From 2cac23c365f843f0841b08cc99a5446fab05a4d6 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 24 Apr 2023 08:05:11 +0200 Subject: [PATCH] 6.2-stable patches added patches: gcc-disable-warray-bounds-for-gcc-13-too.patch input-cyttsp5-fix-sensing-configuration-data-structure.patch input-pegasus-notetaker-check-pipe-type-when-probing.patch pci-msi-remove-over-zealous-hardware-size-check-in-pci_msix_validate_entries.patch --- ...disable-warray-bounds-for-gcc-13-too.patch | 63 ++++++++++++++++ ...sensing-configuration-data-structure.patch | 36 +++++++++ ...tetaker-check-pipe-type-when-probing.patch | 41 +++++++++++ ...e-check-in-pci_msix_validate_entries.patch | 73 +++++++++++++++++++ queue-6.2/series | 4 + 5 files changed, 217 insertions(+) create mode 100644 queue-6.2/gcc-disable-warray-bounds-for-gcc-13-too.patch create mode 100644 queue-6.2/input-cyttsp5-fix-sensing-configuration-data-structure.patch create mode 100644 queue-6.2/input-pegasus-notetaker-check-pipe-type-when-probing.patch create mode 100644 queue-6.2/pci-msi-remove-over-zealous-hardware-size-check-in-pci_msix_validate_entries.patch diff --git a/queue-6.2/gcc-disable-warray-bounds-for-gcc-13-too.patch b/queue-6.2/gcc-disable-warray-bounds-for-gcc-13-too.patch new file mode 100644 index 00000000000..8e71d62bb5c --- /dev/null +++ b/queue-6.2/gcc-disable-warray-bounds-for-gcc-13-too.patch @@ -0,0 +1,63 @@ +From 0da6e5fd6c3726723e275603426e09178940dace Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Sun, 23 Apr 2023 09:56:20 -0700 +Subject: gcc: disable '-Warray-bounds' for gcc-13 too + +From: Linus Torvalds + +commit 0da6e5fd6c3726723e275603426e09178940dace upstream. + +We started disabling '-Warray-bounds' for gcc-12 originally on s390, +because it resulted in some warnings that weren't realistically fixable +(commit 8b202ee21839: "s390: disable -Warray-bounds"). + +That s390-specific issue was then found to be less common elsewhere, but +generic (see f0be87c42cbd: "gcc-12: disable '-Warray-bounds' universally +for now"), and then later expanded the version check was expanded to +gcc-11 (5a41237ad1d4: "gcc: disable -Warray-bounds for gcc-11 too"). + +And it turns out that I was much too optimistic in thinking that it's +all going to go away, and here we are with gcc-13 showing all the same +issues. So instead of expanding this one version at a time, let's just +disable it for gcc-11+, and put an end limit to it only when we actually +find a solution. + +Yes, I'm sure some of this is because the kernel just does odd things +(like our "container_of()" use, but also knowingly playing games with +things like linker tables and array layouts). + +And yes, some of the warnings are likely signs of real bugs, but when +there are hundreds of false positives, that doesn't really help. + +Oh well. + +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + init/Kconfig | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -894,18 +894,14 @@ config CC_IMPLICIT_FALLTHROUGH + default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5) + default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough) + +-# Currently, disable gcc-11,12 array-bounds globally. +-# We may want to target only particular configurations some day. ++# Currently, disable gcc-11+ array-bounds globally. ++# It's still broken in gcc-13, so no upper bound yet. + config GCC11_NO_ARRAY_BOUNDS + def_bool y + +-config GCC12_NO_ARRAY_BOUNDS +- def_bool y +- + config CC_NO_ARRAY_BOUNDS + bool +- default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC_VERSION < 120000 && GCC11_NO_ARRAY_BOUNDS +- default y if CC_IS_GCC && GCC_VERSION >= 120000 && GCC_VERSION < 130000 && GCC12_NO_ARRAY_BOUNDS ++ default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS + + # + # For architectures that know their GCC __int128 support is sound diff --git a/queue-6.2/input-cyttsp5-fix-sensing-configuration-data-structure.patch b/queue-6.2/input-cyttsp5-fix-sensing-configuration-data-structure.patch new file mode 100644 index 00000000000..e6097666048 --- /dev/null +++ b/queue-6.2/input-cyttsp5-fix-sensing-configuration-data-structure.patch @@ -0,0 +1,36 @@ +From 5dc63e56a9cf8df0b59c234a505a1653f1bdf885 Mon Sep 17 00:00:00 2001 +From: hrdl +Date: Thu, 13 Apr 2023 23:41:13 -0700 +Subject: Input: cyttsp5 - fix sensing configuration data structure + +From: hrdl + +commit 5dc63e56a9cf8df0b59c234a505a1653f1bdf885 upstream. + +Prior to this patch, the sensing configuration data was not parsed +correctly, breaking detection of max_tch. The vendor driver includes +this field. This change informs the driver about the correct maximum +number of simultaneous touch inputs. + +Tested on a Pine64 PineNote with a modified touch screen controller +firmware. + +Signed-off-by: hrdl +Reviewed-by: Alistair Francis +Link: https://lore.kernel.org/r/20230411211651.3791304-1-git@hrdl.eu +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/input/touchscreen/cyttsp5.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/input/touchscreen/cyttsp5.c ++++ b/drivers/input/touchscreen/cyttsp5.c +@@ -111,6 +111,7 @@ struct cyttsp5_sensing_conf_data_dev { + __le16 max_z; + u8 origin_x; + u8 origin_y; ++ u8 panel_id; + u8 btn; + u8 scan_mode; + u8 max_num_of_tch_per_refresh_cycle; diff --git a/queue-6.2/input-pegasus-notetaker-check-pipe-type-when-probing.patch b/queue-6.2/input-pegasus-notetaker-check-pipe-type-when-probing.patch new file mode 100644 index 00000000000..a942ca60cff --- /dev/null +++ b/queue-6.2/input-pegasus-notetaker-check-pipe-type-when-probing.patch @@ -0,0 +1,41 @@ +From b3d80fd27a3c2d8715a40cbf876139b56195f162 Mon Sep 17 00:00:00 2001 +From: Soumya Negi +Date: Sun, 9 Apr 2023 19:12:04 -0700 +Subject: Input: pegasus-notetaker - check pipe type when probing + +From: Soumya Negi + +commit b3d80fd27a3c2d8715a40cbf876139b56195f162 upstream. + +Fix WARNING in pegasus_open/usb_submit_urb +Syzbot bug: https://syzkaller.appspot.com/bug?id=bbc107584dcf3262253ce93183e51f3612aaeb13 + +Warning raised because pegasus_driver submits transfer request for +bogus URB (pipe type does not match endpoint type). Add sanity check at +probe time for pipe value extracted from endpoint descriptor. Probe +will fail if sanity check fails. + +Reported-and-tested-by: syzbot+04ee0cb4caccaed12d78@syzkaller.appspotmail.com +Signed-off-by: Soumya Negi +Link: https://lore.kernel.org/r/20230404074145.11523-1-soumya.negi97@gmail.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/input/tablet/pegasus_notetaker.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/input/tablet/pegasus_notetaker.c ++++ b/drivers/input/tablet/pegasus_notetaker.c +@@ -296,6 +296,12 @@ static int pegasus_probe(struct usb_inte + pegasus->intf = intf; + + pipe = usb_rcvintpipe(dev, endpoint->bEndpointAddress); ++ /* Sanity check that pipe's type matches endpoint's type */ ++ if (usb_pipe_type_check(dev, pipe)) { ++ error = -EINVAL; ++ goto err_free_mem; ++ } ++ + pegasus->data_len = usb_maxpacket(dev, pipe); + + pegasus->data = usb_alloc_coherent(dev, pegasus->data_len, GFP_KERNEL, diff --git a/queue-6.2/pci-msi-remove-over-zealous-hardware-size-check-in-pci_msix_validate_entries.patch