From: Greg Kroah-Hartman Date: Mon, 31 Oct 2022 10:05:58 +0000 (+0100) Subject: 6.0-stable patches X-Git-Tag: v4.19.263~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ebe8af14d290d78987db8f46050bb99601a6c710;p=thirdparty%2Fkernel%2Fstable-queue.git 6.0-stable patches added patches: acpi-pcc-fix-unintentional-integer-overflow.patch ethtool-eeprom-fix-null-deref-on-genl_info-in-dump.patch fbdev-core-avoid-uninitialized-read-in-aperture_remove_conflicting_pci_device.patch net-ieee802154-fix-error-return-code-in-dgram_bind.patch powerpc-64s-interrupt-fix-clear-of-paca_irqs_hard_dis-when-returning-to-soft-masked-context.patch --- diff --git a/queue-6.0/acpi-pcc-fix-unintentional-integer-overflow.patch b/queue-6.0/acpi-pcc-fix-unintentional-integer-overflow.patch new file mode 100644 index 00000000000..63f9fac415f --- /dev/null +++ b/queue-6.0/acpi-pcc-fix-unintentional-integer-overflow.patch @@ -0,0 +1,38 @@ +From 8338b74a750c534c223e8943cc0ed0e198ece261 Mon Sep 17 00:00:00 2001 +From: Manank Patel +Date: Tue, 18 Oct 2022 00:13:39 +0530 +Subject: ACPI: PCC: Fix unintentional integer overflow + +From: Manank Patel + +commit 8338b74a750c534c223e8943cc0ed0e198ece261 upstream. + +Fix an unintentional u32 overflow by changing PCC_CMD_WAIT_RETRIES_NUM +to 500ULL. + +Fixes: 91cefefb6991 ("ACPI: PCC: replace wait_for_completion()") +Signed-off-by: Manank Patel +Acked-by: Sudeep Holla +Acked-by: Huisong Li +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/acpi_pcc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/acpi/acpi_pcc.c b/drivers/acpi/acpi_pcc.c +index ee4ce5ba1fb2..3e252be047b8 100644 +--- a/drivers/acpi/acpi_pcc.c ++++ b/drivers/acpi/acpi_pcc.c +@@ -27,7 +27,7 @@ + * Arbitrary retries in case the remote processor is slow to respond + * to PCC commands + */ +-#define PCC_CMD_WAIT_RETRIES_NUM 500 ++#define PCC_CMD_WAIT_RETRIES_NUM 500ULL + + struct pcc_data { + struct pcc_mbox_chan *pcc_chan; +-- +2.38.1 + diff --git a/queue-6.0/ethtool-eeprom-fix-null-deref-on-genl_info-in-dump.patch b/queue-6.0/ethtool-eeprom-fix-null-deref-on-genl_info-in-dump.patch new file mode 100644 index 00000000000..b19449d2db3 --- /dev/null +++ b/queue-6.0/ethtool-eeprom-fix-null-deref-on-genl_info-in-dump.patch @@ -0,0 +1,32 @@ +From 9d9effca9d7d7cf6341182a7c5cabcbd6fa28063 Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Fri, 21 Oct 2022 10:22:47 -0400 +Subject: ethtool: eeprom: fix null-deref on genl_info in dump + +From: Xin Long + +commit 9d9effca9d7d7cf6341182a7c5cabcbd6fa28063 upstream. + +The similar fix as commit 46cdedf2a0fa ("ethtool: pse-pd: fix null-deref on +genl_info in dump") is also needed for ethtool eeprom. + +Fixes: c781ff12a2f3 ("ethtool: Allow network drivers to dump arbitrary EEPROM data") +Signed-off-by: Xin Long +Link: https://lore.kernel.org/r/5575919a2efc74cd9ad64021880afc3805c54166.1666362167.git.lucien.xin@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ethtool/eeprom.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ethtool/eeprom.c ++++ b/net/ethtool/eeprom.c +@@ -124,7 +124,7 @@ static int eeprom_prepare_data(const str + if (ret) + goto err_free; + +- ret = get_module_eeprom_by_page(dev, &page_data, info->extack); ++ ret = get_module_eeprom_by_page(dev, &page_data, info ? info->extack : NULL); + if (ret < 0) + goto err_ops; + diff --git a/queue-6.0/fbdev-core-avoid-uninitialized-read-in-aperture_remove_conflicting_pci_device.patch b/queue-6.0/fbdev-core-avoid-uninitialized-read-in-aperture_remove_conflicting_pci_device.patch new file mode 100644 index 