From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 11 Apr 2024 09:48:30 +0000 (+0200)
Subject: 5.4-stable patches
X-Git-Tag: v4.19.312~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=80ede9c9631d2ef5df45050f1291f82fc147eef5;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	erspan-check-ifla_gre_erspan_ver-is-set.patch
	firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch
	ip_gre-do-not-report-erspan-version-on-gre-interface.patch
---

diff --git a/queue-5.4/erspan-check-ifla_gre_erspan_ver-is-set.patch b/queue-5.4/erspan-check-ifla_gre_erspan_ver-is-set.patch
new file mode 100644
index 00000000000..fbbf2c435ca
--- /dev/null
+++ b/queue-5.4/erspan-check-ifla_gre_erspan_ver-is-set.patch
@@ -0,0 +1,33 @@
+From 51fa960d3b5163b1af22efdebcabfccc5d615ad6 Mon Sep 17 00:00:00 2001
+From: William Tu <u9012063@gmail.com>
+Date: Tue, 12 May 2020 10:36:23 -0700
+Subject: erspan: Check IFLA_GRE_ERSPAN_VER is set.
+
+From: William Tu <u9012063@gmail.com>
+
+commit 51fa960d3b5163b1af22efdebcabfccc5d615ad6 upstream.
+
+Add a check to make sure the IFLA_GRE_ERSPAN_VER is provided by users.
+
+Fixes: f989d546a2d5 ("erspan: Add type I version 0 support.")
+Cc: Eric Dumazet <eric.dumazet@gmail.com>
+Signed-off-by: William Tu <u9012063@gmail.com>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ip_gre.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -1106,7 +1106,8 @@ static int erspan_validate(struct nlattr
+ 	if (ret)
+ 		return ret;
+ 
+-	if (nla_get_u8(data[IFLA_GRE_ERSPAN_VER]) == 0)
++	if (data[IFLA_GRE_ERSPAN_VER] &&
++	    nla_get_u8(data[IFLA_GRE_ERSPAN_VER]) == 0)
+ 		return 0;
+ 
+ 	/* ERSPAN type II/III should only have GRE sequence and key flag */
diff --git a/queue-5.4/firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch b/queue-5.4/firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch
new file mode 100644
index 00000000000..88d5d9d6c4a
--- /dev/null
+++ b/queue-5.4/firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch
@@ -0,0 +1,34 @@
+From f2ed165619c16577c02b703a114a1f6b52026df4 Mon Sep 17 00:00:00 2001
+From: Zhang Shurong <zhang_shurong@foxmail.com>
+Date: Sat, 15 Jul 2023 22:13:38 +0800
+Subject: firmware: meson_sm: fix to avoid potential NULL pointer dereference
+
+From: Zhang Shurong <zhang_shurong@foxmail.com>
+
+commit f2ed165619c16577c02b703a114a1f6b52026df4 upstream.
+
+of_match_device() may fail and returns a NULL pointer.
+
+Fix this by checking the return value of of_match_device.
+
+Fixes: 8cde3c2153e8 ("firmware: meson_sm: Rework driver as a proper platform driver")
+Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
+Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
+Link: https://lore.kernel.org/r/tencent_AA08AAA6C4F34D53ADCE962E188A879B8206@qq.com
+Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/firmware/meson/meson_sm.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/firmware/meson/meson_sm.c
++++ b/drivers/firmware/meson/meson_sm.c
+@@ -302,6 +302,8 @@ static int __init meson_sm_probe(struct
+ 		return -ENOMEM;
+ 
+ 	chip = of_match_device(meson_sm_ids, dev)->data;
++	if (!chip)
++		return -EINVAL;
+ 
+ 	if (chip->cmd_shmem_in_base) {
+ 		fw->sm_shmem_in_base = meson_sm_map_shmem(chip->cmd_shmem_in_base,
diff --git a/queue-5.4/ip_gre-do-not-report-erspan-version-on-gre-interface.patch b/queue-5.4/ip_gre-do-not-report-erspan-version-on-gre-interface.patch
new file mode 100644
index 00000000000..4310cb7d5fd
--- /dev/null
+++ b/queue-5.4/ip_gre-do-not-report-erspan-version-on-gre-interface.patch
@@ -0,0 +1,99 @@
+From ee496694b9eea651ae1aa4c4667d886cdf74aa3b Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <liuhangbin@gmail.com>
+Date: Sat, 3 Dec 2022 11:28:58 +0800
+Subject: ip_gre: do not report erspan version on GRE interface
+
+From: Hangbin Liu <liuhangbin@gmail.com>
+
+commit ee496694b9eea651ae1aa4c4667d886cdf74aa3b upstream.
