From e5b0eefed2896ac84eb0e90a7bfee3e9fe43410c Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Fri, 28 Aug 2020 00:35:15 -0400 Subject: [PATCH] Fixes for 4.14 Signed-off-by: Sasha Levin --- ...y-efi_enter_virtual_mode-implementat.patch | 52 +++++++++++++++++++ ...mbol-dependency-in-__hyp_call_panic_.patch | 42 +++++++++++++++ ...if_capture-fix-potential-double-free.patch | 40 ++++++++++++++ ...spufs-add-config_coredump-dependency.patch | 47 +++++++++++++++++ queue-4.14/series | 5 ++ ...x-a-potential-ub-casued-by-left-shif.patch | 41 +++++++++++++++ 6 files changed, 227 insertions(+) create mode 100644 queue-4.14/efi-provide-empty-efi_enter_virtual_mode-implementat.patch create mode 100644 queue-4.14/kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch create mode 100644 queue-4.14/media-davinci-vpif_capture-fix-potential-double-free.patch create mode 100644 queue-4.14/powerpc-spufs-add-config_coredump-dependency.patch create mode 100644 queue-4.14/usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch diff --git a/queue-4.14/efi-provide-empty-efi_enter_virtual_mode-implementat.patch b/queue-4.14/efi-provide-empty-efi_enter_virtual_mode-implementat.patch new file mode 100644 index 00000000000..5147c2405c9 --- /dev/null +++ b/queue-4.14/efi-provide-empty-efi_enter_virtual_mode-implementat.patch @@ -0,0 +1,52 @@ +From 74fd6d6f301083ad329a46dcb9e1e806a7ea82d8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 Aug 2020 23:25:01 -0700 +Subject: efi: provide empty efi_enter_virtual_mode implementation + +From: Andrey Konovalov + +[ Upstream commit 2c547f9da0539ad1f7ef7f08c8c82036d61b011a ] + +When CONFIG_EFI is not enabled, we might get an undefined reference to +efi_enter_virtual_mode() error, if this efi_enabled() call isn't inlined +into start_kernel(). This happens in particular, if start_kernel() is +annodated with __no_sanitize_address. + +Reported-by: kernel test robot +Signed-off-by: Andrey Konovalov +Signed-off-by: Andrew Morton +Acked-by: Ard Biesheuvel +Cc: Alexander Potapenko +Cc: Andrey Ryabinin +Cc: Catalin Marinas +Cc: Dmitry Vyukov +Cc: Elena Petrova +Cc: Marco Elver +Cc: Vincenzo Frascino +Cc: Walter Wu +Link: http://lkml.kernel.org/r/6514652d3a32d3ed33d6eb5c91d0af63bf0d1a0c.1596544734.git.andreyknvl@google.com +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + include/linux/efi.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 2dab158b74c45..598ee6ba5b18f 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -948,7 +948,11 @@ extern void *efi_get_pal_addr (void); + extern void efi_map_pal_code (void); + extern void efi_memmap_walk (efi_freemem_callback_t callback, void *arg); + extern void efi_gettimeofday (struct timespec64 *ts); ++#ifdef CONFIG_EFI + extern void efi_enter_virtual_mode (void); /* switch EFI to virtual mode, if possible */ ++#else ++static inline void efi_enter_virtual_mode (void) {} ++#endif + #ifdef CONFIG_X86 + extern void efi_late_init(void); + extern void efi_free_boot_services(void); +-- +2.25.1 + diff --git a/queue-4.14/kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch b/queue-4.14/kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch new file mode 100644 index 00000000000..e837cdd9c5e --- /dev/null +++ b/queue-4.14/kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch @@ -0,0 +1,42 @@ +From f582eefd0523dab955e6fdceeec301641d2db2b9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Jun 2020 14:14:06 +0100 +Subject: KVM: arm64: Fix symbol dependency in __hyp_call_panic_nvhe + +From: David Brazdil + +[ Upstream commit b38b298aa4397e2dc74a89b4dd3eac9e59b64c96 ] + +__hyp_call_panic_nvhe contains inline assembly which did not declare +its dependency on the __hyp_panic_string symbol. + +The static-declared string has previously been kept alive because of a use in +__hyp_call_panic_vhe. Fix this in preparation for separating the source files +between VHE and nVHE when the two users land in two different compilation +units. The static variable otherwise gets dropped when compiling the nVHE +source file, causing an undefined symbol linker error later. + +Signed-off-by: David Brazdil +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20200625131420.71444-2-dbrazdil@google.com +Signed-off-by: Sasha Levin +--- + arch/arm64/kvm/hyp/switch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c +index 4a8fdbb292863..0ad952e074457 100644 +--- a/arch/arm64/kvm/hyp/switch.c ++++ b/arch/arm64/kvm/hyp/switch.c +@@ -444,7 +444,7 @@ static void __hyp_text __hyp_call_panic_nvhe(u64 spsr, u64 elr, u64 par, + * making sure it is a kernel address and not a PC-relative + * reference. + */ +- asm volatile("ldr %0, =__hyp_panic_string" : "=r" (str_va)); ++ asm volatile("ldr %0, =%1" : "=r" (str_va) : "S" (__hyp_panic_string)); + + __hyp_do_panic(str_va, + spsr, elr, +-- +2.25.1 + diff --git a/queue-4.14/media-davinci-vpif_capture-fix-potential-double-free.patch b/queue-4.14/media-davinci-vpif_capture-fix-potential-double-free.patch new file mode 100644 index 00000000000..87dca629bd9 --- /dev/null +++ b/queue-4.14/media-davinci-vpif_capture-fix-potential-double-free.patch @@ -0,0 +1,40 @@ +From fba1a1eca8f054c8f8cb381f19abb63222be2338 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 23 Jul 2020 19:04:53 +0200 +Subject: media: davinci: vpif_capture: fix potential double free + +From: Evgeny Novikov + +[ Upstream commit 602649eadaa0c977e362e641f51ec306bc1d365d ] + +In case of errors vpif_probe_complete() releases memory for vpif_obj.sd +and unregisters the V4L2 device. But then this is done again by +vpif_probe() itself. The patch removes the cleaning from +vpif_probe_complete(). + +Found by Linux Driver Verification project (linuxtesting.org). + +Signed-off-by: Evgeny Novikov +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/davinci/vpif_capture.