From: Greg Kroah-Hartman Date: Wed, 7 Jun 2023 12:32:08 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.14.317~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=098779bb76c31993a53aa7571c8608a073f3d844;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch fbcon-fix-null-ptr-deref-in-soft_cursor.patch selinux-don-t-use-make-s-grouped-targets-feature-yet.patch --- diff --git a/queue-4.14/ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch b/queue-4.14/ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch new file mode 100644 index 00000000000..e6c2c4a3bab --- /dev/null +++ b/queue-4.14/ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch @@ -0,0 +1,57 @@ +From aff3bea95388299eec63440389b4545c8041b357 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Tue, 23 May 2023 23:49:51 -0400 +Subject: ext4: add lockdep annotations for i_data_sem for ea_inode's + +From: Theodore Ts'o + +commit aff3bea95388299eec63440389b4545c8041b357 upstream. + +Treat i_data_sem for ea_inodes as being in their own lockdep class to +avoid lockdep complaints about ext4_setattr's use of inode_lock() on +normal inodes potentially causing lock ordering with i_data_sem on +ea_inodes in ext4_xattr_inode_write(). However, ea_inodes will be +operated on by ext4_setattr(), so this isn't a problem. + +Cc: stable@kernel.org +Link: https://syzkaller.appspot.com/bug?extid=298c5d8fb4a128bc27b0 +Reported-by: syzbot+298c5d8fb4a128bc27b0@syzkaller.appspotmail.com +Signed-off-by: Theodore Ts'o +Link: https://lore.kernel.org/r/20230524034951.779531-5-tytso@mit.edu +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/ext4.h | 2 ++ + fs/ext4/xattr.c | 4 ++++ + 2 files changed, 6 insertions(+) + +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -947,11 +947,13 @@ do { \ + * where the second inode has larger inode number + * than the first + * I_DATA_SEM_QUOTA - Used for quota inodes only ++ * I_DATA_SEM_EA - Used for ea_inodes only + */ + enum { + I_DATA_SEM_NORMAL = 0, + I_DATA_SEM_OTHER, + I_DATA_SEM_QUOTA, ++ I_DATA_SEM_EA + }; + + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -120,7 +120,11 @@ ext4_expand_inode_array(struct ext4_xatt + #ifdef CONFIG_LOCKDEP + void ext4_xattr_inode_set_class(struct inode *ea_inode) + { ++ struct ext4_inode_info *ei = EXT4_I(ea_inode); ++ + lockdep_set_subclass(&ea_inode->i_rwsem, 1); ++ (void) ei; /* shut up clang warning if !CONFIG_LOCKDEP */ ++ lockdep_set_subclass(&ei->i_data_sem, I_DATA_SEM_EA); + } + #endif + diff --git a/queue-4.14/fbcon-fix-null-ptr-deref-in-soft_cursor.patch b/queue-4.14/fbcon-fix-null-ptr-deref-in-soft_cursor.patch new file mode 100644 index 00000000000..546e8a614bc --- /dev/null +++ b/queue-4.14/fbcon-fix-null-ptr-deref-in-soft_cursor.patch @@ -0,0 +1,58 @@ +From d78bd6cc68276bd57f766f7cb98bfe32c23ab327 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 27 May 2023 08:41:09 +0200 +Subject: fbcon: Fix null-ptr-deref in soft_cursor + +From: Helge Deller + +commit d78bd6cc68276bd57f766f7cb98bfe32c23ab327 upstream. + +syzbot repored this bug in the softcursor code: + +BUG: KASAN: null-ptr-deref in soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70 +Read of size 16 at addr 0000000000000200 by task kworker/u4:1/12 + +CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.4.0-rc3-syzkaller-geb0f1697d729 #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 +Workqueue: events_power_efficient fb_flashcursor +Call trace: + dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233 + show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240 + __dump_stack lib/dump_stack.c:88 [inline] + dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 + print_report+0xe4/0x514 mm/kasan/report.c:465 + kasan_report+0xd4/0x130 mm/kasan/report.c:572 + kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187 + __asan_memcpy+0x3c/0x84 mm/kasan/shadow.c:105 + soft_cursor+0x384/0x6b4 drivers/video/fbdev/core/softcursor.c:70 + bit_cursor+0x113c/0x1a64 drivers/video/fbdev/core/bitblit.c:377 + fb_flashcursor+0x35c/0x54c drivers/video/fbdev/core/fbcon.c:380 + process_one_work+0x788/0x12d4 kernel/workqueue.c:2405 + worker_thread+0x8e0/0xfe8 kernel/workqueue.c:2552 + kthread+0x288/0x310 kernel/kthread.c:379 + ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:853 + +This fix let bit_cursor() bail out early when a font bitmap +isn't available yet. + +Signed-off-by: Helge Deller +Reported-by: syzbot+d910bd780e6efac35869@syzkaller.appspotmail.com +Acked-by: Sam Ravnborg +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/video/fbdev/core/bitblit.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/video/fbdev/core/bitblit.c ++++ b/drivers/video/fbdev/core/bitblit.c +@@ -247,6 +247,9 @@ static void bit_cursor(struct vc_data *v + + cursor.set = 0; + ++ if (!vc->vc_font.data) ++ return; ++ + c = scr_readw((u16 *) vc->vc_pos); + attribute = get_attribute(info, c); + src = vc->vc_font.data + ((c & charmask) * (w * vc->vc_font.height)); diff --git a/queue-4.14/selinux-don-t-use-make-s-grouped-targets-feature-yet.patch b/queue-4.14/selinux-don-t-use-make-s-grouped-targets-feature-yet.patch new file mode 100644 index 00000000000..f435f6b18cc --- /dev/null +++ b/queue-4.14/selinux-don-t-use-make-s-grouped-targets-feature-yet.patch @@ -0,0 +1,42 @@ +From 42c4e97e06a839b07d834f640a10911ad84ec8b3 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Thu, 1 Jun 2023 10:21:21 -0400 +Subject: selinux: don't use make's grouped targets feature yet + +From: Paul Moore + +commit 42c4e97e06a839b07d834f640a10911ad84ec8b3 upstream. + +The Linux Kernel currently only requires make v3.82 while the grouped +target functionality requires make v4.3. Removed the grouped target +introduced in 4ce1f694eb5d ("selinux: ensure av_permissions.h is +built when needed") as well as the multiple header file targets in +the make rule. This effectively reverts the problem commit. + +We will revisit this change when make >= 4.3 is required by the rest +of the kernel. + +Cc: stable@vger.kernel.org +Fixes: 4ce1f694eb5d ("selinux: ensure av_permissions.h is built when needed") +Reported-by: Erwan Velu +Reported-by: Luiz Capitulino +Tested-by: Luiz Capitulino +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + security/selinux/Makefile | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/security/selinux/Makefile ++++ b/security/selinux/Makefile +@@ -22,5 +22,9 @@ quiet_cmd_flask = GEN $(obj)/flask.h + cmd_flask = $< $(obj)/flask.h $(obj)/av_permissions.h + + targets += flask.h av_permissions.h +-$(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/genheaders/genheaders FORCE ++# once make >= 4.3 is required, we can use grouped targets in the rule below, ++# which basically involves adding both headers and a '&' before the colon, see ++# the example below: ++# $(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/... ++$(obj)/flask.h: scripts/selinux/genheaders/genheaders FORCE + $(call if_changed,flask) diff --git a/queue-4.14/series b/queue-4.14/series index 31dd0cd1ba8..30a9d9d7fd6 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -49,3 +49,6 @@ wifi-rtlwifi-remove-always-true-condition-pointed-out-by-gcc-12.patch regulator-da905-2-5-remove-unnecessary-array-check.patch mmc-vub300-fix-invalid-response-handling.patch tty-serial-fsl_lpuart-use-uartctrl_txinv-to-send-break-instead-of-uartctrl_sbk.patch +selinux-don-t-use-make-s-grouped-targets-feature-yet.patch +ext4-add-lockdep-annotations-for-i_data_sem-for-ea_inode-s.patch +fbcon-fix-null-ptr-deref-in-soft_cursor.patch