From 452f42740da106d7d3ca9f2ecbc77c0db6b65df3 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 23 Feb 2023 11:41:00 +0100
Subject: [PATCH] 5.10-stable patches

added patches:
	audit-update-the-mailing-list-in-maintainers.patch
	ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch
	wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch
---
 ...date-the-mailing-list-in-maintainers.patch | 35 +++++++++
 ...ototype-mismatch-for-ext4_feat_ktype.patch | 74 +++++++++++++++++++
 queue-5.10/series                             |  3 +
 ...missing-compatible-string-for-sd8787.patch | 34 +++++++++
 4 files changed, 146 insertions(+)
 create mode 100644 queue-5.10/audit-update-the-mailing-list-in-maintainers.patch
 create mode 100644 queue-5.10/ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch
 create mode 100644 queue-5.10/wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch

diff --git a/queue-5.10/audit-update-the-mailing-list-in-maintainers.patch b/queue-5.10/audit-update-the-mailing-list-in-maintainers.patch
new file mode 100644
index 00000000000..9fb919cd134
--- /dev/null
+++ b/queue-5.10/audit-update-the-mailing-list-in-maintainers.patch
@@ -0,0 +1,35 @@
+From 6c6cd913accd77008f74a1a9d57b816db3651daa Mon Sep 17 00:00:00 2001
+From: Paul Moore <paul@paul-moore.com>
+Date: Tue, 7 Feb 2023 10:21:47 -0500
+Subject: audit: update the mailing list in MAINTAINERS
+
+From: Paul Moore <paul@paul-moore.com>
+
+commit 6c6cd913accd77008f74a1a9d57b816db3651daa upstream.
+
+We've moved the upstream Linux Kernel audit subsystem discussions to
+a new mailing list, this patch updates the MAINTAINERS info with the
+new list address.
+
+Marking this for stable inclusion to help speed uptake of the new
+list across all of the supported kernel releases.  This is a doc only
+patch so the risk should be close to nil.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ MAINTAINERS |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -3001,7 +3001,7 @@ F:	drivers/net/ieee802154/atusb.h
+ AUDIT SUBSYSTEM
+ M:	Paul Moore <paul@paul-moore.com>
+ M:	Eric Paris <eparis@redhat.com>
+-L:	linux-audit@redhat.com (moderated for non-subscribers)
++L:	audit@vger.kernel.org
+ S:	Supported
+ W:	https://github.com/linux-audit
+ T:	git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
diff --git a/queue-5.10/ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch b/queue-5.10/ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch
new file mode 100644
index 00000000000..0d832457b92
--- /dev/null
+++ b/queue-5.10/ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch
@@ -0,0 +1,74 @@
+From 118901ad1f25d2334255b3d50512fa20591531cd Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Wed, 4 Jan 2023 13:09:12 -0800
+Subject: ext4: Fix function prototype mismatch for ext4_feat_ktype
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 118901ad1f25d2334255b3d50512fa20591531cd upstream.
+
+With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
+indirect call targets are validated against the expected function
+pointer prototype to make sure the call target is valid to help mitigate
+ROP attacks. If they are not identical, there is a failure at run time,
+which manifests as either a kernel panic or thread getting killed.
+
+ext4_feat_ktype was setting the "release" handler to "kfree", which
+doesn't have a matching function prototype. Add a simple wrapper
+with the correct prototype.
+
+This was found as a result of Clang's new -Wcast-function-type-strict
+flag, which is more sensitive than the simpler -Wcast-function-type,
+which only checks for type width mismatches.
+
+Note that this code is only reached when ext4 is a loadable module and
+it is being unloaded:
+
+ CFI failure at kobject_put+0xbb/0x1b0 (target: kfree+0x0/0x180; expected type: 0x7c4aa698)
+ ...
+ RIP: 0010:kobject_put+0xbb/0x1b0
+ ...
