From: Greg Kroah-Hartman Date: Mon, 5 Sep 2022 15:53:46 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v5.10.142~71 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9e7e01a3ccdb464d7c788f21a72c7a60e72ede4c;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: powerpc-align-syscall-table-for-ppc32.patch vt-clear-selection-before-changing-the-font.patch --- diff --git a/queue-5.4/powerpc-align-syscall-table-for-ppc32.patch b/queue-5.4/powerpc-align-syscall-table-for-ppc32.patch new file mode 100644 index 00000000000..587fa994bf5 --- /dev/null +++ b/queue-5.4/powerpc-align-syscall-table-for-ppc32.patch @@ -0,0 +1,70 @@ +From c7acee3d2f128a38b68fb7af85dbbd91bfd0b4ad Mon Sep 17 00:00:00 2001 +From: Masahiro Yamada +Date: Sun, 21 Aug 2022 01:51:29 +0900 +Subject: powerpc: align syscall table for ppc32 + +From: Masahiro Yamada + +commit c7acee3d2f128a38b68fb7af85dbbd91bfd0b4ad upstream. + +Christophe Leroy reported that commit 7b4537199a4a ("kbuild: link +symbol CRCs at final link, removing CONFIG_MODULE_REL_CRCS") broke +mpc85xx_defconfig + CONFIG_RELOCATABLE=y. + + LD vmlinux + SYSMAP System.map + SORTTAB vmlinux + CHKREL vmlinux + WARNING: 451 bad relocations + c0b312a9 R_PPC_UADDR32 .head.text-0x3ff9ed54 + c0b312ad R_PPC_UADDR32 .head.text-0x3ffac224 + c0b312b1 R_PPC_UADDR32 .head.text-0x3ffb09f4 + c0b312b5 R_PPC_UADDR32 .head.text-0x3fe184dc + c0b312b9 R_PPC_UADDR32 .head.text-0x3fe183a8 + ... + +The compiler emits a bunch of R_PPC_UADDR32, which is not supported by +arch/powerpc/kernel/reloc_32.S. + +The reason is there exists an unaligned symbol. + + $ powerpc-linux-gnu-nm -n vmlinux + ... + c0b31258 d spe_aligninfo + c0b31298 d __func__.0 + c0b312a9 D sys_call_table + c0b319b8 d __func__.0 + +Commit 7b4537199a4a is not the root cause. Even before that, I can +reproduce the same issue for mpc85xx_defconfig + CONFIG_RELOCATABLE=y ++ CONFIG_MODVERSIONS=n. + +It is just that nobody noticed because when CONFIG_MODVERSIONS is +enabled, a __crc_* symbol inserted before sys_call_table was hiding the +unalignment issue. + +Adding alignment to the syscall table for ppc32 fixes the issue. + +Cc: stable@vger.kernel.org +Reported-by: Christophe Leroy +Signed-off-by: Masahiro Yamada +Tested-by: Christophe Leroy +[mpe: Trim change log discussion, add Cc stable] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/lkml/38605f6a-a568-f884-f06f-ea4da5b214f0@csgroup.eu/ +Link: https://lore.kernel.org/r/20220820165129.1147589-1-masahiroy@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/systbl.S | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/powerpc/kernel/systbl.S ++++ b/arch/powerpc/kernel/systbl.S +@@ -25,6 +25,7 @@ sys_call_table: + #include + #undef __SYSCALL + #else ++ .p2align 2 + #define __SYSCALL(nr, entry) .long entry + #include + #undef __SYSCALL diff --git a/queue-5.4/series b/queue-5.4/series index 1a11c9ee3b9..f7fa4b1c5b7 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -14,3 +14,5 @@ revert-sch_cake-return-__net_xmit_stolen-when-consum.patch net-smc-remove-redundant-refcount-increase.patch serial-fsl_lpuart-rs485-rts-polariy-is-inverse.patch staging-rtl8712-fix-use-after-free-bugs.patch +powerpc-align-syscall-table-for-ppc32.patch +vt-clear-selection-before-changing-the-font.patch diff --git a/queue-5.4/vt-clear-selection-before-changing-the-font.patch b/queue-5.4/vt-clear-selection-before-changing-the-font.patch new file mode 100644 index 00000000000..98a55d0530b --- /dev/null +++ b/queue-5.4/vt-clear-selection-before-changing-the-font.patch @@ -0,0 +1,58 @@ +From 566f9c9f89337792070b5a6062dff448b3e7977f Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 30 Jul 2022 20:50:18 +0200 +Subject: vt: Clear selection before changing the font + +From: Helge Deller + +commit 566f9c9f89337792070b5a6062dff448b3e7977f upstream. + +When changing the console font with ioctl(KDFONTOP) the new font size +can be bigger than the previous font. A previous selection may thus now +be outside of the new screen size and thus trigger out-of-bounds +accesses to graphics memory if the selection is removed in +vc_do_resize(). + +Prevent such out-of-memory accesses by dropping the selection before the +various con_font_set() console handlers are called. + +Reported-by: syzbot+14b0e8f3fd1612e35350@syzkaller.appspotmail.com +Cc: stable +Tested-by: Khalid Masum +Signed-off-by: Helge Deller +Link: https://lore.kernel.org/r/YuV9apZGNmGfjcor@p100 +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/vt/vt.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/drivers/tty/vt/vt.c ++++ b/drivers/tty/vt/vt.c +@@ -4587,9 +4587,11 @@ static int con_font_set(struct vc_data * + console_lock(); + if (vc->vc_mode != KD_TEXT) + rc = -EINVAL; +- else if (vc->vc_sw->con_font_set) ++ else if (vc->vc_sw->con_font_set) { ++ if (vc_is_sel(vc)) ++ clear_selection(); + rc = vc->vc_sw->con_font_set(vc, &font, op->flags); +- else ++ } else + rc = -ENOSYS; + console_unlock(); + kfree(font.data); +@@ -4616,9 +4618,11 @@ static int con_font_default(struct vc_da + console_unlock(); + return -EINVAL; + } +- if (vc->vc_sw->con_font_default) ++ if (vc->vc_sw->con_font_default) { ++ if (vc_is_sel(vc)) ++ clear_selection(); + rc = vc->vc_sw->con_font_default(vc, &font, s); +- else ++ } else + rc = -ENOSYS; + console_unlock(); + if (!rc) {