From: Greg Kroah-Hartman Date: Thu, 23 Feb 2023 10:41:18 +0000 (+0100) Subject: 6.1-stable patches X-Git-Tag: v6.2.1~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fa6203c542279bcbbb8ecca836fd419497b0c468;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: audit-update-the-mailing-list-in-maintainers.patch ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch platform-x86-amd-pmf-add-depends-on-config_power_supply.patch platform-x86-nvidia-wmi-ec-backlight-add-force-module-parameter.patch randstruct-disable-clang-15-support.patch wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch --- diff --git a/queue-6.1/audit-update-the-mailing-list-in-maintainers.patch b/queue-6.1/audit-update-the-mailing-list-in-maintainers.patch new file mode 100644 index 00000000000..6eddefaf00a --- /dev/null +++ b/queue-6.1/audit-update-the-mailing-list-in-maintainers.patch @@ -0,0 +1,35 @@ +From 6c6cd913accd77008f74a1a9d57b816db3651daa Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Tue, 7 Feb 2023 10:21:47 -0500 +Subject: audit: update the mailing list in MAINTAINERS + +From: Paul Moore + +commit 6c6cd913accd77008f74a1a9d57b816db3651daa upstream. + +We've moved the upstream Linux Kernel audit subsystem discussions to +a new mailing list, this patch updates the MAINTAINERS info with the +new list address. + +Marking this for stable inclusion to help speed uptake of the new +list across all of the supported kernel releases. This is a doc only +patch so the risk should be close to nil. + +Cc: stable@vger.kernel.org +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + MAINTAINERS | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -3444,7 +3444,7 @@ F: drivers/net/ieee802154/atusb.h + AUDIT SUBSYSTEM + M: Paul Moore + M: Eric Paris +-L: linux-audit@redhat.com (moderated for non-subscribers) ++L: audit@vger.kernel.org + S: Supported + W: https://github.com/linux-audit + T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git diff --git a/queue-6.1/ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch b/queue-6.1/ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch new file mode 100644 index 00000000000..f9f9fd695b1 --- /dev/null +++ b/queue-6.1/ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch @@ -0,0 +1,74 @@ +From 118901ad1f25d2334255b3d50512fa20591531cd Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Wed, 4 Jan 2023 13:09:12 -0800 +Subject: ext4: Fix function prototype mismatch for ext4_feat_ktype + +From: Kees Cook + +commit 118901ad1f25d2334255b3d50512fa20591531cd upstream. + +With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), +indirect call targets are validated against the expected function +pointer prototype to make sure the call target is valid to help mitigate +ROP attacks. If they are not identical, there is a failure at run time, +which manifests as either a kernel panic or thread getting killed. + +ext4_feat_ktype was setting the "release" handler to "kfree", which +doesn't have a matching function prototype. Add a simple wrapper +with the correct prototype. + +This was found as a result of Clang's new -Wcast-function-type-strict +flag, which is more sensitive than the simpler -Wcast-function-type, +which only checks for type width mismatches. + +Note that this code is only reached when ext4 is a loadable module and +it is being unloaded: + + CFI failure at kobject_put+0xbb/0x1b0 (target: kfree+0x0/0x180; expected type: 0x7c4aa698) + ... + RIP: 0010:kobject_put+0xbb/0x1b0 + ... + Call Trace: + + ext4_exit_sysfs+0x14/0x60 [ext4] + cleanup_module+0x67/0xedb [ext4] + +Fixes: b99fee58a20a ("ext4: create ext4_feat kobject dynamically") +Cc: Theodore Ts'o +Cc: Eric Biggers +Cc: stable@vger.kernel.org +Build-tested-by: Gustavo A. R. Silva +Reviewed-by: Gustavo A. R. Silva +Reviewed-by: Nathan Chancellor +Link: https://lore.kernel.org/r/20230103234616.never.915-kees@kernel.org +Signed-off-by: Kees Cook +Reviewed-by: Eric Biggers +Link: https://lore.kernel.org/r/20230104210908.gonna.388-kees@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/sysfs.