+ Call Trace:
+  <TASK>
+  ext4_exit_sysfs+0x14/0x60 [ext4]
+  cleanup_module+0x67/0xedb [ext4]
+
+Fixes: b99fee58a20a ("ext4: create ext4_feat kobject dynamically")
+Cc: Theodore Ts'o <tytso@mit.edu>
+Cc: Eric Biggers <ebiggers@kernel.org>
+Cc: stable@vger.kernel.org
+Build-tested-by: Gustavo A. R. Silva <gustavoars@kernel.org>
+Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
+Reviewed-by: Nathan Chancellor <nathan@kernel.org>
+Link: https://lore.kernel.org/r/20230103234616.never.915-kees@kernel.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20230104210908.gonna.388-kees@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/sysfs.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/sysfs.c
++++ b/fs/ext4/sysfs.c
+@@ -487,6 +487,11 @@ static void ext4_sb_release(struct kobje
+ 	complete(&sbi->s_kobj_unregister);
+ }
+ 
++static void ext4_feat_release(struct kobject *kobj)
++{
++	kfree(kobj);
++}
++
+ static const struct sysfs_ops ext4_attr_ops = {
+ 	.show	= ext4_attr_show,
+ 	.store	= ext4_attr_store,
+@@ -501,7 +506,7 @@ static struct kobj_type ext4_sb_ktype =
+ static struct kobj_type ext4_feat_ktype = {
+ 	.default_groups = ext4_feat_groups,
+ 	.sysfs_ops	= &ext4_attr_ops,
+-	.release	= (void (*)(struct kobject *))kfree,
++	.release	= ext4_feat_release,
+ };
+ 
+ static struct kobject *ext4_root;
diff --git a/queue-5.10/series b/queue-5.10/series
index b577fdfa8ed..b4d2c8fc6ca 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -19,3 +19,6 @@ revert-revert-block-nbd-add-sanity-check-for-first_minor.patch
 nbd-fix-max-value-for-first_minor.patch
 nbd-fix-possible-overflow-for-first_minor-in-nbd_dev_add.patch
 nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_add.patch
+wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch
+audit-update-the-mailing-list-in-maintainers.patch
+ext4-fix-function-prototype-mismatch-for-ext4_feat_ktype.patch
diff --git a/queue-5.10/wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch b/queue-5.10/wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch
new file mode 100644
index 00000000000..cf16833fc40
--- /dev/null
+++ b/queue-5.10/wifi-mwifiex-add-missing-compatible-string-for-sd8787.patch
@@ -0,0 +1,34 @@
+From 36dd7a4c6226133b0b7aa92b8e604e688d958d0c Mon Sep 17 00:00:00 2001
+From: Lukas Wunner <lukas@wunner.de>
+Date: Fri, 27 Jan 2023 15:01:00 +0100
+Subject: wifi: mwifiex: Add missing compatible string for SD8787
+
+From: Lukas Wunner <lukas@wunner.de>
+
+commit 36dd7a4c6226133b0b7aa92b8e604e688d958d0c upstream.
+
+Commit e3fffc1f0b47 ("devicetree: document new marvell-8xxx and
+pwrseq-sd8787 options") documented a compatible string for SD8787 in
+the devicetree bindings, but neglected to add it to the mwifiex driver.
+
+Fixes: e3fffc1f0b47 ("devicetree: document new marvell-8xxx and pwrseq-sd8787 options")
+Signed-off-by: Lukas Wunner <lukas@wunner.de>
+Cc: stable@vger.kernel.org # v4.11+
+Cc: Matt Ranostay <mranostay@ti.com>
+Signed-off-by: Kalle Valo <kvalo@kernel.org>
+Link: https://lore.kernel.org/r/320de5005ff3b8fd76be2d2b859fd021689c3681.1674827105.git.lukas@wunner.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/marvell/mwifiex/sdio.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/wireless/marvell/mwifiex/sdio.c
++++ b/drivers/net/wireless/marvell/mwifiex/sdio.c
+@@ -485,6 +485,7 @@ static struct memory_type_mapping mem_ty
+ };
+ 
+ static const struct of_device_id mwifiex_sdio_of_match_table[] = {
++	{ .compatible = "marvell,sd8787" },
+ 	{ .compatible = "marvell,sd8897" },
+ 	{ .compatible = "marvell,sd8997" },
+ 	{ }
-- 
2.47.2