--- /dev/null
+From lee@kernel.org Sat Jul 23 15:54:25 2022
+From: Lee Jones <lee@kernel.org>
+Date: Tue, 19 Jul 2022 12:52:51 +0100
+Subject: io_uring: Use original task for req identity in io_identity_cow()
+To: lee@kernel.org
+Cc: stable@vger.kernel.org, Jens Axboe <axboe@kernel.dk>, Pavel Begunkov <asml.silence@gmail.com>, Alexander Viro <viro@zeniv.linux.org.uk>, io-uring@vger.kernel.org, linux-fsdevel@vger.kernel.org
+Message-ID: <20220719115251.441526-1-lee@kernel.org>
+
+From: Lee Jones <lee@kernel.org>
+
+This issue is conceptually identical to the one fixed in 29f077d07051
+("io_uring: always use original task when preparing req identity"), so
+rather than reinvent the wheel, I'm shamelessly quoting the commit
+message from that patch - thanks Jens:
+
+ "If the ring is setup with IORING_SETUP_IOPOLL and we have more than
+ one task doing submissions on a ring, we can up in a situation where
+ we assign the context from the current task rather than the request
+ originator.
+
+ Always use req->task rather than assume it's the same as current.
+
+ No upstream patch exists for this issue, as only older kernels with
+ the non-native workers have this problem."
+
+Cc: Jens Axboe <axboe@kernel.dk>
+Cc: Pavel Begunkov <asml.silence@gmail.com>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: io-uring@vger.kernel.org
+Cc: linux-fsdevel@vger.kernel.org
+Fixes: 5c3462cfd123b ("io_uring: store io_identity in io_uring_task")
+Signed-off-by: Lee Jones <lee@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/io_uring.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -1325,7 +1325,7 @@ static void io_req_clean_work(struct io_
+ */
+ static bool io_identity_cow(struct io_kiocb *req)
+ {
+- struct io_uring_task *tctx = current->io_uring;
++ struct io_uring_task *tctx = req->task->io_uring;
+ const struct cred *creds = NULL;
+ struct io_identity *id;
+
--- /dev/null
+From 543ce63b664e2c2f9533d089a4664b559c3e6b5b Mon Sep 17 00:00:00 2001
+From: Eric Snowberg <eric.snowberg@oracle.com>
+Date: Wed, 20 Jul 2022 12:40:27 -0400
+Subject: lockdown: Fix kexec lockdown bypass with ima policy
+
+From: Eric Snowberg <eric.snowberg@oracle.com>
+
+commit 543ce63b664e2c2f9533d089a4664b559c3e6b5b upstream.
+
+The lockdown LSM is primarily used in conjunction with UEFI Secure Boot.
+This LSM may also be used on machines without UEFI. It can also be
+enabled when UEFI Secure Boot is disabled. One of lockdown's features
+is to prevent kexec from loading untrusted kernels. Lockdown can be
+enabled through a bootparam or after the kernel has booted through
+securityfs.
+
+If IMA appraisal is used with the "ima_appraise=log" boot param,
+lockdown can be defeated with kexec on any machine when Secure Boot is
+disabled or unavailable. IMA prevents setting "ima_appraise=log" from
+the boot param when Secure Boot is enabled, but this does not cover
+cases where lockdown is used without Secure Boot.
+
+To defeat lockdown, boot without Secure Boot and add ima_appraise=log to
+the kernel command line; then:
+
+ $ echo "integrity" > /sys/kernel/security/lockdown
+ $ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > \
+ /sys/kernel/security/ima/policy
+ $ kexec -ls unsigned-kernel
+
+Add a call to verify ima appraisal is set to "enforce" whenever lockdown
+is enabled. This fixes CVE-2022-21505.
