From: Greg Kroah-Hartman Date: Mon, 6 Jun 2022 07:18:23 +0000 (+0200) Subject: 5.17-stable patches X-Git-Tag: v5.10.121~171 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=323a188688e7e1deae143b48542ebb96af692a10;p=thirdparty%2Fkernel%2Fstable-queue.git 5.17-stable patches added patches: binfmt_flat-do-not-stop-relocating-got-entries-prematurely-on-riscv.patch parisc-stifb-implement-fb_is_primary_device.patch --- diff --git a/queue-5.17/binfmt_flat-do-not-stop-relocating-got-entries-prematurely-on-riscv.patch b/queue-5.17/binfmt_flat-do-not-stop-relocating-got-entries-prematurely-on-riscv.patch new file mode 100644 index 00000000000..001a726fe8a --- /dev/null +++ b/queue-5.17/binfmt_flat-do-not-stop-relocating-got-entries-prematurely-on-riscv.patch @@ -0,0 +1,108 @@ +From 6045ab5fea4c849153ebeb0acb532da5f29d69c4 Mon Sep 17 00:00:00 2001 +From: Niklas Cassel +Date: Thu, 14 Apr 2022 11:10:18 +0200 +Subject: binfmt_flat: do not stop relocating GOT entries prematurely on riscv + +From: Niklas Cassel + +commit 6045ab5fea4c849153ebeb0acb532da5f29d69c4 upstream. + +bFLT binaries are usually created using elf2flt. + +The linker script used by elf2flt has defined the .data section like the +following for the last 19 years: + +.data : { + _sdata = . ; + __data_start = . ; + data_start = . ; + *(.got.plt) + *(.got) + FILL(0) ; + . = ALIGN(0x20) ; + LONG(-1) + . = ALIGN(0x20) ; + ... +} + +It places the .got.plt input section before the .got input section. +The same is true for the default linker script (ld --verbose) on most +architectures except x86/x86-64. + +The binfmt_flat loader should relocate all GOT entries until it encounters +a -1 (the LONG(-1) in the linker script). + +The problem is that the .got.plt input section starts with a GOTPLT header +(which has size 16 bytes on elf64-riscv and 8 bytes on elf32-riscv), where +the first word is set to -1. See the binutils implementation for riscv [1]. + +This causes the binfmt_flat loader to stop relocating GOT entries +prematurely and thus causes the application to crash when running. + +Fix this by skipping the whole GOTPLT header, since the whole GOTPLT header +is reserved for the dynamic linker. + +The GOTPLT header will only be skipped for bFLT binaries with flag +FLAT_FLAG_GOTPIC set. This flag is unconditionally set by elf2flt if the +supplied ELF binary has the symbol _GLOBAL_OFFSET_TABLE_ defined. +ELF binaries without a .got input section should thus remain unaffected. + +Tested on RISC-V Canaan Kendryte K210 and RISC-V QEMU nommu_virt_defconfig. + +[1] https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elfnn-riscv.c;hb=binutils-2_38#l3275 + +Cc: +Signed-off-by: Niklas Cassel +Reviewed-by: Damien Le Moal +Link: https://lore.kernel.org/r/20220414091018.896737-1-niklas.cassel@wdc.com +Fixed-by: kernel test robot +Link: https://lore.kernel.org/lkml/202204182333.OIUOotK8-lkp@intel.com +Signed-off-by: Kees Cook +Signed-off-by: Greg Kroah-Hartman +--- + fs/binfmt_flat.c | 27 ++++++++++++++++++++++++++- + 1 file changed, 26 insertions(+), 1 deletion(-) + +--- a/fs/binfmt_flat.c ++++ b/fs/binfmt_flat.c +@@ -433,6 +433,30 @@ static void old_reloc(unsigned long rl) + + /****************************************************************************/ + ++static inline u32 __user *skip_got_header(u32 __user *rp) ++{ ++ if (IS_ENABLED(CONFIG_RISCV)) { ++ /* ++ * RISC-V has a 16 byte GOT PLT header for elf64-riscv ++ * and 8 byte GOT PLT header for elf32-riscv. ++ * Skip the whole GOT PLT header, since it is reserved ++ * for the dynamic linker (ld.so). ++ */ ++ u32 rp_val0, rp_val1; ++ ++ if (get_user(rp_val0, rp)) ++ return rp; ++ if (get_user(rp_val1, rp + 1)) ++ return