--- /dev/null
+From 8338b74a750c534c223e8943cc0ed0e198ece261 Mon Sep 17 00:00:00 2001
+From: Manank Patel <pmanank200502@gmail.com>
+Date: Tue, 18 Oct 2022 00:13:39 +0530
+Subject: ACPI: PCC: Fix unintentional integer overflow
+
+From: Manank Patel <pmanank200502@gmail.com>
+
+commit 8338b74a750c534c223e8943cc0ed0e198ece261 upstream.
+
+Fix an unintentional u32 overflow by changing PCC_CMD_WAIT_RETRIES_NUM
+to 500ULL.
+
+Fixes: 91cefefb6991 ("ACPI: PCC: replace wait_for_completion()")
+Signed-off-by: Manank Patel <pmanank200502@gmail.com>
+Acked-by: Sudeep Holla <sudeep.holla@arm.com>
+Acked-by: Huisong Li <lihuisong@huawei.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/acpi/acpi_pcc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/acpi/acpi_pcc.c b/drivers/acpi/acpi_pcc.c
+index ee4ce5ba1fb2..3e252be047b8 100644
+--- a/drivers/acpi/acpi_pcc.c
++++ b/drivers/acpi/acpi_pcc.c
+@@ -27,7 +27,7 @@
+ * Arbitrary retries in case the remote processor is slow to respond
+ * to PCC commands
+ */
+-#define PCC_CMD_WAIT_RETRIES_NUM 500
++#define PCC_CMD_WAIT_RETRIES_NUM 500ULL
+
+ struct pcc_data {
+ struct pcc_mbox_chan *pcc_chan;
+--
+2.38.1
+
--- /dev/null
+From 9d9effca9d7d7cf6341182a7c5cabcbd6fa28063 Mon Sep 17 00:00:00 2001
+From: Xin Long <lucien.xin@gmail.com>
+Date: Fri, 21 Oct 2022 10:22:47 -0400
+Subject: ethtool: eeprom: fix null-deref on genl_info in dump
+
+From: Xin Long <lucien.xin@gmail.com>
+
+commit 9d9effca9d7d7cf6341182a7c5cabcbd6fa28063 upstream.
+
+The similar fix as commit 46cdedf2a0fa ("ethtool: pse-pd: fix null-deref on
+genl_info in dump") is also needed for ethtool eeprom.
+
+Fixes: c781ff12a2f3 ("ethtool: Allow network drivers to dump arbitrary EEPROM data")
+Signed-off-by: Xin Long <lucien.xin@gmail.com>
+Link: https://lore.kernel.org/r/5575919a2efc74cd9ad64021880afc3805c54166.1666362167.git.lucien.xin@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ethtool/eeprom.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ethtool/eeprom.c
++++ b/net/ethtool/eeprom.c
+@@ -124,7 +124,7 @@ static int eeprom_prepare_data(const str
+ if (ret)
+ goto err_free;
+
+- ret = get_module_eeprom_by_page(dev, &page_data, info->extack);
++ ret = get_module_eeprom_by_page(dev, &page_data, info ? info->extack : NULL);
+ if (ret < 0)
+ goto err_ops;
+
--- /dev/null
+From e0ba1a39b8dfe4f005bebdd85daa89e7382e26b7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= <mirq-linux@rere.qmqm.pl>
+Date: Thu, 27 Oct 2022 02:06:16 +0200
+Subject: fbdev/core: Avoid uninitialized read in aperture_remove_conflicting_pci_device()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+
+commit e0ba1a39b8dfe4f005bebdd85daa89e7382e26b7 upstream.
+
+Return on error directly from the BAR-iterating loop instead of
+break+return.
+
+This is actually a cosmetic fix, since it would be highly unusual to
+have this called for a PCI device without any memory BARs.
+
+Fixes: 9d69ef183815 ("fbdev/core: Remove remove_conflicting_pci_framebuffers()")
+Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
+Link: https://patchwork.freedesktop.org/patch/msgid/e75323732bedc46d613d72ecb40f97e3bc75eea8.1666829073.git.mirq-linux@rere.qmqm.pl
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/aperture.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+--- a/drivers/video/aperture.c
++++ b/drivers/video/aperture.c
+@@ -351,12 +351,9 @@ int aperture_remove_conflicting_pci_devi
+ size = pci_resource_len(pdev, bar);
+ ret = aperture_remove_conflicting_devices(base, size, primary, name);
+ if (ret)
+- break;
++ return ret;
+ }
+
+- if (ret)
+- return ret;
+-
+ /*
+ * If a driver asked to unregister a platform device registered by
+ * sysfb, then can be assumed that this is a driver for a display
--- /dev/null
+From 444d8ad4916edec8a9fc684e841287db9b1e999f Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Mon, 19 Sep 2022 16:08:30 +0000
+Subject: net: ieee802154: fix error return code in dgram_bind()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit 444d8ad4916edec8a9fc684e841287db9b1e999f upstream.
+
+Fix to return error code -EINVAL from the error handling
+case instead of 0, as done elsewhere in this function.
