From 818ee1b496ebb5c2b28c0a6d0a1b722afc242cad Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 6 Sep 2021 10:49:38 +0200
Subject: [PATCH] 5.10-stable patches

added patches:
	serial-8250-8250_omap-fix-possible-array-out-of-bounds-access.patch
	spi-switch-to-signed-types-for-_native_cs-spi-controller-fields.patch
---
 ...-possible-array-out-of-bounds-access.patch | 34 ++++++++++++++++
 queue-5.10/series                             |  2 +
 ...for-_native_cs-spi-controller-fields.patch | 40 +++++++++++++++++++
 3 files changed, 76 insertions(+)
 create mode 100644 queue-5.10/serial-8250-8250_omap-fix-possible-array-out-of-bounds-access.patch
 create mode 100644 queue-5.10/spi-switch-to-signed-types-for-_native_cs-spi-controller-fields.patch

diff --git a/queue-5.10/serial-8250-8250_omap-fix-possible-array-out-of-bounds-access.patch b/queue-5.10/serial-8250-8250_omap-fix-possible-array-out-of-bounds-access.patch
new file mode 100644
index 00000000000..99edb39fddc
--- /dev/null
+++ b/queue-5.10/serial-8250-8250_omap-fix-possible-array-out-of-bounds-access.patch
@@ -0,0 +1,34 @@
+From d4548b14dd7e5c698f81ce23ce7b69a896373b45 Mon Sep 17 00:00:00 2001
+From: Vignesh Raghavendra <vigneshr@ti.com>
+Date: Wed, 11 Nov 2020 16:56:52 +0530
+Subject: serial: 8250: 8250_omap: Fix possible array out of bounds access
+
+From: Vignesh Raghavendra <vigneshr@ti.com>
+
+commit d4548b14dd7e5c698f81ce23ce7b69a896373b45 upstream.
+
+k3_soc_devices array is missing a sentinel entry which may result in out
+of bounds access as reported by kernel KASAN.
+
+Fix this by adding a sentinel entry.
+
+Fixes: 439c7183e5b9 ("serial: 8250: 8250_omap: Disable RX interrupt after DMA enable")
+Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
+Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
+Link: https://lore.kernel.org/r/20201111112653.2710-1-vigneshr@ti.com
+Signed-off-by: Nobuhiro Iwamatsu (CIP) <nobuhiro1.iwamatsu@toshiba.co.jp>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/serial/8250/8250_omap.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/tty/serial/8250/8250_omap.c
++++ b/drivers/tty/serial/8250/8250_omap.c
+@@ -1211,6 +1211,7 @@ static int omap8250_no_handle_irq(struct
+ static const struct soc_device_attribute k3_soc_devices[] = {
+ 	{ .family = "AM65X",  },
+ 	{ .family = "J721E", .revision = "SR1.0" },
++	{ /* sentinel */ }
+ };
+ 
+ static struct omap8250_dma_params am654_dma = {
diff --git a/queue-5.10/series b/queue-5.10/series
index da329fa1f19..c94a7e403ec 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -22,3 +22,5 @@ cryptoloop-add-a-deprecation-warning.patch
 alsa-hda-realtek-quirk-for-hp-spectre-x360-14-amp-setup.patch
 alsa-hda-realtek-workaround-for-conflicting-ssid-on-asus-rog-strix-g17.patch
 alsa-pcm-fix-divide-error-in-snd_pcm_lib_ioctl.patch
+serial-8250-8250_omap-fix-possible-array-out-of-bounds-access.patch
+spi-switch-to-signed-types-for-_native_cs-spi-controller-fields.patch
diff --git a/queue-5.10/spi-switch-to-signed-types-for-_native_cs-spi-controller-fields.patch b/queue-5.10/spi-switch-to-signed-types-for-_native_cs-spi-controller-fields.patch
new file mode 100644
index 00000000000..785985ce7ff
--- /dev/null
+++ b/queue-5.10/spi-switch-to-signed-types-for-_native_cs-spi-controller-fields.patch
@@ -0,0 +1,40 @@
+From 35f3f8504c3b60a1ae5576e178b27fc0ddd6157d Mon Sep 17 00:00:00 2001
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Date: Mon, 10 May 2021 16:12:42 +0300
+Subject: spi: Switch to signed types for *_native_cs SPI controller fields
+
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+
+commit 35f3f8504c3b60a1ae5576e178b27fc0ddd6157d upstream.
+
+While fixing undefined behaviour the commit f60d7270c8a3 ("spi: Avoid
+undefined behaviour when counting unused native CSs") missed the case
+when all CSs are GPIOs and thus unused_native_cs will be evaluated to
+-1 in unsigned representation. This will falsely trigger a condition
+in the spi_get_gpio_descs().
+
+Switch to signed types for *_native_cs SPI controller fields to fix above.
+
+Fixes: f60d7270c8a3 ("spi: Avoid undefined behaviour when counting unused native CSs")
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Link: https://lore.kernel.org/r/20210510131242.49455-1-andriy.shevchenko@linux.intel.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Nobuhiro Iwamatsu (CIP) <nobuhiro1.iwamatsu@toshiba.co.jp>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/spi/spi.h |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/linux/spi/spi.h
++++ b/include/linux/spi/spi.h
+@@ -646,8 +646,8 @@ struct spi_controller {
+ 	int			*cs_gpios;
+ 	struct gpio_desc	**cs_gpiods;
+ 	bool			use_gpio_descriptors;
+-	u8			unused_native_cs;
+-	u8			max_native_cs;
++	s8			unused_native_cs;
++	s8			max_native_cs;
+ 
+ 	/* statistics */
+ 	struct spi_statistics	statistics;
-- 
2.47.3