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/fs/ext4/sysfs.c ++++ b/fs/ext4/sysfs.c +@@ -491,6 +491,11 @@ static void ext4_sb_release(struct kobje + complete(&sbi->s_kobj_unregister); + } + ++static void ext4_feat_release(struct kobject *kobj) ++{ ++ kfree(kobj); ++} ++ + static const struct sysfs_ops ext4_attr_ops = { + .show = ext4_attr_show, + .store = ext4_attr_store, +@@ -505,7 +510,7 @@ static struct kobj_type ext4_sb_ktype = + static struct kobj_type ext4_feat_ktype = { + .default_groups = ext4_feat_groups, + .sysfs_ops = &ext4_attr_ops, +- .release = (void (*)(struct kobject *))kfree, ++ .release = ext4_feat_release, + }; + + void ext4_notify_error_sysfs(struct ext4_sb_info *sbi) diff --git a/queue-6.1/platform-x86-amd-pmf-add-depends-on-config_power_supply.patch b/queue-6.1/platform-x86-amd-pmf-add-depends-on-config_power_supply.patch new file mode 100644 index 00000000000..a172c806bbb --- /dev/null +++ b/queue-6.1/platform-x86-amd-pmf-add-depends-on-config_power_supply.patch @@ -0,0 +1,43 @@ +From 3004e8d2a0a98bbf4223ae146464fadbff68bf78 Mon Sep 17 00:00:00 2001 +From: Shyam Sundar S K +Date: Mon, 13 Feb 2023 17:44:57 +0530 +Subject: platform/x86/amd/pmf: Add depends on CONFIG_POWER_SUPPLY + +From: Shyam Sundar S K + +commit 3004e8d2a0a98bbf4223ae146464fadbff68bf78 upstream. + +It is reported that amd_pmf driver is missing "depends on" for +CONFIG_POWER_SUPPLY causing the following build error. + +ld: drivers/platform/x86/amd/pmf/core.o: in function `amd_pmf_remove': +core.c:(.text+0x10): undefined reference to `power_supply_unreg_notifier' +ld: drivers/platform/x86/amd/pmf/core.o: in function `amd_pmf_probe': +core.c:(.text+0x38f): undefined reference to `power_supply_reg_notifier' +make[1]: *** [scripts/Makefile.vmlinux:34: vmlinux] Error 1 +make: *** [Makefile:1248: vmlinux] Error 2 + +Add this to the Kconfig file. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=217028 +Fixes: c5258d39fc4c ("platform/x86/amd/pmf: Add helper routine to update SPS thermals") +Signed-off-by: Shyam Sundar S K +Link: https://lore.kernel.org/r/20230213121457.1764463-1-Shyam-sundar.S-k@amd.com +Cc: stable@vger.kernel.org +Reviewed-by: Hans de Goede +Signed-off-by: Hans de Goede +Signed-off-by: Greg Kroah-Hartman +--- + drivers/platform/x86/amd/pmf/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/platform/x86/amd/pmf/Kconfig ++++ b/drivers/platform/x86/amd/pmf/Kconfig +@@ -6,6 +6,7 @@ + config AMD_PMF + tristate "AMD Platform Management Framework" + depends on ACPI && PCI ++ depends on POWER_SUPPLY + select ACPI_PLATFORM_PROFILE + help + This driver provides support for the AMD Platform Management Framework. diff --git a/queue-6.1/platform-x86-nvidia-wmi-ec-backlight-add-force-module-parameter.patch b/queue-6.1/platform-x86-nvidia-wmi-ec-backlight-add-force-module-parameter.patch new file mode 100644 index 00000000000..13469777e8c --- /dev/null +++ b/queue-6.1/platform-x86-nvidia-wmi-ec-backlight-add-force-module-parameter.patch @@ -0,0 +1,58 @@ +From 0d9bdd8a550170306c2021b8d6766c5343b870c2 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 17 Feb 2023 15:42:08 +0100 +Subject: platform/x86: nvidia-wmi-ec-backlight: Add force module parameter + +From: Hans de Goede + +commit 0d9bdd8a550170306c2021b8d6766c5343b870c2 upstream. + +On some Lenovo Legion models, the backlight might be driven by either +one of nvidia_wmi_ec_backlight or amdgpu_bl0 at different times. + +When the Nvidia WMI EC backlight interface reports the backlight is +controlled by the EC, the current backlight handling only registers +nvidia_wmi_ec_backlight (and registers no other backlight interfaces). + +This hides (never registers) the amdgpu_bl0 interface, where as prior +to 6.1.4 users would have both nvidia_wmi_ec_backlight and amdgpu_bl0 +and could work around things in userspace. + +Add a force module parameter which can be used with acpi_backlight=native +to restore the old behavior as a workound (for now) by passing: + +"acpi_backlight=native nvidia-wmi-ec-backlight.force=1" + +Fixes: 8d0ca287fd8c ("platform/x86: nvidia-wmi-ec-backlight: Use acpi_video_get_backlight_type()") +Link: https://bugzilla.kernel.org/show_bug.cgi?id=217026 +Cc: stable@vger.kernel.org +Signed-off-by: Hans de Goede +Reviewed-by: Daniel Dadap +Link: https://lore.kernel.org/r/20230217144208.5721-1-hdegoede@redhat.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/platform/x86/nvidia-wmi-ec-backlight.