From: Greg Kroah-Hartman Date: Sat, 5 Feb 2022 13:32:17 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v5.10.98~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d5b56768b916cbfe8bf27b0eefa4643c7bd6bb75;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: alsa-hda-realtek-add-missing-fixup-model-entry-for-gigabyte-x570-alc1220-quirks.patch alsa-hda-realtek-fix-silent-output-on-gigabyte-x570-aorus-xtreme-after-reboot-from-windows.patch alsa-hda-realtek-fix-silent-output-on-gigabyte-x570s-aorus-master-newer-chipset.patch asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw.patch asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw_sx.patch asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_xr_sx.patch audit-improve-audit-queue-handling-when-audit-1-on-cmdline.patch block-bio-integrity-advance-seed-correctly-for-larger-interval-sizes.patch drm-nouveau-fix-off-by-one-in-bios-boundary-checking.patch --- diff --git a/queue-4.19/alsa-hda-realtek-add-missing-fixup-model-entry-for-gigabyte-x570-alc1220-quirks.patch b/queue-4.19/alsa-hda-realtek-add-missing-fixup-model-entry-for-gigabyte-x570-alc1220-quirks.patch new file mode 100644 index 00000000000..d317af07d93 --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-add-missing-fixup-model-entry-for-gigabyte-x570-alc1220-quirks.patch @@ -0,0 +1,32 @@ +From 63394a16086fc2152869d7902621e2525e14bc40 Mon Sep 17 00:00:00 2001 +From: Christian Lachner +Date: Sat, 29 Jan 2022 12:32:41 +0100 +Subject: ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks + +From: Christian Lachner + +commit 63394a16086fc2152869d7902621e2525e14bc40 upstream. + +The initial commit of the new Gigabyte X570 ALC1220 quirks lacked the +fixup-model entry in alc882_fixup_models[]. It seemed not to cause any ill +effects but for completeness sake this commit makes up for that. + +Signed-off-by: Christian Lachner +Cc: +Link: https://lore.kernel.org/r/20220129113243.93068-2-gladiac@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -2607,6 +2607,7 @@ static const struct hda_model_fixup alc8 + {.id = ALC882_FIXUP_NO_PRIMARY_HP, .name = "no-primary-hp"}, + {.id = ALC887_FIXUP_ASUS_BASS, .name = "asus-bass"}, + {.id = ALC1220_FIXUP_GB_DUAL_CODECS, .name = "dual-codecs"}, ++ {.id = ALC1220_FIXUP_GB_X570, .name = "gb-x570"}, + {.id = ALC1220_FIXUP_CLEVO_P950, .name = "clevo-p950"}, + {} + }; diff --git a/queue-4.19/alsa-hda-realtek-fix-silent-output-on-gigabyte-x570-aorus-xtreme-after-reboot-from-windows.patch b/queue-4.19/alsa-hda-realtek-fix-silent-output-on-gigabyte-x570-aorus-xtreme-after-reboot-from-windows.patch new file mode 100644 index 00000000000..d24b5afa351 --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-fix-silent-output-on-gigabyte-x570-aorus-xtreme-after-reboot-from-windows.patch @@ -0,0 +1,34 @@ +From ea3541961376f733373839cc90493aafa8a7f733 Mon Sep 17 00:00:00 2001 +From: Christian Lachner +Date: Sat, 29 Jan 2022 12:32:43 +0100 +Subject: ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows + +From: Christian Lachner + +commit ea3541961376f733373839cc90493aafa8a7f733 upstream. + +This commit switches the Gigabyte X570 Aorus Xtreme from using the +ALC1220_FIXUP_CLEVO_P950 to the ALC1220_FIXUP_GB_X570 quirk. This fixes +the no-audio after reboot from windows problem. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=205275 +Signed-off-by: Christian Lachner +Cc: +Link: https://lore.kernel.org/r/20220129113243.93068-4-gladiac@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -2533,7 +2533,7 @@ static const struct snd_pci_quirk alc882 + SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE), + SND_PCI_QUIRK(0x1458, 0xa0b8, "Gigabyte AZ370-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS), + SND_PCI_QUIRK(0x1458, 0xa0cd, "Gigabyte X570 Aorus Master", ALC1220_FIXUP_GB_X570), +- SND_PCI_QUIRK(0x1458, 0xa0ce, "Gigabyte X570 Aorus Xtreme", ALC1220_FIXUP_CLEVO_P950), ++ SND_PCI_QUIRK(0x1458, 0xa0ce, "Gigabyte X570 Aorus Xtreme", ALC1220_FIXUP_GB_X570), + SND_PCI_QUIRK(0x1458, 