From 6e676d028452dd1f4973dcbceca1e8c7ccf0b974 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 25 Aug 2022 13:47:08 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch
	parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch
---
 ...or-path-from-fsnotify_add_inode_mark.patch | 37 ++++++++++++++
 ...ndler-for-fldw-and-fstw-instructions.patch | 49 +++++++++++++++++++
 queue-4.14/series                             |  2 +
 3 files changed, 88 insertions(+)
 create mode 100644 queue-4.14/audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch
 create mode 100644 queue-4.14/parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch

diff --git a/queue-4.14/audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch b/queue-4.14/audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch
new file mode 100644
index 00000000000..ab0fa29cd43
--- /dev/null
+++ b/queue-4.14/audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch
@@ -0,0 +1,37 @@
+From ad982c3be4e60c7d39c03f782733503cbd88fd2a Mon Sep 17 00:00:00 2001
+From: Gaosheng Cui <cuigaosheng1@huawei.com>
+Date: Mon, 22 Aug 2022 10:29:05 +0800
+Subject: audit: fix potential double free on error path from fsnotify_add_inode_mark
+
+From: Gaosheng Cui <cuigaosheng1@huawei.com>
+
+commit ad982c3be4e60c7d39c03f782733503cbd88fd2a upstream.
+
+Audit_alloc_mark() assign pathname to audit_mark->path, on error path
+from fsnotify_add_inode_mark(), fsnotify_put_mark will free memory
+of audit_mark->path, but the caller of audit_alloc_mark will free
+the pathname again, so there will be double free problem.
+
+Fix this by resetting audit_mark->path to NULL pointer on error path
+from fsnotify_add_inode_mark().
+
+Cc: stable@vger.kernel.org
+Fixes: 7b1293234084d ("fsnotify: Add group pointer in fsnotify_init_mark()")
+Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/audit_fsnotify.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/kernel/audit_fsnotify.c
++++ b/kernel/audit_fsnotify.c
+@@ -111,6 +111,7 @@ struct audit_fsnotify_mark *audit_alloc_
+ 
+ 	ret = fsnotify_add_mark(&audit_mark->mark, inode, NULL, true);
+ 	if (ret < 0) {
++		audit_mark->path = NULL;
+ 		fsnotify_put_mark(&audit_mark->mark);
+ 		audit_mark = ERR_PTR(ret);
+ 	}
diff --git a/queue-4.14/parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch b/queue-4.14/parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch
new file mode 100644
index 00000000000..c649715898a
--- /dev/null
+++ b/queue-4.14/parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch
@@ -0,0 +1,49 @@
+From 7ae1f5508d9a33fd58ed3059bd2d569961e3b8bd Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sat, 20 Aug 2022 17:59:17 +0200
+Subject: parisc: Fix exception handler for fldw and fstw instructions
+
+From: Helge Deller <deller@gmx.de>
+
+commit 7ae1f5508d9a33fd58ed3059bd2d569961e3b8bd upstream.
+
+The exception handler is broken for unaligned memory acceses with fldw
+and fstw instructions, because it trashes or uses randomly some other
+floating point register than the one specified in the instruction word
+on loads and stores.
+
+The instruction "fldw 0(addr),%fr22L" (and the other fldw/fstw
+instructions) encode the target register (%fr22) in the rightmost 5 bits
+of the instruction word. The 7th rightmost bit of the instruction word
+defines if the left or right half of %fr22 should be used.
+
+While processing unaligned address accesses, the FR3() define is used to
+extract the offset into the local floating-point register set.  But the
+calculation in FR3() was buggy, so that for example instead of %fr22,
+register %fr12 [((22 * 2) & 0x1f) = 12] was used.
+
+This bug has been since forever in the parisc kernel and I wonder why it
+wasn't detected earlier. Interestingly I noticed this bug just because
+the libime debian package failed to build on *native* hardware, while it
+successfully built in qemu.
+
+This patch corrects the bitshift and masking calculation in FR3().
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/parisc/kernel/unaligned.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/parisc/kernel/unaligned.c
++++ b/arch/parisc/kernel/unaligned.c
+@@ -121,7 +121,7 @@
+ #define R1(i) (((i)>>21)&0x1f)
+ #define R2(i) (((i)>>16)&0x1f)
+ #define R3(i) ((i)&0x1f)
+-#define FR3(i) ((((i)<<1)&0x1f)|(((i)>>6)&1))
++#define FR3(i) ((((i)&0x1f)<<1)|(((i)>>6)&1))
+ #define IM(i,n) (((i)>>1&((1<<(n-1))-1))|((i)&1?((0-1L)<<(n-1)):0))
+ #define IM5_2(i) IM((i)>>16,5)
+ #define IM5_3(i) IM((i),5)
diff --git a/queue-4.14/series b/queue-4.14/series
index e69de29bb2d..7c22fd59711 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -0,0 +1,2 @@
+audit-fix-potential-double-free-on-error-path-from-fsnotify_add_inode_mark.patch
+parisc-fix-exception-handler-for-fldw-and-fstw-instructions.patch
-- 
2.47.2