From: Sasha Levin Date: Fri, 28 Aug 2020 04:35:16 +0000 (-0400) Subject: Fixes for 4.9 X-Git-Tag: v4.4.235~67 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d649edd9212943626cdd5e48f7bb6bb83851e4ab;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.9 Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/efi-provide-empty-efi_enter_virtual_mode-implementat.patch b/queue-4.9/efi-provide-empty-efi_enter_virtual_mode-implementat.patch new file mode 100644 index 00000000000..8e0fde9bb1d --- /dev/null +++ b/queue-4.9/efi-provide-empty-efi_enter_virtual_mode-implementat.patch @@ -0,0 +1,52 @@ +From ac405badae16fa2704c7a7022d00cf3117f3ccc9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Aug 2020 23:25:01 -0700 +Subject: efi: provide empty efi_enter_virtual_mode implementation + +From: Andrey Konovalov + +[ Upstream commit 2c547f9da0539ad1f7ef7f08c8c82036d61b011a ] + +When CONFIG_EFI is not enabled, we might get an undefined reference to +efi_enter_virtual_mode() error, if this efi_enabled() call isn't inlined +into start_kernel(). This happens in particular, if start_kernel() is +annodated with __no_sanitize_address. + +Reported-by: kernel test robot +Signed-off-by: Andrey Konovalov +Signed-off-by: Andrew Morton +Acked-by: Ard Biesheuvel +Cc: Alexander Potapenko +Cc: Andrey Ryabinin +Cc: Catalin Marinas +Cc: Dmitry Vyukov +Cc: Elena Petrova +Cc: Marco Elver +Cc: Vincenzo Frascino +Cc: Walter Wu +Link: http://lkml.kernel.org/r/6514652d3a32d3ed33d6eb5c91d0af63bf0d1a0c.1596544734.git.andreyknvl@google.com +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + include/linux/efi.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 02c4f16685b69..69605956beb85 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -910,7 +910,11 @@ extern void *efi_get_pal_addr (void); + extern void efi_map_pal_code (void); + extern void efi_memmap_walk (efi_freemem_callback_t callback, void *arg); + extern void efi_gettimeofday (struct timespec64 *ts); ++#ifdef CONFIG_EFI + extern void efi_enter_virtual_mode (void); /* switch EFI to virtual mode, if possible */ ++#else ++static inline void efi_enter_virtual_mode (void) {} ++#endif + #ifdef CONFIG_X86 + extern void efi_late_init(void); + extern void efi_free_boot_services(void); +-- +2.25.1 + diff --git a/queue-4.9/kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch b/queue-4.9/kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch new file mode 100644 index 00000000000..018dff24133 --- /dev/null +++ b/queue-4.9/kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch @@ -0,0 +1,42 @@ +From 45a80af1c8dcf82421e42a52e08a161be279b8bf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Jun 2020 14:14:06 +0100 +Subject: KVM: arm64: Fix symbol dependency in __hyp_call_panic_nvhe + +From: David Brazdil + +[ Upstream commit b38b298aa4397e2dc74a89b4dd3eac9e59b64c96 ] + +__hyp_call_panic_nvhe contains inline assembly which did not declare +its dependency on the __hyp_panic_string symbol. + +The static-declared string has previously been kept alive because of a use in +__hyp_call_panic_vhe. Fix this in preparation for separating the source files +between VHE and nVHE when the two users land in two different compilation +units. The static variable otherwise gets dropped when compiling the nVHE +source file, causing an undefined symbol linker error later. + +Signed-off-by: David Brazdil +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20200625131420.71444-2-dbrazdil@google.com +Signed-off-by: Sasha Levin +--- + arch/arm64/kvm/hyp/switch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c +index 115b0955715f3..ed7e3a288b4e5 100644 +--- a/arch/arm64/kvm/hyp/switch.c ++++ b/arch/arm64/kvm/hyp/switch.c +@@ -412,7 +412,7 @@ static void __hyp_text __hyp_call_panic_nvhe(u64 spsr, u64 elr, u64 par, + * making sure it is a kernel address and not a PC-relative + * reference. + */ +- asm volatile("ldr %0, =__hyp_panic_string" : "=r" (str_va)); ++ asm volatile("ldr %0, =%1" : "=r" (str_va) : "S" (__hyp_panic_string)); + + __hyp_do_panic(str_va, + spsr, elr, +-- +2.25.1 + diff --git a/queue-4.9/media-davinci-vpif_capture-fix-potential-double-free.patch b/queue-4.9/media-davinci-vpif_capture-fix-potential-double-free.patch new file mode 100644 index 00000000000..76141ac8688 --- /dev/null +++ b/queue-4.9/media-davinci-vpif_capture-fix-potential-double-free.patch @@ -0,0 +1,40 @@ +From 73e9a6cc2028ca1e7f499cb9de44d8f2f54052cc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 23 Jul 2020 19:04:53 +0200 +Subject: media: davinci: vpif_capture: fix potential double free + +From: Evgeny Novikov + +[ Upstream commit 602649eadaa0c977e362e641f51ec306bc1d365d ] + +In case of errors vpif_probe_complete() releases memory for vpif_obj.sd +and unregisters the V4L2 device. But then this is done again by +vpif_probe() itself. The patch removes the cleaning from +vpif_probe_complete(). + +Found by Linux Driver Verification project (linuxtesting.org). + +Signed-off-by: Evgeny Novikov +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/davinci/vpif_capture.