0xa0d5, "Gigabyte X570S Aorus Master", ALC1220_FIXUP_GB_X570), + SND_PCI_QUIRK(0x1462, 0x11f7, "MSI-GE63", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1462, 0x1228, "MSI-GP63", ALC1220_FIXUP_CLEVO_P950), diff --git a/queue-4.19/alsa-hda-realtek-fix-silent-output-on-gigabyte-x570s-aorus-master-newer-chipset.patch b/queue-4.19/alsa-hda-realtek-fix-silent-output-on-gigabyte-x570s-aorus-master-newer-chipset.patch new file mode 100644 index 00000000000..3989ad3f5c9 --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-fix-silent-output-on-gigabyte-x570s-aorus-master-newer-chipset.patch @@ -0,0 +1,51 @@ +From 41a8601302ecbe704ac970552c33dc942300fc37 Mon Sep 17 00:00:00 2001 +From: Christian Lachner +Date: Sat, 29 Jan 2022 12:32:42 +0100 +Subject: ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) + +From: Christian Lachner + +commit 41a8601302ecbe704ac970552c33dc942300fc37 upstream. + +Newer versions of the X570 Master come with a newer revision of the +mainboard chipset - the X570S. These boards have the same ALC1220 codec +but seem to initialize the codec with a different parameter in Coef 0x7 +which causes the output audio to be very low. We therefore write a +known-good value to Coef 0x7 to fix that. As the value is the exact same +as on the other X570(non-S) boards the same quirk-function can be shared +between both generations. + +This commit adds the Gigabyte X570S Aorus Master to the list of boards +using the ALC1220_FIXUP_GB_X570 quirk. This fixes both, the silent output +and the no-audio after reboot from windows problems. + +This work has been tested by the folks over at the level1techs forum here: +https://forum.level1techs.com/t/has-anybody-gotten-audio-working-in-linux-on-aorus-x570-master/154072 + +Signed-off-by: Christian Lachner +Cc: +Link: https://lore.kernel.org/r/20220129113243.93068-3-gladiac@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -2106,6 +2106,7 @@ static void alc1220_fixup_gb_x570(struct + { + static const hda_nid_t conn1[] = { 0x0c }; + static const struct coef_fw gb_x570_coefs[] = { ++ WRITE_COEF(0x07, 0x03c0), + WRITE_COEF(0x1a, 0x01c1), + WRITE_COEF(0x1b, 0x0202), + WRITE_COEF(0x43, 0x3005), +@@ -2533,6 +2534,7 @@ static const struct snd_pci_quirk alc882 + SND_PCI_QUIRK(0x1458, 0xa0b8, "Gigabyte AZ370-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS), + SND_PCI_QUIRK(0x1458, 0xa0cd, "Gigabyte X570 Aorus Master", ALC1220_FIXUP_GB_X570), + SND_PCI_QUIRK(0x1458, 0xa0ce, "Gigabyte X570 Aorus Xtreme", ALC1220_FIXUP_CLEVO_P950), ++ SND_PCI_QUIRK(0x1458, 0xa0d5, "Gigabyte X570S Aorus Master", ALC1220_FIXUP_GB_X570), + SND_PCI_QUIRK(0x1462, 0x11f7, "MSI-GE63", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1462, 0x1228, "MSI-GP63", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1462, 0x1229, "MSI-GP73", ALC1220_FIXUP_CLEVO_P950), diff --git a/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw.patch b/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw.patch new file mode 100644 index 00000000000..4c6ebf00c3d --- /dev/null +++ b/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw.patch @@ -0,0 +1,54 @@ +From 817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Mon, 24 Jan 2022 15:32:51 +0000 +Subject: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() + +From: Mark Brown + +commit 817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0 upstream. + +We don't currently validate that the values being set are within the range +we advertised to userspace as being valid, do so and reject any values +that are out of range. + +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20220124153253.3548853-2-broonie@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/soc-ops.