From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 26 May 2022 12:05:36 +0000 (+0200)
Subject: 4.19-stable patches
X-Git-Tag: v5.18.1~27
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c53dee09bd38dac5bc0226dda72e3437d41b0780;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch
	x86-pci-xen-disable-pci-msi-masking-for-xen_hvm-guests.patch
---

diff --git a/queue-4.19/series b/queue-4.19/series
index e69de29bb2d..a3dddf37ed8 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -0,0 +1,2 @@
+x86-pci-xen-disable-pci-msi-masking-for-xen_hvm-guests.patch
+staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch
diff --git a/queue-4.19/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch b/queue-4.19/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch
new file mode 100644
index 00000000000..955fb124f22
--- /dev/null
+++ b/queue-4.19/staging-rtl8723bs-prevent-ssid-overflow-in-rtw_wx_set_scan.patch
@@ -0,0 +1,37 @@
+From efremov@linux.com  Thu May 26 14:03:14 2022
+From: "Denis Efremov (Oracle)" <efremov@linux.com>
+Date: Mon, 23 May 2022 21:39:43 +0400
+Subject: staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
+To: gregkh@linuxfoundation.org
+Cc: "Denis Efremov (Oracle)" <efremov@linux.com>, Larry.Finger@lwfinger.net, phil@philpotter.co.uk, dan.carpenter@oracle.com, straube.linux@gmail.com, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org, stable <stable@vger.kernel.org>
+Message-ID: <20220523173943.12486-1-efremov@linux.com>
+
+From: "Denis Efremov (Oracle)" <efremov@linux.com>
+
+This code has a check to prevent read overflow but it needs another
+check to prevent writing beyond the end of the ->Ssid[] array.
+
+Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Denis Efremov (Oracle) <efremov@linux.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/rtl8723bs/os_dep/ioctl_linux.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c
++++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c
+@@ -1359,9 +1359,11 @@ static int rtw_wx_set_scan(struct net_de
+ 
+ 					sec_len = *(pos++); len-= 1;
+ 
+-					if (sec_len>0 && sec_len<=len) {
++					if (sec_len > 0 &&
++					    sec_len <= len &&
++					    sec_len <= 32) {
+ 						ssid[ssid_index].SsidLength = sec_len;
+-						memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength);
++						memcpy(ssid[ssid_index].Ssid, pos, sec_len);
+ 						/* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */
+ 						/* 	, ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */
+ 						ssid_index++;
diff --git a/queue-4.19/x86-pci-xen-disable-pci-msi-masking-for-xen_hvm-guests.patch b/queue-4.19/x86-pci-xen-disable-pci-msi-masking-for-xen_hvm-guests.patch
new file mode 100644
index 00000000000..8b31035c02d
--- /dev/null
+++ b/queue-4.19/x86-pci-xen-disable-pci-msi-masking-for-xen_hvm-guests.patch
@@ -0,0 +1,51 @@
+From 7e0815b3e09986d2fe651199363e135b9358132a Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 28 Apr 2022 15:50:54 +0200
+Subject: x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 7e0815b3e09986d2fe651199363e135b9358132a upstream.
+
+When a XEN_HVM guest uses the XEN PIRQ/Eventchannel mechanism, then
+PCI/MSI[-X] masking is solely controlled by the hypervisor, but contrary to
+XEN_PV guests this does not disable PCI/MSI[-X] masking in the PCI/MSI
+layer.
+
+This can lead to a situation where the PCI/MSI layer masks an MSI[-X]
+interrupt and the hypervisor grants the write despite the fact that it
+already requested the interrupt. As a consequence interrupt delivery on the
+affected device is not happening ever.
+
+Set pci_msi_ignore_mask to prevent that like it's done for XEN_PV guests
+already.
+
+Fixes: 809f9267bbab ("xen: map MSIs into pirqs")
+Reported-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
+Reported-by: Dusty Mabe <dustymabe@redhat.com>
+Reported-by: Salvatore Bonaccorso <carnil@debian.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: Noah Meyerhans <noahm@debian.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/87tuaduxj5.ffs@tglx
+[nmeyerha@amazon.com: backported to 4.19]
+Signed-off-by: Noah Meyerhans <nmeyerha@amazon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/pci/xen.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/arch/x86/pci/xen.c
++++ b/arch/x86/pci/xen.c
+@@ -441,6 +441,11 @@ void __init xen_msi_init(void)
+ 
+ 	x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs;
+ 	x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
++	/*
++	 * With XEN PIRQ/Eventchannels in use PCI/MSI[-X] masking is solely
++	 * controlled by the hypervisor.
++	 */
++	pci_msi_ignore_mask = 1;
+ }
+ #endif
+