf/verifier.c:9925 [inline]
+ check_btf_info kernel/bpf/verifier.c:10049 [inline]
+ bpf_check+0xd634/0x150d0 kernel/bpf/verifier.c:13759
+ bpf_prog_load kernel/bpf/syscall.c:2301 [inline]
+ __sys_bpf+0x11181/0x126e0 kernel/bpf/syscall.c:4587
+ __do_sys_bpf kernel/bpf/syscall.c:4691 [inline]
+ __se_sys_bpf kernel/bpf/syscall.c:4689 [inline]
+ __x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:4689
+ do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+ do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Reported-by: syzbot+f3e749d4c662818ae439@syzkaller.appspotmail.com
+Signed-off-by: Bixuan Cui <cuibixuan@huawei.com>
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Acked-by: Yonghong Song <yhs@fb.com>
+Link: https://lore.kernel.org/bpf/20210911005557.45518-1-cuibixuan@huawei.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/bpf/verifier.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -10211,6 +10211,8 @@ static int propagate_liveness_reg(struct
+ /* Or if the read flag from REG is the same as PARENT_REG. */
+ parent_flag == flag)
+ return 0;
++ if (nr_linfo > INT_MAX / sizeof(struct bpf_line_info))
++ return -EINVAL;
+
+ err = mark_reg_read(env, reg, parent_reg, flag);
+ if (err)
--- /dev/null
+From 88a04049c08cd62e698bc1b1af2d09574b9e0aee Mon Sep 17 00:00:00 2001
+From: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
+Date: Thu, 23 Sep 2021 17:59:27 +0530
+Subject: HID: amd_sfh: Fix potential NULL pointer dereference - take 2
+
+From: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
+
+commit 88a04049c08cd62e698bc1b1af2d09574b9e0aee upstream.
+
+The cl_data field of a privdata must be allocated and updated before
+using in amd_sfh_hid_client_init() function.
+
+Hence handling NULL pointer cl_data accordingly.
+
+Fixes: d46ef750ed58 ("HID: amd_sfh: Fix potential NULL pointer dereference")
+Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 12 ++++--------
+ 1 file changed, 4 insertions(+), 8 deletions(-)
+
+--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c
+@@ -235,21 +235,17 @@ static int amd_mp2_pci_probe(struct pci_
+ return rc;
+ }
+
+- rc = amd_sfh_hid_client_init(privdata);
+- if (rc)
+- return rc;
+-
+ privdata->cl_data = devm_kzalloc(&pdev->dev, sizeof(struct amdtp_cl_data), GFP_KERNEL);
+ if (!privdata->cl_data)
+ return -ENOMEM;
+
+- rc = devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata);
++ mp2_select_ops(privdata);
++
++ rc = amd_sfh_hid_client_init(privdata);
+ if (rc)
+ return rc;
+
+- mp2_select_ops(privdata);
+-
+- return 0;
++ return devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata);
+ }
+
+ static const struct pci_device_id amd_mp2_pci_tbl[] = {
--- /dev/null
+From 7fab1c12bde926c5a8c7d5984c551d0854d7e0b3 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Sun, 3 Oct 2021 13:45:48 -0700
+Subject: objtool: print out the symbol type when complaining about it
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 7fab1c12bde926c5a8c7d5984c551d0854d7e0b3 upstream.
+
+The objtool warning that the kvm instruction emulation code triggered
+wasn't very useful:
+
+ arch/x86/kvm/emulate.o: warning: objtool: __ex_table+0x4: don't know how to handle reloc symbol type: kvm_fastop_exception
+
+in that it helpfully tells you which symbol name it had trouble figuring
+out the relocation for, but it doesn't actually say what the unknown
+symbol type was that triggered it all.
+
+In this case it was because of missing type information (type 0, aka
+STT_NOTYPE), but on the whole it really should just have printed that
+out as part of the message.
+
+Because if this warning triggers, that's very much the first thing you
+want to know - why did reloc2sec_off() return failure for that symbol?
+
+So rather than just saying you can't handle some type of symbol without
+saying what the type _was_, just print out the type number too.
+
+Fixes: 24ff65257375 ("objtool: Teach get_alt_entry() about more relocation types")
+Link: https://lore.kernel.org/lkml/CAHk-=wiZwq-0LknKhXN4M+T8jbxn_2i9mcKpO+OaBSSq_Eh7tg@mail.gmail.com/
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/objtool/special.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+--- a/tools/objtool/special.c
++++ b/tools/objtool/special.c
+@@ -110,8 +110,10 @@ static int get_alt_entry(struct elf *elf
+ return -1;
+ }
+ if (!reloc2sec_off(orig_reloc, &alt->orig_sec, &alt->orig_off)) {
+- WARN_FUNC("don't know how to handle reloc symbol type: %s",
+- sec, offset + entry->orig, orig_reloc->sym->name);
++ WARN_FUNC("don't know how to handle reloc symbol type %d: %s",
++ sec, offset + entry->orig,
++ orig_reloc->sym->type,
++ orig_reloc->sym->name);
+ return -1;
+ }
+
+@@ -132,8 +134,10 @@ static int get_alt_entry(struct elf *elf
+ return 1;
+
+ if (!reloc2sec_off(new_reloc, &alt->new_sec, &alt->new_off)) {
+- WARN_FUNC("don't know how to handle reloc symbol type: %s",
+- sec, offset + entry->new, new_reloc->sym->name);
++ WARN_FUNC("don't know how to handle reloc symbol type %d: %s",
++ sec, offset + entry->new,
++ new_reloc->sym->type,
++ new_reloc->sym->name);
+ return -1;
+ }
+
netfilter-conntrack-serialize-hash-resizes-and-cleanups.patch
netfilter-nf_tables-fix-oversized-kvmalloc-calls.patch
drivers-net-mhi-fix-error-path-in-mhi_net_newlink.patch
+bpf-add-oversize-check-before-call-kvcalloc.patch
+objtool-print-out-the-symbol-type-when-complaining-about-it.patch
+hid-amd_sfh-fix-potential-null-pointer-dereference-take-2.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
