From 9069046dee7a6742e72b4864acdb2b63090dcba8 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 6 Sep 2022 12:03:55 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	thunderbolt-use-the-actual-buffer-in-tb_async_error.patch
---
 queue-4.14/series                             |  1 +
 ...-the-actual-buffer-in-tb_async_error.patch | 31 +++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 queue-4.14/thunderbolt-use-the-actual-buffer-in-tb_async_error.patch

diff --git a/queue-4.14/series b/queue-4.14/series
index fa8806fea24..b737f196f6c 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -11,3 +11,4 @@ binder-fix-uaf-of-ref-proc-caused-by-race-condition.patch
 drm-i915-reg-fix-spelling-mistake-unsupport-unsuppor.patch
 input-rk805-pwrkey-fix-module-autoloading.patch
 hwmon-gpio-fan-fix-array-out-of-bounds-access.patch
+thunderbolt-use-the-actual-buffer-in-tb_async_error.patch
diff --git a/queue-4.14/thunderbolt-use-the-actual-buffer-in-tb_async_error.patch b/queue-4.14/thunderbolt-use-the-actual-buffer-in-tb_async_error.patch
new file mode 100644
index 00000000000..b76c89e3d1b
--- /dev/null
+++ b/queue-4.14/thunderbolt-use-the-actual-buffer-in-tb_async_error.patch
@@ -0,0 +1,31 @@
+From eb100b8fa8e8b59eb3e5fc7a5fd4a1e3c5950f64 Mon Sep 17 00:00:00 2001
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+Date: Fri, 29 Apr 2022 17:10:17 +0300
+Subject: thunderbolt: Use the actual buffer in tb_async_error()
+
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+
+commit eb100b8fa8e8b59eb3e5fc7a5fd4a1e3c5950f64 upstream.
+
+The received notification packet is held in pkg->buffer and not in pkg
+itself. Fix this by using the correct buffer.
+
+Fixes: 81a54b5e1986 ("thunderbolt: Let the connection manager handle all notifications")
+Cc: stable@vger.kernel.org
+Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/thunderbolt/ctl.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/thunderbolt/ctl.c
++++ b/drivers/thunderbolt/ctl.c
+@@ -401,7 +401,7 @@ static void tb_ctl_rx_submit(struct ctl_
+ 
+ static int tb_async_error(const struct ctl_pkg *pkg)
+ {
+-	const struct cfg_error_pkg *error = (const struct cfg_error_pkg *)pkg;
++	const struct cfg_error_pkg *error = pkg->buffer;
+ 
+ 	if (pkg->frame.eof != TB_CFG_PKG_ERROR)
+ 		return false;
-- 
2.47.3