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +--- a/sound/soc/soc-ops.c ++++ b/sound/soc/soc-ops.c +@@ -322,13 +322,27 @@ int snd_soc_put_volsw(struct snd_kcontro + if (sign_bit) + mask = BIT(sign_bit + 1) - 1; + +- val = ((ucontrol->value.integer.value[0] + min) & mask); ++ val = ucontrol->value.integer.value[0]; ++ if (mc->platform_max && val > mc->platform_max) ++ return -EINVAL; ++ if (val > max - min) ++ return -EINVAL; ++ if (val < 0) ++ return -EINVAL; ++ val = (val + min) & mask; + if (invert) + val = max - val; + val_mask = mask << shift; + val = val << shift; + if (snd_soc_volsw_is_stereo(mc)) { +- val2 = ((ucontrol->value.integer.value[1] + min) & mask); ++ val2 = ucontrol->value.integer.value[1]; ++ if (mc->platform_max && val2 > mc->platform_max) ++ return -EINVAL; ++ if (val2 > max - min) ++ return -EINVAL; ++ if (val2 < 0) ++ return -EINVAL; ++ val2 = (val2 + min) & mask; + if (invert) + val2 = max - val2; + if (reg == reg2) { diff --git a/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw_sx.patch b/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw_sx.patch new file mode 100644 index 00000000000..32cfddd7cc1 --- /dev/null +++ b/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw_sx.patch @@ -0,0 +1,41 @@ +From 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Mon, 24 Jan 2022 15:32:52 +0000 +Subject: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() + +From: Mark Brown + +commit 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e upstream. + +We don't currently validate that the values being set are within the range +we advertised to userspace as being valid, do so and reject any values +that are out of range. + +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20220124153253.3548853-3-broonie@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/soc-ops.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/sound/soc/soc-ops.c ++++ b/sound/soc/soc-ops.c +@@ -436,8 +436,15 @@ int snd_soc_put_volsw_sx(struct snd_kcon + int err = 0; + unsigned int val, val_mask, val2 = 0; + ++ val = ucontrol->value.integer.value[0]; ++ if (mc->platform_max && val > mc->platform_max) ++ return -EINVAL; ++ if (val > max - min) ++ return -EINVAL; ++ if (val < 0) ++ return -EINVAL; + val_mask = mask << shift; +- val = (ucontrol->value.integer.value[0] + min) & mask; ++ val = (val + min) & mask; + val = val << shift; + + err = snd_soc_component_update_bits(component, reg, val_mask, val); diff --git a/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_xr_sx.patch b/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_xr_sx.patch new file mode 100644 index 00000000000..0490c007184 --- /dev/null +++ b/queue-4.19/asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_xr_sx.patch @@ -0,0 +1,33 @@ +From 4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Mon, 24 Jan 2022 15:32:53 +0000 +Subject: ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() + +From: Mark Brown + +commit 4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d upstream. + +We don't currently validate that the values being set are within the range +we advertised to userspace as being valid, do so and reject any values +that are out of range. + +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20220124153253.3548853-4-broonie@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/soc-ops.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/soc/soc-ops.c ++++ b/sound/soc/soc-ops.c +@@ -910,6 +910,8 @@ int snd_soc_put_xr_sx(struct snd_kcontro + unsigned int i, regval, regmask; + int err; + ++ if (val < mc->min || val > mc->max) ++ return -EINVAL; + if (invert) + val = max - val; + val &= mask; diff --git a/queue-4.19/audit-improve-audit-queue-handling-when-audit-1-on-cmdline.patch b/queue-4.19/audit-improve-audit-queue-handling-when-audit-1-on-cmdline.patch new file mode 100644 index 00000000000..1541e00c25a --- /dev/null +++ b/queue-4.19/audit-improve-audit-queue-handling-when-audit-1-on-cmdline.patch @@ -0,0 +1,207 @@ +From f26d04331360d42dbd6b58448bd98e4edbfbe1c5 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Thu, 13 Jan 2022 18:54:38 -0500 +Subject: audit: improve audit queue handling when "audit=1" on cmdline + +From: Paul Moore + +commit f26d04331360d42dbd6b58448bd98e4edbfbe1c5 