From: Greg Kroah-Hartman Date: Fri, 18 Feb 2022 09:20:15 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.9.303~71 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d2c8969f624c72832f1b2ac29f148c9d08c8ab1d;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: drm-i915-opregion-check-port-number-bounds-for-swsci-display-power-state.patch drm-radeon-fix-backlight-control-on-imac-12-1.patch iwlwifi-fix-use-after-free.patch kbuild-lto-merge-module-sections-if-and-only-if-config_lto_clang-is-enabled.patch kbuild-lto-merge-module-sections.patch --- diff --git a/queue-5.10/drm-i915-opregion-check-port-number-bounds-for-swsci-display-power-state.patch b/queue-5.10/drm-i915-opregion-check-port-number-bounds-for-swsci-display-power-state.patch new file mode 100644 index 00000000000..b6d74c45790 --- /dev/null +++ b/queue-5.10/drm-i915-opregion-check-port-number-bounds-for-swsci-display-power-state.patch @@ -0,0 +1,62 @@ +From ea958422291de248b9e2eaaeea36004e84b64043 Mon Sep 17 00:00:00 2001 +From: Jani Nikula +Date: Thu, 10 Feb 2022 12:36:42 +0200 +Subject: drm/i915/opregion: check port number bounds for SWSCI display power state +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jani Nikula + +commit ea958422291de248b9e2eaaeea36004e84b64043 upstream. + +The mapping from enum port to whatever port numbering scheme is used by +the SWSCI Display Power State Notification is odd, and the memory of it +has faded. In any case, the parameter only has space for ports numbered +[0..4], and UBSAN reports bit shift beyond it when the platform has port +F or more. + +Since the SWSCI functionality is supposed to be obsolete for new +platforms (i.e. ones that might have port F or more), just bail out +early if the mapped and mangled port number is beyond what the Display +Power State Notification can support. + +Fixes: 9c4b0a683193 ("drm/i915: add opregion function to notify bios of encoder enable/disable") +Cc: # v3.13+ +Cc: Ville Syrjälä +Cc: Lucas De Marchi +Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/4800 +Signed-off-by: Jani Nikula +Reviewed-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/cc363f42d6b5a5932b6d218fefcc8bdfb15dbbe5.1644489329.git.jani.nikula@intel.com +(cherry picked from commit 24a644ebbfd3b13cda702f98907f9dd123e34bf9) +Signed-off-by: Tvrtko Ursulin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/display/intel_opregion.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +--- a/drivers/gpu/drm/i915/display/intel_opregion.c ++++ b/drivers/gpu/drm/i915/display/intel_opregion.c +@@ -361,6 +361,21 @@ int intel_opregion_notify_encoder(struct + port++; + } + ++ /* ++ * The port numbering and mapping here is bizarre. The now-obsolete ++ * swsci spec supports ports numbered [0..4]. Port E is handled as a ++ * special case, but port F and beyond are not. The functionality is ++ * supposed to be obsolete for new platforms. Just bail out if the port ++ * number is out of bounds after mapping. ++ */ ++ if (port > 4) { ++ drm_dbg_kms(&dev_priv->drm, ++ "[ENCODER:%d:%s] port %c (index %u) out of bounds for display power state notification\n", ++ intel_encoder->base.base.id, intel_encoder->base.name, ++ port_name(intel_encoder->port), port); ++ return -EINVAL; ++ } ++ + if (!enable) + parm |= 4 << 8; + diff --git a/queue-5.10/drm-radeon-fix-backlight-control-on-imac-12-1.patch b/queue-5.10/drm-radeon-fix-backlight-control-on-imac-12-1.patch new file mode 100644 index 00000000000..fdae713cbbb --- /dev/null +++ b/queue-5.10/drm-radeon-fix-backlight-control-on-imac-12-1.patch @@ -0,0 +1,33 @@ +From 364438fd629f7611a84c8e6d7de91659300f1502 Mon Sep 17 00:00:00 2001 +From: Nicholas Bishop +Date: Fri, 11 Feb 2022 14:57:39 -0500 +Subject: drm/radeon: Fix backlight control on iMac 12,1 + +From: Nicholas Bishop + +commit 364438fd629f7611a84c8e6d7de91659300f1502 upstream. + +The iMac 12,1 does not use the gmux driver for backlight, so the radeon +backlight device is needed to set the brightness. + +Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1838 +Signed-off-by: Nicholas Bishop +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/radeon/atombios_encoders.