From: Greg Kroah-Hartman Date: Sun, 3 Apr 2022 13:49:49 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v5.17.2~103 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1861ca67d4c1837a434be1d3ae5bd6de4ebee728;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch io_uring-fix-memory-leak-of-uid-in-files-registration.patch platform-chrome-cros_ec_typec-check-for-ec-device.patch riscv-module-remove-noload.patch --- diff --git a/queue-5.10/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch b/queue-5.10/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch new file mode 100644 index 00000000000..3985a57a00a --- /dev/null +++ b/queue-5.10/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch @@ -0,0 +1,37 @@ +From 40d8abf364bcab23bc715a9221a3c8623956257b Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Tue, 22 Mar 2022 17:02:05 +0100 +Subject: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data + +From: Rafael J. Wysocki + +commit 40d8abf364bcab23bc715a9221a3c8623956257b upstream. + +If the NumEntries field in the _CPC return package is less than 2, do +not attempt to access the "Revision" element of that package, because +it may not be present then. + +Fixes: 337aadff8e45 ("ACPI: Introduce CPU performance controls using CPPC") +BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/ +Reported-by: kernel test robot +Signed-off-by: Rafael J. Wysocki +Reviewed-by: Huang Rui +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/cppc_acpi.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/acpi/cppc_acpi.c ++++ b/drivers/acpi/cppc_acpi.c +@@ -719,6 +719,11 @@ int acpi_cppc_processor_probe(struct acp + cpc_obj = &out_obj->package.elements[0]; + if (cpc_obj->type == ACPI_TYPE_INTEGER) { + num_ent = cpc_obj->integer.value; ++ if (num_ent <= 1) { ++ pr_debug("Unexpected _CPC NumEntries value (%d) for CPU:%d\n", ++ num_ent, pr->id); ++ goto out_free; ++ } + } else { + pr_debug("Unexpected entry type(%d) for NumEntries\n", + cpc_obj->type); diff --git a/queue-5.10/io_uring-fix-memory-leak-of-uid-in-files-registration.patch b/queue-5.10/io_uring-fix-memory-leak-of-uid-in-files-registration.patch new file mode 100644 index 00000000000..8c9d0592a2b --- /dev/null +++ b/queue-5.10/io_uring-fix-memory-leak-of-uid-in-files-registration.patch @@ -0,0 +1,31 @@ +From c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Fri, 25 Mar 2022 16:36:31 +0000 +Subject: io_uring: fix memory leak of uid in files registration + +From: Pavel Begunkov + +commit c86d18f4aa93e0e66cda0e55827cd03eea6bc5f8 upstream. + +When there are no files for __io_sqe_files_scm() to process in the +range, it'll free everything and return. However, it forgets to put uid. + +Fixes: 08a451739a9b5 ("io_uring: allow sparse fixed file sets") +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/accee442376f33ce8aaebb099d04967533efde92.1648226048.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + fs/io_uring.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -7350,6 +7350,7 @@ static int __io_sqe_files_scm(struct io_ + fput(fpl->fp[i]); + } else { + kfree_skb(skb); ++ free_uid(fpl->user); + kfree(fpl); + } + diff --git a/queue-5.10/platform-chrome-cros_ec_typec-check-for-ec-device.patch b/queue-5.10/platform-chrome-cros_ec_typec-check-for-ec-device.patch new file mode 100644 index 00000000000..4d3566afdd9 --- /dev/null +++ b/queue-5.10/platform-chrome-cros_ec_typec-check-for-ec-device.patch @@ -0,0 +1,48 @@ +From ffebd90532728086007038986900426544e3df4e Mon Sep 17 00:00:00 2001 +From: Prashant Malani +Date: Wed, 26 Jan 2022 19:02:20 +0000 +Subject: platform/chrome: cros_ec_typec: Check for EC device + +From: Prashant Malani + +commit ffebd90532728086007038986900426544e3df4e upstream. + +The Type C ACPI device on older Chromebooks is not generated correctly +(since their