From 783b9b7f21e1cd3c9bca2445364b2d273b70231b Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 9 Jul 2022 10:25:23 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	fbcon-disallow-setting-font-bigger-than-screen-size.patch
	iommu-vt-d-fix-pci-bus-rescan-device-hot-add.patch
	video-of_display_timing.h-include-errno.h.patch
---
 ...setting-font-bigger-than-screen-size.patch | 37 ++++++++++++
 ...-d-fix-pci-bus-rescan-device-hot-add.patch | 57 +++++++++++++++++++
 queue-4.14/series                             |  3 +
 ...-of_display_timing.h-include-errno.h.patch | 33 +++++++++++
 4 files changed, 130 insertions(+)
 create mode 100644 queue-4.14/fbcon-disallow-setting-font-bigger-than-screen-size.patch
 create mode 100644 queue-4.14/iommu-vt-d-fix-pci-bus-rescan-device-hot-add.patch
 create mode 100644 queue-4.14/video-of_display_timing.h-include-errno.h.patch

diff --git a/queue-4.14/fbcon-disallow-setting-font-bigger-than-screen-size.patch b/queue-4.14/fbcon-disallow-setting-font-bigger-than-screen-size.patch
new file mode 100644
index 00000000000..ce74dcb8e82
--- /dev/null
+++ b/queue-4.14/fbcon-disallow-setting-font-bigger-than-screen-size.patch
@@ -0,0 +1,37 @@
+From 65a01e601dbba8b7a51a2677811f70f783766682 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sat, 25 Jun 2022 12:56:49 +0200
+Subject: fbcon: Disallow setting font bigger than screen size
+
+From: Helge Deller <deller@gmx.de>
+
+commit 65a01e601dbba8b7a51a2677811f70f783766682 upstream.
+
+Prevent that users set a font size which is bigger than the physical screen.
+It's unlikely this may happen (because screens are usually much larger than the
+fonts and each font char is limited to 32x32 pixels), but it may happen on
+smaller screens/LCD displays.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Cc: stable@vger.kernel.org # v4.14+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/core/fbcon.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/video/fbdev/core/fbcon.c
++++ b/drivers/video/fbdev/core/fbcon.c
+@@ -2445,6 +2445,11 @@ static int fbcon_set_font(struct vc_data
+ 	if (charcount != 256 && charcount != 512)
+ 		return -EINVAL;
+ 
++	/* font bigger than screen resolution ? */
++	if (w > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) ||
++	    h > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres))
++		return -EINVAL;
++
+ 	/* Make sure drawing engine can handle the font */
+ 	if (!(info->pixmap.blit_x & (1 << (font->width - 1))) ||
+ 	    !(info->pixmap.blit_y & (1 << (font->height - 1))))
diff --git a/queue-4.14/iommu-vt-d-fix-pci-bus-rescan-device-hot-add.patch b/queue-4.14/iommu-vt-d-fix-pci-bus-rescan-device-hot-add.patch
new file mode 100644
index 00000000000..108ebff7c64
--- /dev/null
+++ b/queue-4.14/iommu-vt-d-fix-pci-bus-rescan-device-hot-add.patch
@@ -0,0 +1,57 @@
+From 316f92a705a4c2bf4712135180d56f3cca09243a Mon Sep 17 00:00:00 2001
+From: Yian Chen <yian.chen@intel.com>
+Date: Fri, 20 May 2022 17:21:15 -0700
+Subject: iommu/vt-d: Fix PCI bus rescan device hot add
+
+From: Yian Chen <yian.chen@intel.com>
+
+commit 316f92a705a4c2bf4712135180d56f3cca09243a upstream.
+
+Notifier calling chain uses priority to determine the execution
+order of the notifiers or listeners registered to the chain.
+PCI bus device hot add utilizes the notification mechanism.
+
+The current code sets low priority (INT_MIN) to Intel
+dmar_pci_bus_notifier and postpones DMAR decoding after adding
+new device into IOMMU. The result is that struct device pointer
+cannot be found in DRHD search for the new device's DMAR/IOMMU.