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/radeon/atombios_encoders.c ++++ b/drivers/gpu/drm/radeon/atombios_encoders.c +@@ -197,7 +197,8 @@ void radeon_atom_backlight_init(struct r + * so don't register a backlight device + */ + if ((rdev->pdev->subsystem_vendor == PCI_VENDOR_ID_APPLE) && +- (rdev->pdev->device == 0x6741)) ++ (rdev->pdev->device == 0x6741) && ++ !dmi_match(DMI_PRODUCT_NAME, "iMac12,1")) + return; + + if (!radeon_encoder->enc_priv) diff --git a/queue-5.10/iwlwifi-fix-use-after-free.patch b/queue-5.10/iwlwifi-fix-use-after-free.patch new file mode 100644 index 00000000000..0a534951e2f --- /dev/null +++ b/queue-5.10/iwlwifi-fix-use-after-free.patch @@ -0,0 +1,48 @@ +From bea2662e7818e15d7607d17d57912ac984275d94 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Tue, 8 Feb 2022 11:47:30 +0100 +Subject: iwlwifi: fix use-after-free +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Johannes Berg + +commit bea2662e7818e15d7607d17d57912ac984275d94 upstream. + +If no firmware was present at all (or, presumably, all of the +firmware files failed to parse), we end up unbinding by calling +device_release_driver(), which calls remove(), which then in +iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However +the new code I added will still erroneously access it after it +was freed. + +Set 'failure=false' in this case to avoid the access, all data +was already freed anyway. + +Cc: stable@vger.kernel.org +Reported-by: Stefan Agner +Reported-by: Wolfgang Walter +Reported-by: Jason Self +Reported-by: Dominik Behr +Reported-by: Marek Marczykowski-Górecki +Fixes: ab07506b0454 ("iwlwifi: fix leaks/bad data after failed firmware load") +Signed-off-by: Johannes Berg +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20220208114728.e6b514cf4c85.Iffb575ca2a623d7859b542c33b2a507d01554251@changeid +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c ++++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c +@@ -1646,6 +1646,8 @@ static void iwl_req_fw_callback(const st + out_unbind: + complete(&drv->request_firmware_complete); + device_release_driver(drv->trans->dev); ++ /* drv has just been freed by the release */ ++ failure = false; + free: + if (failure) + iwl_dealloc_ucode(drv); diff --git a/queue-5.10/kbuild-lto-merge-module-sections-if-and-only-if-config_lto_clang-is-enabled.patch b/queue-5.10/kbuild-lto-merge-module-sections-if-and-only-if-config_lto_clang-is-enabled.patch new file mode 100644 index 00000000000..c04a8e2697d --- /dev/null +++ b/queue-5.10/kbuild-lto-merge-module-sections-if-and-only-if-config_lto_clang-is-enabled.patch @@ -0,0 +1,52 @@ +From 6a3193cdd5e5b96ac65f04ee42555c216da332af Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Mon, 22 Mar 2021 16:44:38 -0700 +Subject: kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG is enabled + +From: Sean Christopherson + +commit 6a3193cdd5e5b96ac65f04ee42555c216da332af upstream. + +Merge module sections only when using Clang LTO. With ld.bfd, merging +sections does not appear to update the symbol tables for the module, +e.g. 