--- /dev/null
+From e520d0b6be950ce3738cf4b9bd3b392be818f1dc Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
+Date: Mon, 31 Jul 2023 21:15:48 -0600
+Subject: cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
+
+From: Gustavo A. R. Silva <gustavoars@kernel.org>
+
+commit e520d0b6be950ce3738cf4b9bd3b392be818f1dc upstream.
+
+Allocate extra space for terminating element at:
+
+drivers/cpufreq/brcmstb-avs-cpufreq.c:
+449 table[i].frequency = CPUFREQ_TABLE_END;
+
+and add code comment to make this clear.
+
+This fixes the following -Warray-bounds warning seen after building
+ARM with multi_v7_defconfig (GCC 13):
+In function 'brcm_avs_get_freq_table',
+ inlined from 'brcm_avs_cpufreq_init' at drivers/cpufreq/brcmstb-avs-cpufreq.c:623:15:
+drivers/cpufreq/brcmstb-avs-cpufreq.c:449:28: warning: array subscript 5 is outside array bounds of 'void[60]' [-Warray-bounds=]
+ 449 | table[i].frequency = CPUFREQ_TABLE_END;
+In file included from include/linux/node.h:18,
+ from include/linux/cpu.h:17,
+ from include/linux/cpufreq.h:12,
+ from drivers/cpufreq/brcmstb-avs-cpufreq.c:44:
+In function 'devm_kmalloc_array',
+ inlined from 'devm_kcalloc' at include/linux/device.h:328:9,
+ inlined from 'brcm_avs_get_freq_table' at drivers/cpufreq/brcmstb-avs-cpufreq.c:437:10,
+ inlined from 'brcm_avs_cpufreq_init' at drivers/cpufreq/brcmstb-avs-cpufreq.c:623:15:
+include/linux/device.h:323:16: note: at offset 60 into object of size 60 allocated by 'devm_kmalloc'
+ 323 | return devm_kmalloc(dev, bytes, flags);
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This helps with the ongoing efforts to tighten the FORTIFY_SOURCE
+routines on memcpy() and help us make progress towards globally
+enabling -Warray-bounds.
+
+Link: https://github.com/KSPP/linux/issues/324
+Fixes: de322e085995 ("cpufreq: brcmstb-avs-cpufreq: AVS CPUfreq driver for Broadcom STB SoCs")
+Cc: stable@vger.kernel.org
+Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
+Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/cpufreq/brcmstb-avs-cpufreq.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/cpufreq/brcmstb-avs-cpufreq.c
++++ b/drivers/cpufreq/brcmstb-avs-cpufreq.c
+@@ -434,7 +434,11 @@ brcm_avs_get_freq_table(struct device *d
+ if (ret)
+ return ERR_PTR(ret);
+
+- table = devm_kcalloc(dev, AVS_PSTATE_MAX + 1, sizeof(*table),
++ /*
++ * We allocate space for the 5 different P-STATES AVS,
++ * plus extra space for a terminating element.
++ */
++ table = devm_kcalloc(dev, AVS_PSTATE_MAX + 1 + 1, sizeof(*table),
+ GFP_KERNEL);
+ if (!table)
+ return ERR_PTR(-ENOMEM);
--- /dev/null
+From d9c83f71eeceed2cb54bb78be84f2d4055fd9a1f Mon Sep 17 00:00:00 2001
+From: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
+Date: Thu, 13 Jul 2023 17:15:15 +0200
+Subject: crypto: stm32 - fix loop iterating through scatterlist for DMA
+
+From: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
+
+commit d9c83f71eeceed2cb54bb78be84f2d4055fd9a1f upstream.
+
+We were reading the length of the scatterlist sg after copying value of
+tsg inside.
+So we are using the size of the previous scatterlist and for the first
+one we are using an unitialised value.
+Fix this by copying tsg in sg[0] before reading the size.
+
+Fixes : 8a1012d3f2ab ("crypto: stm32 - Support for STM32 HASH module")
+Cc: stable@vger.kernel.org
+Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/stm32/stm32-hash.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/stm32/stm32-hash.c
++++ b/drivers/crypto/stm32/stm32-hash.c
+@@ -564,9 +564,9 @@ static int stm32_hash_dma_send(struct st
+ }
+
+ for_each_sg(rctx->sg, tsg, rctx->nents, i) {
++ sg[0] = *tsg;
+ len = sg->length;
+
+- sg[0] = *tsg;
+ if (sg_is_last(sg)) {
+ if (hdev->dma_mode == 1) {
+ len = (ALIGN(sg->length, 16) - 16);
--- /dev/null
+From ea5717cb13468323a7c3dd394748301802991f39 Mon Sep 17 00:00:00 2001
+From: Sven Schnelle <svens@linux.ibm.com>
+Date: Tue, 15 Aug 2023 09:26:06 +0200
+Subject: s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
+
+From: Sven Schnelle <svens@linux.ibm.com>
+
+commit ea5717cb13468323a7c3dd394748301802991f39 upstream.
+
+OS installers are relying on /sys/firmware/ipl/has_secure to be
+present on machines supporting secure boot. This file is present
+for all IPL types, but not the unknown type, which prevents a secure
+installation when an LPAR is booted in HMC via FTP(s), because
+this is an unknown IPL type in linux. While at it, also add the secure
+file.
+
+Fixes: c9896acc7851 ("s390/ipl: Provide has_secure sysfs attribute")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
+Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/kernel/ipl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/s390/kernel/ipl.c
++++ b/arch/s390/kernel/ipl.c
+@@ -501,6 +501,8 @@ static struct attribute_group ipl_ccw_at
+
+ static struct attribute *ipl_unknown_attrs[] = {
+ &sys_ipl_type_attr.attr,
++ &sys_ipl_secure_attr.attr,
++ &sys_ipl_has_secure_attr.attr,
+ NULL,
+ };
+
net-handle-arphrd_ppp-in-dev_is_mac_header_xmit.patch
fsverity-skip-pkcs-7-parser-when-keyring-is-empty.patch
pstore-ram-check-start-of-empty-przs-during-init.patch
+s390-ipl-add-missing-secure-has_secure-file-to-ipl-type-unknown.patch
+crypto-stm32-fix-loop-iterating-through-scatterlist-for-dma.patch
+cpufreq-brcmstb-avs-cpufreq-fix-warray-bounds-bug.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
