From: Greg Kroah-Hartman Date: Mon, 24 Apr 2023 06:05:00 +0000 (+0200) Subject: 6.1-stable patches X-Git-Tag: v4.14.314~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=936a6db5580a1f3893544ceee9c2c506d90303ef;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: gcc-disable-warray-bounds-for-gcc-13-too.patch input-pegasus-notetaker-check-pipe-type-when-probing.patch --- diff --git a/queue-6.1/gcc-disable-warray-bounds-for-gcc-13-too.patch b/queue-6.1/gcc-disable-warray-bounds-for-gcc-13-too.patch new file mode 100644 index 00000000000..b21cf5941dc --- /dev/null +++ b/queue-6.1/gcc-disable-warray-bounds-for-gcc-13-too.patch @@ -0,0 +1,63 @@ +From 0da6e5fd6c3726723e275603426e09178940dace Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Sun, 23 Apr 2023 09:56:20 -0700 +Subject: gcc: disable '-Warray-bounds' for gcc-13 too + +From: Linus Torvalds + +commit 0da6e5fd6c3726723e275603426e09178940dace upstream. + +We started disabling '-Warray-bounds' for gcc-12 originally on s390, +because it resulted in some warnings that weren't realistically fixable +(commit 8b202ee21839: "s390: disable -Warray-bounds"). + +That s390-specific issue was then found to be less common elsewhere, but +generic (see f0be87c42cbd: "gcc-12: disable '-Warray-bounds' universally +for now"), and then later expanded the version check was expanded to +gcc-11 (5a41237ad1d4: "gcc: disable -Warray-bounds for gcc-11 too"). + +And it turns out that I was much too optimistic in thinking that it's +all going to go away, and here we are with gcc-13 showing all the same +issues. So instead of expanding this one version at a time, let's just +disable it for gcc-11+, and put an end limit to it only when we actually +find a solution. + +Yes, I'm sure some of this is because the kernel just does odd things +(like our "container_of()" use, but also knowingly playing games with +things like linker tables and array layouts). + +And yes, some of the warnings are likely signs of real bugs, but when +there are hundreds of false positives, that doesn't really help. + +Oh well. + +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + init/Kconfig | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -892,18 +892,14 @@ config CC_IMPLICIT_FALLTHROUGH + default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5) + default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough) + +-# Currently, disable gcc-11,12 array-bounds globally. +-# We may want to target only particular configurations some day. ++# Currently, disable gcc-11+ array-bounds globally. ++# It's still broken in gcc-13, so no upper bound yet. + config GCC11_NO_ARRAY_BOUNDS + def_bool y + +-config GCC12_NO_ARRAY_BOUNDS +- def_bool y +- + config CC_NO_ARRAY_BOUNDS + bool +- default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC_VERSION < 120000 && GCC11_NO_ARRAY_BOUNDS +- default y if CC_IS_GCC && GCC_VERSION >= 120000 && GCC_VERSION < 130000 && GCC12_NO_ARRAY_BOUNDS ++ default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS + + # + # For architectures that know their GCC __int128 support is sound diff --git a/queue-6.1/input-pegasus-notetaker-check-pipe-type-when-probing.patch b/queue-6.1/input-pegasus-notetaker-check-pipe-type-when-probing.patch new file mode 100644 index 00000000000..a942ca60cff --- /dev/null +++ b/queue-6.1/input-pegasus-notetaker-check-pipe-type-when-probing.patch @@ -0,0 +1,41 @@ +From b3d80fd27a3c2d8715a40cbf876139b56195f162 Mon Sep 17 00:00:00 2001 +From: Soumya Negi +Date: Sun, 9 Apr 2023 19:12:04 -0700 +Subject: Input: pegasus-notetaker - check pipe type when probing + +From: Soumya Negi + +commit b3d80fd27a3c2d8715a40cbf876139b56195f162 upstream. + +Fix WARNING in pegasus_open/usb_submit_urb +Syzbot bug: https://syzkaller.appspot.com/bug?id=bbc107584dcf3262253ce93183e51f3612aaeb13 + +Warning raised because pegasus_driver submits transfer request for +bogus URB (pipe type does not match endpoint type). Add sanity check at +probe time for pipe value extracted from endpoint descriptor. Probe +will fail if sanity check fails. + +Reported-and-tested-by: syzbot+04ee0cb4caccaed12d78@syzkaller.appspotmail.com +Signed-off-by: Soumya Negi +Link: https://lore.kernel.org/r/20230404074145.11523-1-soumya.negi97@gmail.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/input/tablet/pegasus_notetaker.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/input/tablet/pegasus_notetaker.c ++++ b/drivers/input/tablet/pegasus_notetaker.c +@@ -296,6 +296,12 @@ static int pegasus_probe(struct usb_inte + pegasus->intf = intf; + + pipe = usb_rcvintpipe(dev, endpoint->bEndpointAddress); ++ /* Sanity check that pipe's type matches endpoint's type */ ++ if (usb_pipe_type_check(dev, pipe)) { ++ error = -EINVAL; ++ goto err_free_mem; ++ } ++ + pegasus->data_len = usb_maxpacket(dev, pipe); + + pegasus->data = usb_alloc_coherent(dev, pegasus->data_len, GFP_KERNEL, diff --git a/queue-6.1/series b/queue-6.1/series index 5427ce7a373..95f9b63e126 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -87,3 +87,5 @@ purgatory-fix-disabling-debug-info.patch inet6-remove-inet6_destroy_sock-in-sk-sk_prot-destroy.patch dccp-call-inet6_destroy_sock-via-sk-sk_destruct.patch sctp-call-inet6_destroy_sock-via-sk-sk_destruct.patch +gcc-disable-warray-bounds-for-gcc-13-too.patch +input-pegasus-notetaker-check-pipe-type-when-probing.patch