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/platform/x86/nvidia-wmi-ec-backlight.c ++++ b/drivers/platform/x86/nvidia-wmi-ec-backlight.c +@@ -12,6 +12,10 @@ + #include + #include + ++static bool force; ++module_param(force, bool, 0444); ++MODULE_PARM_DESC(force, "Force loading (disable acpi_backlight=xxx checks"); ++ + /** + * wmi_brightness_notify() - helper function for calling WMI-wrapped ACPI method + * @w: Pointer to the struct wmi_device identified by %WMI_BRIGHTNESS_GUID +@@ -91,7 +95,7 @@ static int nvidia_wmi_ec_backlight_probe + int ret; + + /* drivers/acpi/video_detect.c also checks that SOURCE == EC */ +- if (acpi_video_get_backlight_type() != acpi_backlight_nvidia_wmi_ec) ++ if (!force && acpi_video_get_backlight_type() != acpi_backlight_nvidia_wmi_ec) + return -ENODEV; + + /* diff --git a/queue-6.1/randstruct-disable-clang-15-support.patch b/queue-6.1/randstruct-disable-clang-15-support.patch new file mode 100644 index 00000000000..2fa1c8555b7 --- /dev/null +++ b/queue-6.1/randstruct-disable-clang-15-support.patch @@ -0,0 +1,40 @@ +From 78f7a3fd6dc66cb788c21d7705977ed13c879351 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Tue, 7 Feb 2023 22:51:33 -0800 +Subject: randstruct: disable Clang 15 support + +From: Eric Biggers + +commit 78f7a3fd6dc66cb788c21d7705977ed13c879351 upstream. + +The randstruct support released in Clang 15 is unsafe to use due to a +bug that can cause miscompilations: "-frandomize-layout-seed +inconsistently randomizes all-function-pointers structs" +(https://github.com/llvm/llvm-project/issues/60349). It has been fixed +on the Clang 16 release branch, so add a Clang version check. + +Fixes: 035f7f87b729 ("randstruct: Enable Clang support") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Acked-by: Nick Desaulniers +Reviewed-by: Nathan Chancellor +Reviewed-by: Bill Wendling +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20230208065133.220589-1-ebiggers@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + security/Kconfig.hardening | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/security/Kconfig.hardening ++++ b/security/Kconfig.hardening +@@ -281,6 +281,9 @@ endmenu + + config CC_HAS_RANDSTRUCT + def_bool $(cc-option,-frandomize-layout-seed-file=/dev/null) ++ # Randstruct was first added in Clang 15, but it isn't safe to use until ++ # Clang 16 due to https://github.com/llvm/llvm-project/issues/60349 ++ depends on !CC_IS_CLANG || CLANG_VERSION >= 160000 + + choice + prompt "Randomize layout of sensitive kernel structures" diff --git a/queue-6.1/series b/queue-6.1/series index 23498bc367b..baf1cf7e2a9 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -40,3 +40,9 @@ powerpc-vmlinux.lds-define-runtime_discard_exit.patch powerpc-vmlinux.lds-don-t-discard-.rela-for-relocatable-builds.patch s390-define-runtime_discard_exit-to-fix-link-error-with-gnu-ld-2.36.patch sh-define-runtime_discard_exit.patch +wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch +audit-update-the-mailing-list-in-maintainers.patch +platform-x86-amd-pmf-add-depends-on-config_power_supply.patch +platform-x86-nvidia-wmi-ec-backlight-add-force-module-parameter.patch +ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch +randstruct-disable-clang-15-support.patch diff --git a/queue-6.1/wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch b/queue-6.1/wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch new file mode 100644 index 00000000000..c3d169769ed --- /dev/null +++ b/queue-6.1/wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch @@ -0,0 +1,34 @@ +From 36dd7a4c6226133b0b7aa92b8e604e688d958d0c Mon Sep 17 00:00:00 2001 +From: Lukas Wunner +Date: Fri, 27 Jan 2023 15:01:00 +0100 +Subject: wifi: mwifiex: Add missing compatible string for SD8787 + +From: Lukas Wunner + +commit 36dd7a4c6226133b0b7aa92b8e604e688d958d0c upstream. + +Commit e3fffc1f0b47 ("devicetree: document new marvell-8xxx and +pwrseq-sd8787 options") documented a compatible string for SD8787 in +the devicetree bindings, but neglected to add it to the mwifiex driver. + +Fixes: e3fffc1f0b47 ("devicetree: document new marvell-8xxx and pwrseq-sd8787 options") +Signed-off-by: Lukas Wunner +Cc: stable@vger.kernel.org # v4.11+ +Cc: Matt Ranostay +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/320de5005ff3b8fd76be2d2b859fd021689c3681.1674827105.git.lukas@wunner.de +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/marvell/mwifiex/sdio.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/wireless/marvell/mwifiex/sdio.c ++++ b/drivers/net/wireless/marvell/mwifiex/sdio.c +@@ -480,6 +480,7 @@ static struct memory_type_mapping mem_ty + }; + + static const struct of_device_id mwifiex_sdio_of_match_table[] = { ++ { .compatible = "marvell,sd8787" }, + { .compatible = "marvell,sd8897" }, + { .compatible = "marvell,sd8997" }, + { }