'readelf -s' shows the value that a symbol would have had, if +sections were not merged. ld.lld does not show this problem. + +The stale symbol table breaks gdb's function disassembler, and presumably +other things, e.g. + + gdb -batch -ex "file arch/x86/kvm/kvm.ko" -ex "disassemble kvm_init" + +reads the wrong bytes and dumps garbage. + +Fixes: dd2776222abb ("kbuild: lto: merge module sections") +Cc: Nick Desaulniers +Signed-off-by: Sean Christopherson +Reviewed-by: Sami Tolvanen +Tested-by: Sami Tolvanen +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20210322234438.502582-1-seanjc@google.com +Cc: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman +--- + scripts/module.lds.S | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/scripts/module.lds.S ++++ b/scripts/module.lds.S +@@ -26,6 +26,7 @@ SECTIONS { + + __patchable_function_entries : { *(__patchable_function_entries) } + ++#ifdef CONFIG_LTO_CLANG + /* + * With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and + * -ffunction-sections, which increases the size of the final module. +@@ -47,6 +48,7 @@ SECTIONS { + } + + .text : { *(.text .text.[0-9a-zA-Z_]*) } ++#endif + } + + /* bring in arch-specific sections */ diff --git a/queue-5.10/kbuild-lto-merge-module-sections.patch b/queue-5.10/kbuild-lto-merge-module-sections.patch new file mode 100644 index 00000000000..37320378713 --- /dev/null +++ b/queue-5.10/kbuild-lto-merge-module-sections.patch @@ -0,0 +1,57 @@ +From dd2776222abb9893e5b5c237a2c8c880d8854cee Mon Sep 17 00:00:00 2001 +From: Sami Tolvanen +Date: Fri, 11 Dec 2020 10:46:22 -0800 +Subject: kbuild: lto: merge module sections + +From: Sami Tolvanen + +commit dd2776222abb9893e5b5c237a2c8c880d8854cee upstream. + +LLD always splits sections with LTO, which increases module sizes. This +change adds linker script rules to merge the split sections in the final +module. + +Suggested-by: Nick Desaulniers +Signed-off-by: Sami Tolvanen +Reviewed-by: Kees Cook +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20201211184633.3213045-6-samitolvanen@google.com +Cc: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman +--- + scripts/module.lds.S | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +--- a/scripts/module.lds.S ++++ b/scripts/module.lds.S +@@ -23,6 +23,30 @@ SECTIONS { + .init_array 0 : ALIGN(8) { *(SORT(.init_array.*)) *(.init_array) } + + __jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) } ++ ++ __patchable_function_entries : { *(__patchable_function_entries) } ++ ++ /* ++ * With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and ++ * -ffunction-sections, which increases the size of the final module. ++ * Merge the split sections in the final binary. ++ */ ++ .bss : { ++ *(.bss .bss.[0-9a-zA-Z_]*) ++ *(.bss..L*) ++ } ++ ++ .data : { ++ *(.data .data.[0-9a-zA-Z_]*) ++ *(.data..L*) ++ } ++ ++ .rodata : { ++ *(.rodata .rodata.[0-9a-zA-Z_]*) ++ *(.rodata..L*) ++ } ++ ++ .text : { *(.text .text.[0-9a-zA-Z_]*) } + } + + /* bring in arch-specific sections */ diff --git a/queue-5.10/series b/queue-5.10/series index d0ac2852b2d..939d532d8cb 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -43,3 +43,8 @@ x86-xen-streamline-and-fix-pv-cpu-enumeration.patch revert-module-async-async_synchronize_full-on-module.patch gcc-plugins-stackleak-use-noinstr-in-favor-of-notrac.patch random-wake-up-dev-random-writers-after-zap.patch +kbuild-lto-merge-module-sections.patch +kbuild-lto-merge-module-sections-if-and-only-if-config_lto_clang-is-enabled.patch +iwlwifi-fix-use-after-free.patch +drm-radeon-fix-backlight-control-on-imac-12-1.patch +drm-i915-opregion-check-port-number-bounds-for-swsci-display-power-state.patch