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/media/platform/davinci/vpif_capture.c b/drivers/media/platform/davinci/vpif_capture.c +index dc8fc2120b63f..acc52d28c5c45 100644 +--- a/drivers/media/platform/davinci/vpif_capture.c ++++ b/drivers/media/platform/davinci/vpif_capture.c +@@ -1489,8 +1489,6 @@ probe_out: + /* Unregister video device */ + video_unregister_device(&ch->video_dev); + } +- kfree(vpif_obj.sd); +- v4l2_device_unregister(&vpif_obj.v4l2_dev); + + return err; + } +-- +2.25.1 + diff --git a/queue-4.14/powerpc-spufs-add-config_coredump-dependency.patch b/queue-4.14/powerpc-spufs-add-config_coredump-dependency.patch new file mode 100644 index 00000000000..77c1c492359 --- /dev/null +++ b/queue-4.14/powerpc-spufs-add-config_coredump-dependency.patch @@ -0,0 +1,47 @@ +From f0827e6c975edf8e964971ed05116b4516e907a4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 6 Jul 2020 15:22:46 +0200 +Subject: powerpc/spufs: add CONFIG_COREDUMP dependency + +From: Arnd Bergmann + +[ Upstream commit b648a5132ca3237a0f1ce5d871fff342b0efcf8a ] + +The kernel test robot pointed out a slightly different error message +after recent commit 5456ffdee666 ("powerpc/spufs: simplify spufs core +dumping") to spufs for a configuration that never worked: + + powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_proxydma_info_dump': +>> file.c:(.text+0x4c68): undefined reference to `.dump_emit' + powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_dma_info_dump': + file.c:(.text+0x4d70): undefined reference to `.dump_emit' + powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_wbox_info_dump': + file.c:(.text+0x4df4): undefined reference to `.dump_emit' + +Add a Kconfig dependency to prevent this from happening again. + +Reported-by: kernel test robot +Signed-off-by: Arnd Bergmann +Acked-by: Jeremy Kerr +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200706132302.3885935-1-arnd@arndb.de +Signed-off-by: Sasha Levin +--- + arch/powerpc/platforms/cell/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/powerpc/platforms/cell/Kconfig b/arch/powerpc/platforms/cell/Kconfig +index 9f5958f169234..741a8fa8a3e6b 100644 +--- a/arch/powerpc/platforms/cell/Kconfig ++++ b/arch/powerpc/platforms/cell/Kconfig +@@ -46,6 +46,7 @@ config SPU_FS + tristate "SPU file system" + default m + depends on PPC_CELL ++ depends on COREDUMP + select SPU_BASE + help + The SPU file system is used to access Synergistic Processing +-- +2.25.1 + diff --git a/queue-4.14/series b/queue-4.14/series index c56f9d2e194..a09185f5aa0 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -33,3 +33,8 @@ scsi-iscsi-do-not-put-host-in-iscsi_set_flashnode_pa.patch ceph-fix-potential-mdsc-use-after-free-crash.patch scsi-fcoe-memory-leak-fix-in-fcoe_sysfs_fcf_del.patch edac-ie31200-fallback-if-host-bridge-device-is-alrea.patch +media-davinci-vpif_capture-fix-potential-double-free.patch +kvm-arm64-fix-symbol-dependency-in-__hyp_call_panic_.patch +powerpc-spufs-add-config_coredump-dependency.patch +usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch +efi-provide-empty-efi_enter_virtual_mode-implementat.patch diff --git a/queue-4.14/usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch b/queue-4.14/usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch new file mode 100644 index 00000000000..c7b367b68c6 --- /dev/null +++ b/queue-4.14/usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch @@ -0,0 +1,41 @@ +From 453272c3f69ee3187a1c75641aca1ad4dece93b3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 11 Jul 2020 00:30:18 -0400 +Subject: USB: sisusbvga: Fix a potential UB casued by left shifting a negative + value + +From: Changming Liu + +[ Upstream commit 2b53a19284f537168fb506f2f40d7fda40a01162 ] + +The char buffer buf, receives data directly from user space, +so its content might be negative and its elements are left +shifted to form an unsigned integer. + +Since left shifting a negative value is undefined behavior, thus +change the char to u8 to elimintate this UB. + +Signed-off-by: Changming Liu +Link: https://lore.kernel.org/r/20200711043018.928-1-charley.ashbringer@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/misc/sisusbvga/sisusb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/usb/misc/sisusbvga/sisusb.c b/drivers/usb/misc/sisusbvga/sisusb.c +index a6f88442a53a9..a020d5eafb4a5 100644 +--- a/drivers/usb/misc/sisusbvga/sisusb.c ++++ b/drivers/usb/misc/sisusbvga/sisusb.c +@@ -760,7 +760,7 @@ static int sisusb_write_mem_bulk(struct sisusb_usb_data *sisusb, u32 addr, + u8 swap8, fromkern = kernbuffer ? 1 : 0; + u16 swap16; + u32 swap32, flag = (length >> 28) & 1; +- char buf[4]; ++ u8 buf[4]; + + /* if neither kernbuffer not userbuffer are given, assume + * data in obuf +-- +2.25.1 + -- 2.47.2