+
+Cc: stable@vger.kernel.org
+Fixes: 29d3c1c8dfe7 ("kexec: Allow kexec_file() with appropriate IMA policy when locked down")
+Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
+Acked-by: Mimi Zohar <zohar@linux.ibm.com>
+Reviewed-by: John Haxby <john.haxby@oracle.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ security/integrity/ima/ima_policy.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/security/integrity/ima/ima_policy.c
++++ b/security/integrity/ima/ima_policy.c
+@@ -1805,6 +1805,10 @@ bool ima_appraise_signature(enum kernel_
+ if (id >= READING_MAX_ID)
+ return false;
+
++ if (id == READING_KEXEC_IMAGE && !(ima_appraise & IMA_APPRAISE_ENFORCE)
++ && security_locked_down(LOCKDOWN_KEXEC))
++ return false;
++
+ func = read_idmap[id] ?: FILE_CHECK;
+
+ rcu_read_lock();
--- /dev/null
+From e5ec6a2513383fe2ecc2ee3b5f51d97acbbcd4d8 Mon Sep 17 00:00:00 2001
+From: Ido Schimmel <idosch@nvidia.com>
+Date: Tue, 19 Jul 2022 15:26:26 +0300
+Subject: mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
+
+From: Ido Schimmel <idosch@nvidia.com>
+
+commit e5ec6a2513383fe2ecc2ee3b5f51d97acbbcd4d8 upstream.
+
+mlxsw needs to distinguish nexthops with a gateway from connected
+nexthops in order to write the former to the adjacency table of the
+device. The check used to rely on the fact that nexthops with a gateway
+have a 'link' scope whereas connected nexthops have a 'host' scope. This
+is no longer correct after commit 747c14307214 ("ip: fix dflt addr
+selection for connected nexthop").
+
+Fix that by instead checking the address family of the gateway IP. This
+is a more direct way and also consistent with the IPv6 counterpart in
+mlxsw_sp_rt6_is_gateway().
+
+Cc: stable@vger.kernel.org
+Fixes: 747c14307214 ("ip: fix dflt addr selection for connected nexthop")
+Fixes: 597cfe4fc339 ("nexthop: Add support for IPv4 nexthops")
+Signed-off-by: Ido Schimmel <idosch@nvidia.com>
+Reviewed-by: Amit Cohen <amcohen@nvidia.com>
+Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+Reviewed-by: David Ahern <dsahern@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
+@@ -4003,7 +4003,7 @@ static bool mlxsw_sp_fi_is_gateway(const
+ {
+ const struct fib_nh *nh = fib_info_nh(fi, 0);
+
+- return nh->fib_nh_scope == RT_SCOPE_LINK ||
++ return nh->fib_nh_gw_family ||
+ mlxsw_sp_nexthop4_ipip_type(mlxsw_sp, nh, NULL);
+ }
+
--- /dev/null
+From a1d4ef1adf8bbd302067534ead671a94759687ed Mon Sep 17 00:00:00 2001
+From: Fabien Dessenne <fabien.dessenne@foss.st.com>
+Date: Mon, 27 Jun 2022 16:23:50 +0200
+Subject: pinctrl: stm32: fix optional IRQ support to gpios
+
+From: Fabien Dessenne <fabien.dessenne@foss.st.com>
+
+commit a1d4ef1adf8bbd302067534ead671a94759687ed upstream.
+
+To act as an interrupt controller, a gpio bank relies on the
+"interrupt-parent" of the pin controller.
+When this optional "interrupt-parent" misses, do not create any IRQ domain.
+
+This fixes a "NULL pointer in stm32_gpio_domain_alloc()" kernel crash when
+the interrupt-parent = <exti> property is not declared in the Device Tree.