+Subsequently, the device is put under the "catch-all" IOMMU
+instead of the correct one. This could cause system hang when
+device TLB invalidation is sent to the wrong IOMMU. Invalidation
+timeout error and hard lockup have been observed and data
+inconsistency/crush may occur as well.
+
+This patch fixes the issue by setting a positive priority(1) for
+dmar_pci_bus_notifier while the priority of IOMMU bus notifier
+uses the default value(0), therefore DMAR decoding will be in
+advance of DRHD search for a new device to find the correct IOMMU.
+
+Following is a 2-step example that triggers the bug by simulating
+PCI device hot add behavior in Intel Sapphire Rapids server.
+
+echo 1 > /sys/bus/pci/devices/0000:6a:01.0/remove
+echo 1 > /sys/bus/pci/rescan
+
+Fixes: 59ce0515cdaf ("iommu/vt-d: Update DRHD/RMRR/ATSR device scope")
+Cc: stable@vger.kernel.org # v3.15+
+Reported-by: Zhang, Bernice <bernice.zhang@intel.com>
+Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
+Signed-off-by: Yian Chen <yian.chen@intel.com>
+Link: https://lore.kernel.org/r/20220521002115.1624069-1-yian.chen@intel.com
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iommu/dmar.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -374,7 +374,7 @@ static int dmar_pci_bus_notifier(struct
+ 
+ static struct notifier_block dmar_pci_bus_nb = {
+ 	.notifier_call = dmar_pci_bus_notifier,
+-	.priority = INT_MIN,
++	.priority = 1,
+ };
+ 
+ static struct dmar_drhd_unit *
diff --git a/queue-4.14/series b/queue-4.14/series
index d159c973906..21c104c5214 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -4,3 +4,6 @@ can-grcan-grcan_probe-remove-extra-of_node_get.patch
 can-gs_usb-gs_usb_open-close-fix-memory-leak.patch
 usbnet-fix-memory-leak-in-error-case.patch
 net-rose-fix-uaf-bug-caused-by-rose_t0timer_expiry.patch
+iommu-vt-d-fix-pci-bus-rescan-device-hot-add.patch
+fbcon-disallow-setting-font-bigger-than-screen-size.patch
+video-of_display_timing.h-include-errno.h.patch
diff --git a/queue-4.14/video-of_display_timing.h-include-errno.h.patch b/queue-4.14/video-of_display_timing.h-include-errno.h.patch
new file mode 100644
index 00000000000..3cc32f23147
--- /dev/null
+++ b/queue-4.14/video-of_display_timing.h-include-errno.h.patch
@@ -0,0 +1,33 @@
+From 3663a2fb325b8782524f3edb0ae32d6faa615109 Mon Sep 17 00:00:00 2001
+From: Hsin-Yi Wang <hsinyi@chromium.org>
+Date: Fri, 1 Jul 2022 01:33:29 +0800
+Subject: video: of_display_timing.h: include errno.h
+
+From: Hsin-Yi Wang <hsinyi@chromium.org>
+
+commit 3663a2fb325b8782524f3edb0ae32d6faa615109 upstream.
+
+If CONFIG_OF is not enabled, default of_get_display_timing() returns an
+errno, so include the header.
+
+Fixes: 422b67e0b31a ("videomode: provide dummy inline functions for !CONFIG_OF")
+Suggested-by: Stephen Boyd <swboyd@chromium.org>
+Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
+Reviewed-by: Stephen Boyd <swboyd@chromium.org>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/video/of_display_timing.h |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/include/video/of_display_timing.h
++++ b/include/video/of_display_timing.h
+@@ -9,6 +9,8 @@
+ #ifndef __LINUX_OF_DISPLAY_TIMING_H
+ #define __LINUX_OF_DISPLAY_TIMING_H
+ 
++#include <linux/errno.h>
++
+ struct device_node;
+ struct display_timing;
+ struct display_timings;
-- 
2.47.3