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/media/platform/davinci/vpif_capture.c b/drivers/media/platform/davinci/vpif_capture.c +index 5104cc0ee40e3..a3c4cc025ed6f 100644 +--- a/drivers/media/platform/davinci/vpif_capture.c ++++ b/drivers/media/platform/davinci/vpif_capture.c +@@ -1408,8 +1408,6 @@ probe_out: + /* Unregister video device */ + video_unregister_device(&ch->video_dev); + } +- kfree(vpif_obj.sd); +- v4l2_device_unregister(&vpif_obj.v4l2_dev); + + return err; + } +-- +2.25.1 + diff --git a/queue-4.9/powerpc-spufs-add-config_coredump-dependency.patch b/queue-4.9/powerpc-spufs-add-config_coredump-dependency.patch new file mode 100644 index 00000000000..01a206662a9 --- /dev/null +++ b/queue-4.9/powerpc-spufs-add-config_coredump-dependency.patch @@ -0,0 +1,47 @@ +From 164e5d44d8337fcd90ea7c997ab958d8983c606f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 6 Jul 2020 15:22:46 +0200 +Subject: powerpc/spufs: add CONFIG_COREDUMP dependency + +From: Arnd Bergmann + +[ Upstream commit b648a5132ca3237a0f1ce5d871fff342b0efcf8a ] + +The kernel test robot pointed out a slightly different error message +after recent commit 5456ffdee666 ("powerpc/spufs: simplify spufs core +dumping") to spufs for a configuration that never worked: + + powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_proxydma_info_dump': +>> file.c:(.text+0x4c68): undefined reference to `.dump_emit' + powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_dma_info_dump': + file.c:(.text+0x4d70): undefined reference to `.dump_emit' + powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_wbox_info_dump': + file.c:(.text+0x4df4): undefined reference to `.dump_emit' + +Add a Kconfig dependency to prevent this from happening again. + +Reported-by: kernel test robot +Signed-off-by: Arnd Bergmann +Acked-by: Jeremy Kerr +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200706132302.3885935-1-arnd@arndb.de +Signed-off-by: Sasha Levin +--- + arch/powerpc/platforms/cell/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/platforms/cell/Kconfig b/arch/powerpc/platforms/cell/Kconfig +index d9088f0b8fcc5..621be43433303 100644 +--- a/arch/powerpc/platforms/cell/Kconfig ++++ b/arch/powerpc/platforms/cell/Kconfig +@@ -45,6 +45,7 @@ config SPU_FS + tristate "SPU file system" + default m + depends on PPC_CELL ++ depends on COREDUMP + select SPU_BASE + select MEMORY_HOTPLUG + help +-- +2.25.1 + diff --git a/queue-4.9/series b/queue-4.9/series index 1015a6171e1..4e292cd9eae 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -30,3 +30,8 @@ scsi-iscsi-do-not-put-host-in-iscsi_set_flashnode_pa.patch ceph-fix-potential-mdsc-use-after-free-crash.patch scsi-fcoe-memory-leak-fix-in-fcoe_sysfs_fcf_del.patch edac-ie31200-fallback-if-host-bridge-device-is-alrea.patch +media-davinci-vpif_capture-fix-potential-double-free.patch +kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch +powerpc-spufs-add-config_coredump-dependency.patch +usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch +efi-provide-empty-efi_enter_virtual_mode-implementat.patch diff --git a/queue-4.9/usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch b/queue-4.9/usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch new file mode 100644 index 00000000000..cbb4a746ae5 --- /dev/null +++ b/queue-4.9/usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch @@ -0,0 +1,41 @@ +From 37ca4d5df92f669d5a81ada19fe7562a64f445c7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 11 Jul 2020 00:30:18 -0400 +Subject: USB: sisusbvga: Fix a potential UB casued by left shifting a negative + value + +From: Changming Liu + +[ Upstream commit 2b53a19284f537168fb506f2f40d7fda40a01162 ] + +The char buffer buf, receives data directly from user space, +so its content might be negative and its elements are left +shifted to form an unsigned integer. + +Since left shifting a negative value is undefined behavior, thus +change the char to u8 to elimintate this UB. + +Signed-off-by: Changming Liu +Link: https://lore.kernel.org/r/20200711043018.928-1-charley.ashbringer@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/misc/sisusbvga/sisusb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/usb/misc/sisusbvga/sisusb.c b/drivers/usb/misc/sisusbvga/sisusb.c +index 895e8c0288cf9..30b3bdc4e6761 100644 +--- a/drivers/usb/misc/sisusbvga/sisusb.c ++++ b/drivers/usb/misc/sisusbvga/sisusb.c +@@ -762,7 +762,7 @@ static int sisusb_write_mem_bulk(struct sisusb_usb_data *sisusb, u32 addr, + u8 swap8, fromkern = kernbuffer ? 1 : 0; + u16 swap16; + u32 swap32, flag = (length >> 28) & 1; +- char buf[4]; ++ u8 buf[4]; + + /* if neither kernbuffer not userbuffer are given, assume + * data in obuf +-- +2.25.1 +