+
+Fixes: 0eb9f683336d ("pinctrl: Add IRQ support to STM32 gpios")
+Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
+Link: https://lore.kernel.org/r/20220627142350.742973-1-fabien.dessenne@foss.st.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/stm32/pinctrl-stm32.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+
+--- a/drivers/pinctrl/stm32/pinctrl-stm32.c
++++ b/drivers/pinctrl/stm32/pinctrl-stm32.c
+@@ -1303,15 +1303,17 @@ static int stm32_gpiolib_register_bank(s
+ bank->bank_ioport_nr = bank_ioport_nr;
+ spin_lock_init(&bank->lock);
+
+- /* create irq hierarchical domain */
+- bank->fwnode = of_node_to_fwnode(np);
++ if (pctl->domain) {
++ /* create irq hierarchical domain */
++ bank->fwnode = of_node_to_fwnode(np);
++
++ bank->domain = irq_domain_create_hierarchy(pctl->domain, 0, STM32_GPIO_IRQ_LINE,
++ bank->fwnode, &stm32_gpio_domain_ops,
++ bank);
+
+- bank->domain = irq_domain_create_hierarchy(pctl->domain, 0,
+- STM32_GPIO_IRQ_LINE, bank->fwnode,
+- &stm32_gpio_domain_ops, bank);
+-
+- if (!bank->domain)
+- return -ENODEV;
++ if (!bank->domain)
++ return -ENODEV;
++ }
+
+ err = gpiochip_add_data(&bank->gpio_chip, bank);
+ if (err) {
+@@ -1481,6 +1483,8 @@ int stm32_pctl_probe(struct platform_dev
+ pctl->domain = stm32_pctrl_get_irq_domain(np);
+ if (IS_ERR(pctl->domain))
+ return PTR_ERR(pctl->domain);
++ if (!pctl->domain)
++ dev_warn(dev, "pinctrl without interrupt support\n");
+
+ /* hwspinlock is optional */
+ hwlock_id = of_hwspin_lock_get_id(pdev->dev.of_node, 0);
--- /dev/null
+From c1f6eff304e4dfa4558b6a8c6b2d26a91db6c998 Mon Sep 17 00:00:00 2001
+From: Ben Dooks <ben.dooks@codethink.co.uk>
+Date: Sun, 29 May 2022 16:22:00 +0100
+Subject: riscv: add as-options for modules with assembly compontents
+
+From: Ben Dooks <ben.dooks@codethink.co.uk>
+
+commit c1f6eff304e4dfa4558b6a8c6b2d26a91db6c998 upstream.
+
+When trying to load modules built for RISC-V which include assembly files
+the kernel loader errors with "unexpected relocation type 'R_RISCV_ALIGN'"
+due to R_RISCV_ALIGN relocations being generated by the assembler.
+
+The R_RISCV_ALIGN relocations can be removed at the expense of code space
+by adding -mno-relax to gcc and as. In commit 7a8e7da42250138
+("RISC-V: Fixes to module loading") -mno-relax is added to the build
+variable KBUILD_CFLAGS_MODULE. See [1] for more info.
+
+The issue is that when kbuild builds a .S file, it invokes gcc with
+the -mno-relax flag, but this is not being passed through to the
+assembler. Adding -Wa,-mno-relax to KBUILD_AFLAGS_MODULE ensures that
+the assembler is invoked correctly. This may have now been fixed in
+gcc[2] and this addition should not stop newer gcc and as from working.
+
+[1] https://github.com/riscv/riscv-elf-psabi-doc/issues/183
+[2] https://github.com/gcc-mirror/gcc/commit/3b0a7d624e64eeb81e4d5e8c62c46d86ef521857
+
+Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
+Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
+Link: https://lore.kernel.org/r/20220529152200.609809-1-ben.dooks@codethink.co.uk
+Fixes: ab1ef68e5401 ("RISC-V: Add sections of PLT and GOT for kernel module")
+Cc: stable@vger.kernel.org
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/riscv/Makefile
++++ b/arch/riscv/Makefile
+@@ -73,6 +73,7 @@ ifeq ($(CONFIG_PERF_EVENTS),y)
+ endif
+
+ KBUILD_CFLAGS_MODULE += $(call cc-option,-mno-relax)
++KBUILD_AFLAGS_MODULE += $(call as-option,-Wa$(comma)-mno-relax)
+
+ # GCC versions that support the "-mstrict-align" option default to allowing
+ # unaligned accesses. While unaligned accesses are explicitly allowed in the
projects / thirdparty / kernel / stable-queue.git / commitdiff