upstream. + +When an admin enables audit at early boot via the "audit=1" kernel +command line the audit queue behavior is slightly different; the +audit subsystem goes to greater lengths to avoid dropping records, +which unfortunately can result in problems when the audit daemon is +forcibly stopped for an extended period of time. + +This patch makes a number of changes designed to improve the audit +queuing behavior so that leaving the audit daemon in a stopped state +for an extended period does not cause a significant impact to the +system. + +- kauditd_send_queue() is now limited to looping through the + passed queue only once per call. This not only prevents the + function from looping indefinitely when records are returned + to the current queue, it also allows any recovery handling in + kauditd_thread() to take place when kauditd_send_queue() + returns. + +- Transient netlink send errors seen as -EAGAIN now cause the + record to be returned to the retry queue instead of going to + the hold queue. The intention of the hold queue is to store, + perhaps for an extended period of time, the events which led + up to the audit daemon going offline. The retry queue remains + a temporary queue intended to protect against transient issues + between the kernel and the audit daemon. + +- The retry queue is now limited by the audit_backlog_limit + setting, the same as the other queues. This allows admins + to bound the size of all of the audit queues on the system. + +- kauditd_rehold_skb() now returns records to the end of the + hold queue to ensure ordering is preserved in the face of + recent changes to kauditd_send_queue(). + +Cc: stable@vger.kernel.org +Fixes: 5b52330bbfe63 ("audit: fix auditd/kernel connection state tracking") +Fixes: f4b3ee3c85551 ("audit: improve robustness of the audit queue handling") +Reported-by: Gaosheng Cui +Tested-by: Gaosheng Cui +Reviewed-by: Richard Guy Briggs +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + kernel/audit.c | 62 +++++++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 43 insertions(+), 19 deletions(-) + +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -549,20 +549,22 @@ static void kauditd_printk_skb(struct sk + /** + * kauditd_rehold_skb - Handle a audit record send failure in the hold queue + * @skb: audit record ++ * @error: error code (unused) + * + * Description: + * This should only be used by the kauditd_thread when it fails to flush the + * hold queue. + */ +-static void kauditd_rehold_skb(struct sk_buff *skb) ++static void kauditd_rehold_skb(struct sk_buff *skb, __always_unused int error) + { +- /* put the record back in the queue at the same place */ +- skb_queue_head(&audit_hold_queue, skb); ++ /* put the record back in the queue */ ++ skb_queue_tail(&audit_hold_queue, skb); + } + + /** + * kauditd_hold_skb - Queue an audit record, waiting for auditd + * @skb: audit record ++ * @error: error code + * + * Description: + * Queue the audit record, waiting for an instance of auditd. When this +@@ -572,19 +574,31 @@ static void kauditd_rehold_skb(struct sk + * and queue it, if we have room. If we want to hold on to the record, but we + * don't have room, record a record lost message. + */ +-static void kauditd_hold_skb(struct sk_buff *skb) ++static void kauditd_hold_skb(struct sk_buff *skb, int error) + { + /* at this point it is uncertain if we will ever send this to auditd so + * try to send the message via printk before we go any further */ + kauditd_printk_skb(skb); + + /* can we just silently drop the message? */ +- if (!audit_default) { +- kfree_skb(skb); +- return; ++ if (!audit_default) ++ goto drop; ++ ++ /* the hold queue is only for when the daemon goes away completely, ++ * not -EAGAIN failures; if we are in a -EAGAIN state requeue the ++ * record on the retry queue unless it's full, in which case drop it ++ */ ++ if (error == -EAGAIN) { ++ if (!audit_backlog_limit || ++ skb_queue_len(&audit_retry_queue) < audit_backlog_limit) { ++ skb_queue_tail(&audit_retry_queue, skb); ++ return; ++ } ++ audit_log_lost("kauditd retry queue overflow"); ++ goto drop; + } + +- /* if we have room, queue the message */ ++ /* if we have room in the hold queue, queue the message */ + if (!audit_backlog_limit || + skb_queue_len(&audit_hold_queue) < audit_backlog_limit) { + skb_queue_tail(&audit_hold_queue, skb); +@@ -593,24 +607,32 @@ static void kauditd_hold_skb(struct sk_b + + /* we have no other options - drop the message */ + audit_log_lost("kauditd hold queue overflow"); ++drop: + kfree_skb(skb); + } + + /** + * kauditd_retry_skb - Queue an audit record, attempt to send again to auditd + * @skb: audit record ++ * @error: error code (unused) + * + * Description: + * Not as serious as kauditd_hold_skb() as we still have a connected auditd, + * but for some reason we are having problems sending it audit records so + * queue the given record and attempt to resend. + */ +-static void kauditd_retry_skb(struct sk_buff *skb) ++static void kauditd_retry_skb(struct sk_buff *skb, __always_unused int error) + { +- /* NOTE: because records should only live in the retry queue for a +- * short period of time, before either being sent or moved to the hold +- * queue, we don't currently enforce a limit on this queue */ +- skb_queue_tail(&audit_retry_queue, skb); ++ if (!audit_backlog_limit || ++ skb_queue_len(&audit_retry_queue) < audit_backlog_limit) { ++ skb_queue_tail(&audit_retry_queue, skb); ++ return; ++ } ++ ++ /* we have to drop the record, send it via printk as a last effort */ ++ kauditd_printk_skb(skb); ++ audit_log_lost("kauditd retry queue overflow"); ++ kfree_skb(skb); + } + + /** +@@ -648,7 +670,7 @@ static void auditd_reset(const struct au + /* flush the retry queue to the hold queue, but don't touch the main + * queue since we need to process that normally for multicast */ + while ((skb = skb_dequeue(&audit_retry_queue))) +- kauditd_hold_skb(skb); ++ kauditd_hold_skb(skb, -ECONNREFUSED); + } + + /** +@@ -722,16 +744,18 @@ static int kauditd_send_queue(struct soc + struct sk_buff_head *queue, + unsigned int retry_limit, + void (*skb_hook)(struct sk_buff *skb), +- void (*err_hook)(struct sk_buff *skb)) ++ void (*err_hook)(struct sk_buff *skb, int error)) + { + int rc = 0; +- struct sk_buff *skb; ++ struct sk_buff *skb = NULL; ++ struct sk_buff *skb_tail; + unsigned int failed = 0; + + /* NOTE: kauditd_thread takes care of all our locking, we just use + * the netlink info passed to us (e.g. sk and portid) */ + +- while ((skb = skb_dequeue(queue))) { ++ skb_tail = skb_peek_tail(queue); ++ while ((skb != skb_tail) && (skb = skb_dequeue(queue))) { + /* call the skb_hook for each skb we touch */ + if (skb_hook) + (*skb_hook)(skb); +@@ -739,7 +763,7 @@ static int kauditd_send_queue(struct soc + /* can we send to anyone via unicast? */ + if (!sk) { + if (err_hook) +- (*err_hook)(skb); ++ (*err_hook)(skb, -ECONNREFUSED); + continue; + } + +@@ -753,7 +777,7 @@ retry: + rc == -ECONNREFUSED || rc == -EPERM) { + sk = NULL; + if (err_hook) +- (*err_hook)(skb); ++ (*err_hook)(skb, rc); + if (rc == -EAGAIN) + rc = 0; + /* continue to drain the queue */ diff --git a/queue-4.19/block-bio-integrity-advance-seed-correctly-for-larger-interval-sizes.patch b/queue-4.19/block-bio-integrity-advance-seed-correctly-for-larger-interval-sizes.patch new file mode 100644 index 00000000000..574977e1915 --- /dev/null +++ b/queue-4.19/block-bio-integrity-advance-seed-correctly-for-larger-interval-sizes.patch @@ -0,0 +1,43 @@ +From b13e0c71856817fca67159b11abac350e41289f5 Mon Sep 17 00:00:00 2001 +From: "Martin K. Petersen" +Date: Thu, 3 Feb 2022 22:42:09 -0500 +Subject: block: bio-integrity: Advance seed correctly for larger interval sizes + +From: Martin K. Petersen + +commit b13e0c71856817fca67159b11abac350e41289f5 upstream. + +Commit 309a62fa3a9e ("bio-integrity: bio_integrity_advance must update +integrity seed") added code to update the integrity seed value when +advancing a bio. However, it failed to take into account that the +integrity interval might be larger than the 512-byte block layer +sector size. This broke bio splitting on PI devices with 4KB logical +blocks. + +The seed value should be advanced by bio_integrity_intervals() and not +the number of sectors. + +Cc: Dmitry Monakhov +Cc: stable@vger.kernel.org +Fixes: 309a62fa3a9e ("bio-integrity: bio_integrity_advance must update integrity seed") +Tested-by: Dmitry Ivanov +Reported-by: Alexey Lyashkov +Signed-off-by: Martin K. Petersen +Link: https://lore.kernel.org/r/20220204034209.4193-1-martin.petersen@oracle.