rp; ++ ++ if (rp_val0 == 0xffffffff && rp_val1 == 0xffffffff) ++ rp += 4; ++ else if (rp_val0 == 0xffffffff) ++ rp += 2; ++ } ++ return rp; ++} ++ + static int load_flat_file(struct linux_binprm *bprm, + struct lib_info *libinfo, int id, unsigned long *extra_stack) + { +@@ -782,7 +806,8 @@ static int load_flat_file(struct linux_b + * image. + */ + if (flags & FLAT_FLAG_GOTPIC) { +- for (rp = (u32 __user *)datapos; ; rp++) { ++ rp = skip_got_header((u32 __user *) datapos); ++ for (; ; rp++) { + u32 addr, rp_val; + if (get_user(rp_val, rp)) + return -EFAULT; diff --git a/queue-5.17/parisc-stifb-implement-fb_is_primary_device.patch b/queue-5.17/parisc-stifb-implement-fb_is_primary_device.patch new file mode 100644 index 00000000000..770efeef0a5 --- /dev/null +++ b/queue-5.17/parisc-stifb-implement-fb_is_primary_device.patch @@ -0,0 +1,87 @@ +From cf936af790a3ef5f41ff687ec91bfbffee141278 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Thu, 2 Jun 2022 13:50:44 +0200 +Subject: parisc/stifb: Implement fb_is_primary_device() + +From: Helge Deller + +commit cf936af790a3ef5f41ff687ec91bfbffee141278 upstream. + +Implement fb_is_primary_device() function, so that fbcon detects if this +framebuffer belongs to the default graphics card which was used to start +the system. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org # v5.10+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/fb.h | 4 ++++ + drivers/video/console/sticore.c | 17 +++++++++++++++++ + drivers/video/fbdev/stifb.c | 4 ++-- + 3 files changed, 23 insertions(+), 2 deletions(-) + +--- a/arch/parisc/include/asm/fb.h ++++ b/arch/parisc/include/asm/fb.h +@@ -12,9 +12,13 @@ static inline void fb_pgprotect(struct f + pgprot_val(vma->vm_page_prot) |= _PAGE_NO_CACHE; + } + ++#if defined(CONFIG_STI_CONSOLE) || defined(CONFIG_FB_STI) ++int fb_is_primary_device(struct fb_info *info); ++#else + static inline int fb_is_primary_device(struct fb_info *info) + { + return 0; + } ++#endif + + #endif /* _ASM_FB_H_ */ +--- a/drivers/video/console/sticore.c ++++ b/drivers/video/console/sticore.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + #include "../fbdev/sticore.h" + +@@ -1127,6 +1128,22 @@ int sti_call(const struct sti_struct *st + return ret; + } + ++/* check if given fb_info is the primary device */ ++int fb_is_primary_device(struct fb_info *info) ++{ ++ struct sti_struct *sti; ++ ++ sti = sti_get_rom(0); ++ ++ /* if no built-in graphics card found, allow any fb driver as default */ ++ if (!sti) ++ return true; ++ ++ /* return true if it's the default built-in framebuffer driver */ ++ return (sti->info == info); ++} ++EXPORT_SYMBOL(fb_is_primary_device); ++ + MODULE_AUTHOR("Philipp Rumpf, Helge Deller, Thomas Bogendoerfer"); + MODULE_DESCRIPTION("Core STI driver for HP's NGLE series graphics cards in HP PARISC machines"); + MODULE_LICENSE("GPL v2"); +--- a/drivers/video/fbdev/stifb.c ++++ b/drivers/video/fbdev/stifb.c +@@ -1317,11 +1317,11 @@ static int __init stifb_init_fb(struct s + goto out_err3; + } + ++ /* save for primary gfx device detection & unregister_framebuffer() */ ++ sti->info = info; + if (register_framebuffer(&fb->info) < 0) + goto out_err4; + +- sti->info = info; /* save for unregister_framebuffer() */ +- + fb_info(&fb->info, "%s %dx%d-%d frame buffer device, %s, id: %04x, mmio: 0x%04lx\n", + fix->id, + var->xres, diff --git a/queue-5.17/series b/queue-5.17/series index a1889584cca..5f83c64d9b4 100644 --- a/queue-5.17/series +++ b/queue-5.17/series @@ -1 +1,3 @@ arm64-initialize-jump-labels-before-setup_machine_fdt.patch +binfmt_flat-do-not-stop-relocating-got-entries-prematurely-on-riscv.patch +parisc-stifb-implement-fb_is_primary_device.patch