00000000000..e8cd26f17f7 --- /dev/null +++ b/queue-6.0/fbdev-core-avoid-uninitialized-read-in-aperture_remove_conflicting_pci_device.patch @@ -0,0 +1,43 @@ +From e0ba1a39b8dfe4f005bebdd85daa89e7382e26b7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= +Date: Thu, 27 Oct 2022 02:06:16 +0200 +Subject: fbdev/core: Avoid uninitialized read in aperture_remove_conflicting_pci_device() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Michał Mirosław + +commit e0ba1a39b8dfe4f005bebdd85daa89e7382e26b7 upstream. + +Return on error directly from the BAR-iterating loop instead of +break+return. + +This is actually a cosmetic fix, since it would be highly unusual to +have this called for a PCI device without any memory BARs. + +Fixes: 9d69ef183815 ("fbdev/core: Remove remove_conflicting_pci_framebuffers()") +Signed-off-by: Michał Mirosław +Signed-off-by: Thomas Zimmermann +Link: https://patchwork.freedesktop.org/patch/msgid/e75323732bedc46d613d72ecb40f97e3bc75eea8.1666829073.git.mirq-linux@rere.qmqm.pl +Signed-off-by: Greg Kroah-Hartman +--- + drivers/video/aperture.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +--- a/drivers/video/aperture.c ++++ b/drivers/video/aperture.c +@@ -351,12 +351,9 @@ int aperture_remove_conflicting_pci_devi + size = pci_resource_len(pdev, bar); + ret = aperture_remove_conflicting_devices(base, size, primary, name); + if (ret) +- break; ++ return ret; + } + +- if (ret) +- return ret; +- + /* + * If a driver asked to unregister a platform device registered by + * sysfb, then can be assumed that this is a driver for a display diff --git a/queue-6.0/net-ieee802154-fix-error-return-code-in-dgram_bind.patch b/queue-6.0/net-ieee802154-fix-error-return-code-in-dgram_bind.patch new file mode 100644 index 00000000000..e30f6d49e50 --- /dev/null +++ b/queue-6.0/net-ieee802154-fix-error-return-code-in-dgram_bind.patch @@ -0,0 +1,35 @@ +From 444d8ad4916edec8a9fc684e841287db9b1e999f Mon Sep 17 00:00:00 2001 +From: Wei Yongjun +Date: Mon, 19 Sep 2022 16:08:30 +0000 +Subject: net: ieee802154: fix error return code in dgram_bind() + +From: Wei Yongjun + +commit 444d8ad4916edec8a9fc684e841287db9b1e999f upstream. + +Fix to return error code -EINVAL from the error handling +case instead of 0, as done elsewhere in this function. + +Fixes: 94160108a70c ("net/ieee802154: fix uninit value bug in dgram_sendmsg") +Signed-off-by: Wei Yongjun +Link: https://lore.kernel.org/r/20220919160830.1436109-1-weiyongjun@huaweicloud.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Greg Kroah-Hartman +--- + net/ieee802154/socket.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/ieee802154/socket.c ++++ b/net/ieee802154/socket.c +@@ -502,8 +502,10 @@ static int dgram_bind(struct sock *sk, s + if (err < 0) + goto out; + +- if (addr->family != AF_IEEE802154) ++ if (addr->family != AF_IEEE802154) { ++ err = -EINVAL; + goto out; ++ } + + ieee802154_addr_from_sa(&haddr, &addr->addr); + dev = ieee802154_get_dev(sock_net(sk), &haddr); diff --git a/queue-6.0/powerpc-64s-interrupt-fix-clear-of-paca_irqs_hard_dis-when-returning-to-soft-masked-context.patch b/queue-6.0/powerpc-64s-interrupt-fix-clear-of-paca_irqs_hard_dis-when-returning-to-soft-masked-context.patch new file mode 100644 index 00000000000..f36956322a6 --- /dev/null +++ b/queue-6.0/powerpc-64s-interrupt-fix-clear-of-paca_irqs_hard_dis-when-returning-to-soft-masked-context.patch @@ -0,0 +1,69 @@ +From 65722736c3baf29e02e964a09e85c9ef71c48e8d Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Sat, 22 Oct 2022 15:22:07 +1000 +Subject: