From c06380a2392caea768f210d05f3b6ecab5c4d330 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 7 Jul 2020 16:11:34 +0200
Subject: [PATCH] 4.9-stable patches

added patches:
	efi-make-it-possible-to-disable-efivar_ssdt-entirely.patch
	netfilter-nf_conntrack_h323-lost-.data_len-definition-for-q.931-ipv6.patch
---
 ...ible-to-disable-efivar_ssdt-entirely.patch | 61 +++++++++++++++++++
 ...-.data_len-definition-for-q.931-ipv6.patch | 42 +++++++++++++
 queue-4.9/series                              |  2 +
 3 files changed, 105 insertions(+)
 create mode 100644 queue-4.9/efi-make-it-possible-to-disable-efivar_ssdt-entirely.patch
 create mode 100644 queue-4.9/netfilter-nf_conntrack_h323-lost-.data_len-definition-for-q.931-ipv6.patch

diff --git a/queue-4.9/efi-make-it-possible-to-disable-efivar_ssdt-entirely.patch b/queue-4.9/efi-make-it-possible-to-disable-efivar_ssdt-entirely.patch
new file mode 100644
index 00000000000..4b65f831a1c
--- /dev/null
+++ b/queue-4.9/efi-make-it-possible-to-disable-efivar_ssdt-entirely.patch
@@ -0,0 +1,61 @@
+From 435d1a471598752446a72ad1201b3c980526d869 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 15 Jun 2020 16:24:08 -0400
+Subject: efi: Make it possible to disable efivar_ssdt entirely
+
+From: Peter Jones <pjones@redhat.com>
+
+commit 435d1a471598752446a72ad1201b3c980526d869 upstream.
+
+In most cases, such as CONFIG_ACPI_CUSTOM_DSDT and
+CONFIG_ACPI_TABLE_UPGRADE, boot-time modifications to firmware tables
+are tied to specific Kconfig options.  Currently this is not the case
+for modifying the ACPI SSDT via the efivar_ssdt kernel command line
+option and associated EFI variable.
+
+This patch adds CONFIG_EFI_CUSTOM_SSDT_OVERLAYS, which defaults
+disabled, in order to allow enabling or disabling that feature during
+the build.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Link: https://lore.kernel.org/r/20200615202408.2242614-1-pjones@redhat.com
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/firmware/efi/Kconfig |   11 +++++++++++
+ drivers/firmware/efi/efi.c   |    2 +-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/drivers/firmware/efi/Kconfig
++++ b/drivers/firmware/efi/Kconfig
+@@ -129,6 +129,17 @@ config EFI_TEST
+ 	  Say Y here to enable the runtime services support via /dev/efi_test.
+ 	  If unsure, say N.
+ 
++config EFI_CUSTOM_SSDT_OVERLAYS
++	bool "Load custom ACPI SSDT overlay from an EFI variable"
++	depends on EFI_VARS && ACPI
++	default ACPI_TABLE_UPGRADE
++	help
++	  Allow loading of an ACPI SSDT overlay from an EFI variable specified
++	  by a kernel command line option.
++
++	  See Documentation/admin-guide/acpi/ssdt-overlays.rst for more
++	  information.
++
+ endmenu
+ 
+ config UEFI_CPER
+--- a/drivers/firmware/efi/efi.c
++++ b/drivers/firmware/efi/efi.c
+@@ -198,7 +198,7 @@ static void generic_ops_unregister(void)
+ 	efivars_unregister(&generic_efivars);
+ }
+ 
+-#if IS_ENABLED(CONFIG_ACPI)
++#ifdef CONFIG_EFI_CUSTOM_SSDT_OVERLAYS
+ #define EFIVAR_SSDT_NAME_MAX	16
+ static char efivar_ssdt[EFIVAR_SSDT_NAME_MAX] __initdata;
+ static int __init efivar_ssdt_setup(char *str)
diff --git a/queue-4.9/netfilter-nf_conntrack_h323-lost-.data_len-definition-for-q.931-ipv6.patch b/queue-4.9/netfilter-nf_conntrack_h323-lost-.data_len-definition-for-q.931-ipv6.patch
new file mode 100644
index 00000000000..644fc3753b7
--- /dev/null
+++ b/queue-4.9/netfilter-nf_conntrack_h323-lost-.data_len-definition-for-q.931-ipv6.patch
@@ -0,0 +1,42 @@
+From MAILER-DAEMON Tue Jul  7 14:02:16 2020
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Tue, 09 Jun 2020 10:53:22 +0300
+Subject: netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
+To: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
+Cc: Florian Westphal <fw@strlen.de>
+Message-ID: <c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com>
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+Could you please push this patch into stable@?
+it fixes memory corruption in kernels  v3.5 .. v4.10
+
+Lost .data_len definition leads to write beyond end of
+struct nf_ct_h323_master. Usually it corrupts following
+struct nf_conn_nat, however if nat is not loaded it corrupts
+following slab object.
+
+In mainline this problem went away in v4.11,
+after commit 9f0f3ebeda47 ("netfilter: helpers: remove data_len usage
+for inkernel helpers") however many stable kernels are still affected.
+
+Fixes: 1afc56794e03 ("netfilter: nf_ct_helper: implement variable length helper private data") # v3.5
+cc: stable@vger.kernel.org
+Reviewed-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_conntrack_h323_main.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/netfilter/nf_conntrack_h323_main.c
++++ b/net/netfilter/nf_conntrack_h323_main.c
+@@ -1225,6 +1225,7 @@ static struct nf_conntrack_helper nf_con
+ 	{
+ 		.name			= "Q.931",
+ 		.me			= THIS_MODULE,
++		.data_len		= sizeof(struct nf_ct_h323_master),
+ 		.tuple.src.l3num	= AF_INET6,
+ 		.tuple.src.u.tcp.port	= cpu_to_be16(Q931_PORT),
+ 		.tuple.dst.protonum	= IPPROTO_TCP,
diff --git a/queue-4.9/series b/queue-4.9/series
index ac6a36575a2..2fa523912f3 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -20,3 +20,5 @@ smb3-honor-seal-flag-for-multiuser-mounts.patch
 smb3-honor-persistent-resilient-handle-flags-for-multiuser-mounts.patch
 cifs-fix-the-target-file-was-deleted-when-rename-failed.patch
 mips-add-missing-ehb-in-mtc0-mfc0-sequence-for-dspen.patch
+netfilter-nf_conntrack_h323-lost-.data_len-definition-for-q.931-ipv6.patch
+efi-make-it-possible-to-disable-efivar_ssdt-entirely.patch
-- 
2.47.3