EC firmware doesn't support the new commands required). In +such cases, the crafted ACPI device doesn't have an EC parent, and it is +therefore not useful (it shouldn't be generated in the first place since +the EC firmware doesn't support any of the Type C commands). + +To handle devices which use these older firmware revisions, check for +the parent EC device handle, and fail the probe if it's not found. + +Fixes: fdc6b21e2444 ("platform/chrome: Add Type C connector class driver") +Reported-by: Alyssa Ross +Reviewed-by: Tzung-Bi Shih +Signed-off-by: Prashant Malani +Acked-by: Heikki Krogerus +Reviewed-by: Alyssa Ross +Tested-by: Alyssa Ross +Link: https://lore.kernel.org/r/20220126190219.3095419-1-pmalani@chromium.org +Signed-off-by: Benson Leung +Signed-off-by: Greg Kroah-Hartman +--- + drivers/platform/chrome/cros_ec_typec.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/platform/chrome/cros_ec_typec.c ++++ b/drivers/platform/chrome/cros_ec_typec.c +@@ -712,7 +712,13 @@ static int cros_typec_probe(struct platf + return -ENOMEM; + + typec->dev = dev; ++ + typec->ec = dev_get_drvdata(pdev->dev.parent); ++ if (!typec->ec) { ++ dev_err(dev, "couldn't find parent EC device\n"); ++ return -ENODEV; ++ } ++ + platform_set_drvdata(pdev, typec); + + ret = cros_typec_get_cmd_version(typec); diff --git a/queue-5.10/riscv-module-remove-noload.patch b/queue-5.10/riscv-module-remove-noload.patch new file mode 100644 index 00000000000..913f1610cc1 --- /dev/null +++ b/queue-5.10/riscv-module-remove-noload.patch @@ -0,0 +1,49 @@ +From 60210a3d86dc57ce4a76a366e7841dda746a33f7 Mon Sep 17 00:00:00 2001 +From: Fangrui Song +Date: Mon, 21 Mar 2022 18:26:17 -0700 +Subject: riscv module: remove (NOLOAD) + +From: Fangrui Song + +commit 60210a3d86dc57ce4a76a366e7841dda746a33f7 upstream. + +On ELF, (NOLOAD) sets the section type to SHT_NOBITS[1]. It is conceptually +inappropriate for .plt, .got, and .got.plt sections which are always +SHT_PROGBITS. + +In GNU ld, if PLT entries are needed, .plt will be SHT_PROGBITS anyway +and (NOLOAD) will be essentially ignored. In ld.lld, since +https://reviews.llvm.org/D118840 ("[ELF] Support (TYPE=) to +customize the output section type"), ld.lld will report a `section type +mismatch` error (later changed to a warning). Just remove (NOLOAD) to +fix the warning. + +[1] https://lld.llvm.org/ELF/linker_script.html As of today, "The +section should be marked as not loadable" on +https://sourceware.org/binutils/docs/ld/Output-Section-Type.html is +outdated for ELF. + +Link: https://github.com/ClangBuiltLinux/linux/issues/1597 +Fixes: ab1ef68e5401 ("RISC-V: Add sections of PLT and GOT for kernel module") +Reported-by: Nathan Chancellor +Signed-off-by: Fangrui Song +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/module.lds.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/riscv/include/asm/module.lds.h ++++ b/arch/riscv/include/asm/module.lds.h +@@ -2,8 +2,8 @@ + /* Copyright (C) 2017 Andes Technology Corporation */ + #ifdef CONFIG_MODULE_SECTIONS + SECTIONS { +- .plt (NOLOAD) : { BYTE(0) } +- .got (NOLOAD) : { BYTE(0) } +- .got.plt (NOLOAD) : { BYTE(0) } ++ .plt : { BYTE(0) } ++ .got : { BYTE(0) } ++ .got.plt : { BYTE(0) } + } + #endif diff --git a/queue-5.10/series b/queue-5.10/series index 866b884d52f..9dd84ce6e49 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -564,3 +564,7 @@ pinctrl-nuvoton-npcm7xx-use-zu-printk-format-for-array_size.patch asoc-mediatek-mt6358-add-missing-export_symbols.patch ubi-fix-race-condition-between-ctrl_cdev_ioctl-and-ubi_cdev_ioctl.patch arm-iop32x-offset-irq-numbers-by-1.patch +io_uring-fix-memory-leak-of-uid-in-files-registration.patch +riscv-module-remove-noload.patch +acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch +platform-chrome-cros_ec_typec-check-for-ec-device.patch