From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 9 May 2019 18:04:17 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.9.175~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=544566e12d108c157166db54a10af27a32bf1df4;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	asoc-intel-avoid-oops-if-dma-setup-fails.patch
	timer-debug-change-proc-timer_stats-from-0644-to-0600.patch
---

diff --git a/queue-4.4/asoc-intel-avoid-oops-if-dma-setup-fails.patch b/queue-4.4/asoc-intel-avoid-oops-if-dma-setup-fails.patch
new file mode 100644
index 00000000000..785d013e9d5
--- /dev/null
+++ b/queue-4.4/asoc-intel-avoid-oops-if-dma-setup-fails.patch
@@ -0,0 +1,62 @@
+From 0efa3334d65b7f421ba12382dfa58f6ff5bf83c4 Mon Sep 17 00:00:00 2001
+From: Ross Zwisler <zwisler@chromium.org>
+Date: Mon, 29 Apr 2019 12:25:17 -0600
+Subject: ASoC: Intel: avoid Oops if DMA setup fails
+
+From: Ross Zwisler <zwisler@chromium.org>
+
+commit 0efa3334d65b7f421ba12382dfa58f6ff5bf83c4 upstream.
+
+Currently in sst_dsp_new() if we get an error return from sst_dma_new()
+we just print an error message and then still complete the function
+successfully.  This means that we are trying to run without sst->dma
+properly set up, which will result in NULL pointer dereference when
+sst->dma is later used.  This was happening for me in
+sst_dsp_dma_get_channel():
+
+        struct sst_dma *dma = dsp->dma;
+	...
+        dma->ch = dma_request_channel(mask, dma_chan_filter, dsp);
+
+This resulted in:
+
+   BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
+   IP: sst_dsp_dma_get_channel+0x4f/0x125 [snd_soc_sst_firmware]
+
+Fix this by adding proper error handling for the case where we fail to
+set up DMA.
+
+This change only affects Haswell and Broadwell systems.  Baytrail
+systems explicilty opt-out of DMA via sst->pdata->resindex_dma_base
+being set to -1.
+
+Signed-off-by: Ross Zwisler <zwisler@google.com>
+Cc: stable@vger.kernel.org
+Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/intel/common/sst-dsp.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/sound/soc/intel/common/sst-dsp.c
++++ b/sound/soc/intel/common/sst-dsp.c
+@@ -463,11 +463,15 @@ struct sst_dsp *sst_dsp_new(struct devic
+ 		goto irq_err;
+ 
+ 	err = sst_dma_new(sst);
+-	if (err)
+-		dev_warn(dev, "sst_dma_new failed %d\n", err);
++	if (err)  {
++		dev_err(dev, "sst_dma_new failed %d\n", err);
++		goto dma_err;
++	}
+ 
+ 	return sst;
+ 
++dma_err:
++	free_irq(sst->irq, sst);
+ irq_err:
+ 	if (sst->ops->free)
+ 		sst->ops->free(sst);
diff --git a/queue-4.4/series b/queue-4.4/series
index ad30dd7ae64..06fd6d81c08 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -155,3 +155,5 @@ bluetooth-hidp-fix-buffer-overflow.patch
 bluetooth-align-minimum-encryption-key-size-for-le-and-br-edr-connections.patch
 uas-fix-alignment-of-scatter-gather-segments.patch
 ipv6-fix-a-potential-deadlock-in-do_ipv6_setsockopt.patch
+asoc-intel-avoid-oops-if-dma-setup-fails.patch
+timer-debug-change-proc-timer_stats-from-0644-to-0600.patch
diff --git a/queue-4.4/timer-debug-change-proc-timer_stats-from-0644-to-0600.patch b/queue-4.4/timer-debug-change-proc-timer_stats-from-0644-to-0600.patch
new file mode 100644
index 00000000000..020c7be6ccc
--- /dev/null
+++ b/queue-4.4/timer-debug-change-proc-timer_stats-from-0644-to-0600.patch
@@ -0,0 +1,38 @@
+From ben@decadent.org.uk  Thu May  9 19:42:50 2019
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 7 May 2019 20:04:04 +0100
+Subject: timer/debug: Change /proc/timer_stats from 0644 to 0600
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin <sashal@kernel.org>
+Cc: stable@vger.kernel.org
+Message-ID: <20190507190404.ub43rr4iuvqfkbsq@decadent.org.uk>
+Content-Disposition: inline
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+The timer_stats facility should filter and translate PIDs if opened
+from a non-initial PID namespace, to avoid leaking information about
+the wider system.  It should also not show kernel virtual addresses.
+Unfortunately it has now been removed upstream (as redundant)
+instead of being fixed.
+
+For stable, fix the leak by restricting access to root only.  A
+similar change was already made for the /proc/timer_list file.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/timer_stats.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/time/timer_stats.c
++++ b/kernel/time/timer_stats.c
+@@ -417,7 +417,7 @@ static int __init init_tstats_procfs(voi
+ {
+ 	struct proc_dir_entry *pe;
+ 
+-	pe = proc_create("timer_stats", 0644, NULL, &tstats_fops);
++	pe = proc_create("timer_stats", 0600, NULL, &tstats_fops);
+ 	if (!pe)
+ 		return -ENOMEM;
+ 	return 0;