+
+Fixes: 94160108a70c ("net/ieee802154: fix uninit value bug in dgram_sendmsg")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Link: https://lore.kernel.org/r/20220919160830.1436109-1-weiyongjun@huaweicloud.com
+Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ieee802154/socket.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/ieee802154/socket.c
++++ b/net/ieee802154/socket.c
+@@ -502,8 +502,10 @@ static int dgram_bind(struct sock *sk, s
+ if (err < 0)
+ goto out;
+
+- if (addr->family != AF_IEEE802154)
++ if (addr->family != AF_IEEE802154) {
++ err = -EINVAL;
+ goto out;
++ }
+
+ ieee802154_addr_from_sa(&haddr, &addr->addr);
+ dev = ieee802154_get_dev(sock_net(sk), &haddr);
--- /dev/null
+From 65722736c3baf29e02e964a09e85c9ef71c48e8d Mon Sep 17 00:00:00 2001
+From: Nicholas Piggin <npiggin@gmail.com>
+Date: Sat, 22 Oct 2022 15:22:07 +1000
+Subject: powerpc/64s/interrupt: Fix clear of PACA_IRQS_HARD_DIS when returning to soft-masked context
+
+From: Nicholas Piggin <npiggin@gmail.com>
+
+commit 65722736c3baf29e02e964a09e85c9ef71c48e8d upstream.
+
+Commit a4cb3651a1743 ("powerpc/64s/interrupt: Fix lost interrupts when
+returning to soft-masked context") fixed the problem of pending irqs
+being cleared when clearing the HARD_DIS bit, but then it didn't clear
+the bit at all. This change clears HARD_DIS without affecting other bits
+in the mask.
+
+When an interrupt hits in a soft-masked section that has MSR[EE]=1, it
+can hard disable and set PACA_IRQS_HARD_DIS, which must be cleared when
+returning to the EE=1 caller (unless it was set due to a MUST_HARD_MASK
+interrupt becoming pending). Failure to clear this leaves the
+returned-to context running with MSR[EE]=1 and PACA_IRQS_HARD_DIS, which
+confuses irq assertions and could be dangerous for code that might test
+the flag.
+
+This was observed in a hash MMU kernel where a kernel hash fault hits in
+a local_irqs_disabled region that has EE=1. The hash fault also runs
+with EE=1, then as it returns, a decrementer hits in the restart section
+and the irq restart code hard-masks which sets the PACA_IRQ_HARD_DIS
+flag, which is not clear when the original context is returned to.
+
+Reported-by: Sachin Sant <sachinp@linux.ibm.com>
+Fixes: a4cb3651a1743 ("powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context")
+Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+Tested-by: Sachin Sant <sachinp@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20221022052207.471328-1-npiggin@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kernel/interrupt_64.S | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+--- a/arch/powerpc/kernel/interrupt_64.S
++++ b/arch/powerpc/kernel/interrupt_64.S
+@@ -565,15 +565,24 @@ _ASM_NOKPROBE_SYMBOL(interrupt_return_\s
+ * Returning to soft-disabled context.
+ * Check if a MUST_HARD_MASK interrupt has become pending, in which
+ * case we need to disable MSR[EE] in the return context.
++ *
++ * The MSR[EE] check catches among other things the short incoherency
++ * in hard_irq_disable() between clearing MSR[EE] and setting
++ * PACA_IRQ_HARD_DIS.
+ */
+ ld r12,_MSR(r1)
+ andi. r10,r12,MSR_EE
+ beq .Lfast_kernel_interrupt_return_\srr\() // EE already disabled
+ lbz r11,PACAIRQHAPPENED(r13)
+ andi. r10,r11,PACA_IRQ_MUST_HARD_MASK
+- beq .Lfast_kernel_interrupt_return_\srr\() // No HARD_MASK pending
++ bne 1f // HARD_MASK is pending
++ // No HARD_MASK pending, clear possible HARD_DIS set by interrupt
++ andi. r11,r11,(~PACA_IRQ_HARD_DIS)@l
++ stb r11,PACAIRQHAPPENED(r13)
++ b .Lfast_kernel_interrupt_return_\srr\()
+
+- /* Must clear MSR_EE from _MSR */
++
++1: /* Must clear MSR_EE from _MSR */
+ #ifdef CONFIG_PPC_BOOK3S
+ li r10,0
+ /* Clear valid before changing _MSR */
s390-uaccess-add-missing-ex_table-entries-to-__clear_user.patch
s390-futex-add-missing-ex_table-entry-to-__futex_atomic_op.patch
s390-pci-add-missing-ex_table-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser.patch
+ethtool-eeprom-fix-null-deref-on-genl_info-in-dump.patch
+fbdev-core-avoid-uninitialized-read-in-aperture_remove_conflicting_pci_device.patch
+acpi-pcc-fix-unintentional-integer-overflow.patch
+powerpc-64s-interrupt-fix-clear-of-paca_irqs_hard_dis-when-returning-to-soft-masked-context.patch
+net-ieee802154-fix-error-return-code-in-dgram_bind.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