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + block/bio-integrity.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/block/bio-integrity.c ++++ b/block/bio-integrity.c +@@ -399,7 +399,7 @@ void bio_integrity_advance(struct bio *b + struct blk_integrity *bi = blk_get_integrity(bio->bi_disk); + unsigned bytes = bio_integrity_bytes(bi, bytes_done >> 9); + +- bip->bip_iter.bi_sector += bytes_done >> 9; ++ bip->bip_iter.bi_sector += bio_integrity_intervals(bi, bytes_done >> 9); + bvec_iter_advance(bip->bip_vec, &bip->bip_iter, bytes); + } + EXPORT_SYMBOL(bio_integrity_advance); diff --git a/queue-4.19/drm-nouveau-fix-off-by-one-in-bios-boundary-checking.patch b/queue-4.19/drm-nouveau-fix-off-by-one-in-bios-boundary-checking.patch new file mode 100644 index 00000000000..7c0f03776fc --- /dev/null +++ b/queue-4.19/drm-nouveau-fix-off-by-one-in-bios-boundary-checking.patch @@ -0,0 +1,42 @@ +From 1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a Mon Sep 17 00:00:00 2001 +From: Nick Lopez +Date: Sat, 22 Jan 2022 01:19:06 -0700 +Subject: drm/nouveau: fix off by one in BIOS boundary checking + +From: Nick Lopez + +commit 1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a upstream. + +Bounds checking when parsing init scripts embedded in the BIOS reject +access to the last byte. This causes driver initialization to fail on +Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working +console. + +This is probably only seen on OpenFirmware machines like PowerPC Macs +because the BIOS image provided by OF is only the used parts of the ROM, +not a power-of-two blocks read from PCI directly so PCs always have +empty bytes at the end that are never accessed. + +Signed-off-by: Nick Lopez +Fixes: 4d4e9907ff572 ("drm/nouveau/bios: guard against out-of-bounds accesses to image") +Cc: # v4.10+ +Reviewed-by: Ilia Mirkin +Reviewed-by: Karol Herbst +Signed-off-by: Karol Herbst +Link: https://patchwork.freedesktop.org/patch/msgid/20220122081906.2633061-1-github@glowingmonkey.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c +@@ -38,7 +38,7 @@ nvbios_addr(struct nvkm_bios *bios, u32 + *addr += bios->imaged_addr; + } + +- if (unlikely(*addr + size >= bios->size)) { ++ if (unlikely(*addr + size > bios->size)) { + nvkm_error(&bios->subdev, "OOB %d %08x %08x\n", size, p, *addr); + return false; + } diff --git a/queue-4.19/series b/queue-4.19/series index 43d023da1ea..f8446e4f87d 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -51,3 +51,12 @@ net-amd-xgbe-ensure-to-reset-the-tx_timer_active-flag.patch net-amd-xgbe-fix-skb-data-length-underflow.patch rtnetlink-make-sure-to-refresh-master_dev-m_ops-in-__rtnl_newlink.patch af_packet-fix-data-race-in-packet_setsockopt-packet_setsockopt.patch +audit-improve-audit-queue-handling-when-audit-1-on-cmdline.patch +asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw.patch +asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw_sx.patch +asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_xr_sx.patch +alsa-hda-realtek-add-missing-fixup-model-entry-for-gigabyte-x570-alc1220-quirks.patch +alsa-hda-realtek-fix-silent-output-on-gigabyte-x570s-aorus-master-newer-chipset.patch +alsa-hda-realtek-fix-silent-output-on-gigabyte-x570-aorus-xtreme-after-reboot-from-windows.patch +drm-nouveau-fix-off-by-one-in-bios-boundary-checking.patch +block-bio-integrity-advance-seed-correctly-for-larger-interval-sizes.patch