powerpc/64s/interrupt: Fix clear of PACA_IRQS_HARD_DIS when returning to soft-masked context + +From: Nicholas Piggin + +commit 65722736c3baf29e02e964a09e85c9ef71c48e8d upstream. + +Commit a4cb3651a1743 ("powerpc/64s/interrupt: Fix lost interrupts when +returning to soft-masked context") fixed the problem of pending irqs +being cleared when clearing the HARD_DIS bit, but then it didn't clear +the bit at all. This change clears HARD_DIS without affecting other bits +in the mask. + +When an interrupt hits in a soft-masked section that has MSR[EE]=1, it +can hard disable and set PACA_IRQS_HARD_DIS, which must be cleared when +returning to the EE=1 caller (unless it was set due to a MUST_HARD_MASK +interrupt becoming pending). Failure to clear this leaves the +returned-to context running with MSR[EE]=1 and PACA_IRQS_HARD_DIS, which +confuses irq assertions and could be dangerous for code that might test +the flag. + +This was observed in a hash MMU kernel where a kernel hash fault hits in +a local_irqs_disabled region that has EE=1. The hash fault also runs +with EE=1, then as it returns, a decrementer hits in the restart section +and the irq restart code hard-masks which sets the PACA_IRQ_HARD_DIS +flag, which is not clear when the original context is returned to. + +Reported-by: Sachin Sant +Fixes: a4cb3651a1743 ("powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context") +Signed-off-by: Nicholas Piggin +Tested-by: Sachin Sant +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20221022052207.471328-1-npiggin@gmail.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/interrupt_64.S | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kernel/interrupt_64.S ++++ b/arch/powerpc/kernel/interrupt_64.S +@@ -565,15 +565,24 @@ _ASM_NOKPROBE_SYMBOL(interrupt_return_\s + * Returning to soft-disabled context. + * Check if a MUST_HARD_MASK interrupt has become pending, in which + * case we need to disable MSR[EE] in the return context. ++ * ++ * The MSR[EE] check catches among other things the short incoherency ++ * in hard_irq_disable() between clearing MSR[EE] and setting ++ * PACA_IRQ_HARD_DIS. + */ + ld r12,_MSR(r1) + andi. r10,r12,MSR_EE + beq .Lfast_kernel_interrupt_return_\srr\() // EE already disabled + lbz r11,PACAIRQHAPPENED(r13) + andi. r10,r11,PACA_IRQ_MUST_HARD_MASK +- beq .Lfast_kernel_interrupt_return_\srr\() // No HARD_MASK pending ++ bne 1f // HARD_MASK is pending ++ // No HARD_MASK pending, clear possible HARD_DIS set by interrupt ++ andi. r11,r11,(~PACA_IRQ_HARD_DIS)@l ++ stb r11,PACAIRQHAPPENED(r13) ++ b .Lfast_kernel_interrupt_return_\srr\() + +- /* Must clear MSR_EE from _MSR */ ++ ++1: /* Must clear MSR_EE from _MSR */ + #ifdef CONFIG_PPC_BOOK3S + li r10,0 + /* Clear valid before changing _MSR */ diff --git a/queue-6.0/series b/queue-6.0/series index 35713572185..4b729c5373c 100644 --- a/queue-6.0/series +++ b/queue-6.0/series @@ -101,3 +101,8 @@ s390-cio-fix-out-of-bounds-access-on-cio_ignore-free.patch s390-uaccess-add-missing-ex_table-entries-to-__clear_user.patch s390-futex-add-missing-ex_table-entry-to-__futex_atomic_op.patch s390-pci-add-missing-ex_table-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser.patch +ethtool-eeprom-fix-null-deref-on-genl_info-in-dump.patch +fbdev-core-avoid-uninitialized-read-in-aperture_remove_conflicting_pci_device.patch +acpi-pcc-fix-unintentional-integer-overflow.patch +powerpc-64s-interrupt-fix-clear-of-paca_irqs_hard_dis-when-returning-to-soft-masked-context.patch +net-ieee802154-fix-error-return-code-in-dgram_bind.patch