From 5f629f3f95cdef385c6b070e5791047d50cfa8ac Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 23 Jan 2022 17:23:29 +0100 Subject: [PATCH] 5.16-stable patches added patches: hid-magicmouse-fix-an-error-handling-path-in-magicmouse_probe.patch x86-mce-check-regs-before-accessing-it.patch --- ...or-handling-path-in-magicmouse_probe.patch | 36 ++++++++++++++++ queue-5.16/series | 2 + ...6-mce-check-regs-before-accessing-it.patch | 43 +++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 queue-5.16/hid-magicmouse-fix-an-error-handling-path-in-magicmouse_probe.patch create mode 100644 queue-5.16/x86-mce-check-regs-before-accessing-it.patch diff --git a/queue-5.16/hid-magicmouse-fix-an-error-handling-path-in-magicmouse_probe.patch b/queue-5.16/hid-magicmouse-fix-an-error-handling-path-in-magicmouse_probe.patch new file mode 100644 index 00000000000..b374b28296d --- /dev/null +++ b/queue-5.16/hid-magicmouse-fix-an-error-handling-path-in-magicmouse_probe.patch @@ -0,0 +1,36 @@ +From 33812fc7c8d77a43b7e2bf36a0d5a57c277a4b0c Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Tue, 28 Dec 2021 22:09:17 +0100 +Subject: HID: magicmouse: Fix an error handling path in magicmouse_probe() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christophe JAILLET + +commit 33812fc7c8d77a43b7e2bf36a0d5a57c277a4b0c upstream. + +If the timer introduced by the commit below is started, then it must be +deleted in the error handling of the probe. Otherwise it would trigger +once the driver is no more. + +Fixes: 0b91b4e4dae6 ("HID: magicmouse: Report battery level over USB") +Signed-off-by: Christophe JAILLET +Tested-by: José Expósito +Reported-by: +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/hid-magicmouse.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/hid/hid-magicmouse.c ++++ b/drivers/hid/hid-magicmouse.c +@@ -873,6 +873,7 @@ static int magicmouse_probe(struct hid_d + + return 0; + err_stop_hw: ++ del_timer_sync(&msc->battery_timer); + hid_hw_stop(hdev); + return ret; + } diff --git a/queue-5.16/series b/queue-5.16/series index 923ce832aef..1f61872ab62 100644 --- a/queue-5.16/series +++ b/queue-5.16/series @@ -843,3 +843,5 @@ mfd-tps65910-set-pwr_off-bit-during-driver-probe.patch spi-uniphier-fix-a-bug-that-doesn-t-point-to-private-data-correctly.patch xen-gntdev-fix-unmap-notification-order.patch md-move-alloc-free-acct-bioset-in-to-personality.patch +hid-magicmouse-fix-an-error-handling-path-in-magicmouse_probe.patch +x86-mce-check-regs-before-accessing-it.patch diff --git a/queue-5.16/x86-mce-check-regs-before-accessing-it.patch b/queue-5.16/x86-mce-check-regs-before-accessing-it.patch new file mode 100644 index 00000000000..9f9e10b877f --- /dev/null +++ b/queue-5.16/x86-mce-check-regs-before-accessing-it.patch @@ -0,0 +1,43 @@ +From 1acd85feba81084fcef00b73fc1601e42b77c5d8 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 17 Dec 2021 16:49:25 +0100 +Subject: x86/mce: Check regs before accessing it + +From: Borislav Petkov + +commit 1acd85feba81084fcef00b73fc1601e42b77c5d8 upstream. + +Commit in Fixes accesses pt_regs before checking whether it is NULL or +not. Make sure the NULL pointer check happens first. + +Fixes: 0a5b288e85bb ("x86/mce: Prevent severity computation from being instrumented") +Reported-by: Dan Carpenter +Signed-off-by: Borislav Petkov +Reviewed-by: Tony Luck +Link: https://lore.kernel.org/r/20211217102029.GA29708@kili +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/mce/severity.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/arch/x86/kernel/cpu/mce/severity.c ++++ b/arch/x86/kernel/cpu/mce/severity.c +@@ -222,6 +222,9 @@ static bool is_copy_from_user(struct pt_ + struct insn insn; + int ret; + ++ if (!regs) ++ return false; ++ + if (copy_from_kernel_nofault(insn_buf, (void *)regs->ip, MAX_INSN_SIZE)) + return false; + +@@ -283,7 +286,7 @@ static noinstr int error_context(struct + switch (fixup_type) { + case EX_TYPE_UACCESS: + case EX_TYPE_COPY: +- if (!regs || !copy_user) ++ if (!copy_user) + return IN_KERNEL; + m->kflags |= MCE_IN_KERNEL_COPYIN; + fallthrough; -- 2.47.3