b/queue-6.2/pci-msi-remove-over-zealous-hardware-size-check-in-pci_msix_validate_entries.patch new file mode 100644 index 00000000000..205a79feacc --- /dev/null +++ b/queue-6.2/pci-msi-remove-over-zealous-hardware-size-check-in-pci_msix_validate_entries.patch @@ -0,0 +1,73 @@ +From e3c026be4d3ca046799fde55ccbae9d0f059fb93 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Mon, 10 Apr 2023 21:14:45 +0200 +Subject: PCI/MSI: Remove over-zealous hardware size check in pci_msix_validate_entries() + +From: Thomas Gleixner + +commit e3c026be4d3ca046799fde55ccbae9d0f059fb93 upstream. + +pci_msix_validate_entries() validates the entries array which is handed in +by the caller for a MSI-X interrupt allocation. Aside of consistency +failures it also detects a failure when the size of the MSI-X hardware table +in the device is smaller than the size of the entries array. + +That's wrong for the case of range allocations where the caller provides +the minimum and the maximum number of vectors to allocate, when the +hardware size is greater or equal than the mininum, but smaller than the +maximum. + +Remove the hardware size check completely from that function and just +ensure that the entires array up to the maximum size is consistent. + +The limitation and range checking versus the hardware size happens +independently of that afterwards anyway because the entries array is +optional. + +Fixes: 4644d22eb673 ("PCI/MSI: Validate MSI-X contiguous restriction early") +Reported-by: David Laight +Signed-off-by: Thomas Gleixner +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/87v8i3sg62.ffs@tglx +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/msi/msi.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/drivers/pci/msi/msi.c b/drivers/pci/msi/msi.c +index 1f716624ca56..ef1d8857a51b 100644 +--- a/drivers/pci/msi/msi.c ++++ b/drivers/pci/msi/msi.c +@@ -750,8 +750,7 @@ static int msix_capability_init(struct pci_dev *dev, struct msix_entry *entries, + return ret; + } + +-static bool pci_msix_validate_entries(struct pci_dev *dev, struct msix_entry *entries, +- int nvec, int hwsize) ++static bool pci_msix_validate_entries(struct pci_dev *dev, struct msix_entry *entries, int nvec) + { + bool nogap; + int i, j; +@@ -762,10 +761,6 @@ static bool pci_msix_validate_entries(struct pci_dev *dev, struct msix_entry *en + nogap = pci_msi_domain_supports(dev, MSI_FLAG_MSIX_CONTIGUOUS, DENY_LEGACY); + + for (i = 0; i < nvec; i++) { +- /* Entry within hardware limit? */ +- if (entries[i].entry >= hwsize) +- return false; +- + /* Check for duplicate entries */ + for (j = i + 1; j < nvec; j++) { + if (entries[i].entry == entries[j].entry) +@@ -805,7 +800,7 @@ int __pci_enable_msix_range(struct pci_dev *dev, struct msix_entry *entries, int + if (hwsize < 0) + return hwsize; + +- if (!pci_msix_validate_entries(dev, entries, nvec, hwsize)) ++ if (!pci_msix_validate_entries(dev, entries, nvec)) + return -EINVAL; + + if (hwsize < nvec) { +-- +2.40.0 + diff --git a/queue-6.2/series b/queue-6.2/series index 50764d681f7..a54ac3cbbd0 100644 --- a/queue-6.2/series +++ b/queue-6.2/series @@ -97,3 +97,7 @@ mips-define-runtime_discard_exit-in-ld-script.patch loongarch-make-mstrict-align-configurable.patch loongarch-make-writecombine-configurable-for-ioremap.patch purgatory-fix-disabling-debug-info.patch +pci-msi-remove-over-zealous-hardware-size-check-in-pci_msix_validate_entries.patch +gcc-disable-warray-bounds-for-gcc-13-too.patch +input-cyttsp5-fix-sensing-configuration-data-structure.patch +input-pegasus-notetaker-check-pipe-type-when-probing.patch -- 2.47.3