+
+Although the type I ERSPAN is based on the barebones IP + GRE
+encapsulation and no extra ERSPAN header. Report erspan version on GRE
+interface looks unreasonable. Fix this by separating the erspan and gre
+fill info.
+
+IPv6 GRE does not have this info as IPv6 only supports erspan version
+1 and 2.
+
+Reported-by: Jianlin Shi <jishi@redhat.com>
+Fixes: f989d546a2d5 ("erspan: Add type I version 0 support.")
+Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: William Tu <u9012063@gmail.com>
+Link: https://lore.kernel.org/r/20221203032858.3130339-1-liuhangbin@gmail.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ip_gre.c |   48 +++++++++++++++++++++++++++++-------------------
+ 1 file changed, 29 insertions(+), 19 deletions(-)
+
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -1504,24 +1504,6 @@ static int ipgre_fill_info(struct sk_buf
+ 	struct ip_tunnel_parm *p = &t->parms;
+ 	__be16 o_flags = p->o_flags;
+ 
+-	if (t->erspan_ver <= 2) {
+-		if (t->erspan_ver != 0 && !t->collect_md)
+-			o_flags |= TUNNEL_KEY;
+-
+-		if (nla_put_u8(skb, IFLA_GRE_ERSPAN_VER, t->erspan_ver))
+-			goto nla_put_failure;
+-
+-		if (t->erspan_ver == 1) {
+-			if (nla_put_u32(skb, IFLA_GRE_ERSPAN_INDEX, t->index))
+-				goto nla_put_failure;
+-		} else if (t->erspan_ver == 2) {
+-			if (nla_put_u8(skb, IFLA_GRE_ERSPAN_DIR, t->dir))
+-				goto nla_put_failure;
+-			if (nla_put_u16(skb, IFLA_GRE_ERSPAN_HWID, t->hwid))
+-				goto nla_put_failure;
+-		}
+-	}
+-
+ 	if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) ||
+ 	    nla_put_be16(skb, IFLA_GRE_IFLAGS,
+ 			 gre_tnl_flags_to_gre_flags(p->i_flags)) ||
+@@ -1562,6 +1544,34 @@ nla_put_failure:
+ 	return -EMSGSIZE;
+ }
+ 
++static int erspan_fill_info(struct sk_buff *skb, const struct net_device *dev)
++{
++	struct ip_tunnel *t = netdev_priv(dev);
++
++	if (t->erspan_ver <= 2) {
++		if (t->erspan_ver != 0 && !t->collect_md)
++			t->parms.o_flags |= TUNNEL_KEY;
++
++		if (nla_put_u8(skb, IFLA_GRE_ERSPAN_VER, t->erspan_ver))
++			goto nla_put_failure;
++
++		if (t->erspan_ver == 1) {
++			if (nla_put_u32(skb, IFLA_GRE_ERSPAN_INDEX, t->index))
++				goto nla_put_failure;
++		} else if (t->erspan_ver == 2) {
++			if (nla_put_u8(skb, IFLA_GRE_ERSPAN_DIR, t->dir))
++				goto nla_put_failure;
++			if (nla_put_u16(skb, IFLA_GRE_ERSPAN_HWID, t->hwid))
++				goto nla_put_failure;
++		}
++	}
++
++	return ipgre_fill_info(skb, dev);
++
++nla_put_failure:
++	return -EMSGSIZE;
++}
++
+ static void erspan_setup(struct net_device *dev)
+ {
+ 	struct ip_tunnel *t = netdev_priv(dev);
+@@ -1640,7 +1650,7 @@ static struct rtnl_link_ops erspan_link_
+ 	.changelink	= erspan_changelink,
+ 	.dellink	= ip_tunnel_dellink,
+ 	.get_size	= ipgre_get_size,
+-	.fill_info	= ipgre_fill_info,
++	.fill_info	= erspan_fill_info,
+ 	.get_link_net	= ip_tunnel_get_link_net,
+ };
+ 
diff --git a/queue-5.4/series b/queue-5.4/series
index ec55fa9a1e8..292bf3bb5f7 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -210,3 +210,6 @@ drm-i915-gt-reset-queue_priority_hint-on-parking.patch
 x86-alternative-don-t-call-text_poke-in-lazy-tlb-mode.patch
 bluetooth-btintel-fixe-build-regression.patch
 vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch
+erspan-check-ifla_gre_erspan_ver-is-set.patch
+ip_gre-do-not-report-erspan-version-on-gre-interface.patch
+firmware-meson_sm-fix-to-avoid-potential-null-pointer-dereference.patch