4.19-stable patches

added patches:
	kvm-x86-mask-lvtpc-when-handling-a-pmi.patch
	nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
	regmap-fix-null-deref-on-lookup.patch

diff --git a/queue-4.19/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch b/queue-4.19/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch
new file mode 100644 (file)
index 0000000..46666bc
--- /dev/null
+++ b/queue-4.19/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch
@@ -0,0 +1,53 @@
+From a16eb25b09c02a54c1c1b449d4b6cfa2cf3f013a Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Mon, 25 Sep 2023 17:34:47 +0000
+Subject: KVM: x86: Mask LVTPC when handling a PMI
+
+From: Jim Mattson <jmattson@google.com>
+
+commit a16eb25b09c02a54c1c1b449d4b6cfa2cf3f013a upstream.
+
+Per the SDM, "When the local APIC handles a performance-monitoring
+counters interrupt, it automatically sets the mask flag in the LVT
+performance counter register."  Add this behavior to KVM's local APIC
+emulation.
+
+Failure to mask the LVTPC entry results in spurious PMIs, e.g. when
+running Linux as a guest, PMI handlers that do a "late_ack" spew a large
+number of "dazed and confused" spurious NMI warnings.
+
+Fixes: f5132b01386b ("KVM: Expose a version 2 architectural PMU to a guests")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Tested-by: Mingwei Zhang <mizhang@google.com>
+Signed-off-by: Mingwei Zhang <mizhang@google.com>
+Link: https://lore.kernel.org/r/20230925173448.3518223-3-mizhang@google.com
+[sean: massage changelog, correct Fixes]
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/lapic.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -2201,13 +2201,17 @@ int kvm_apic_local_deliver(struct kvm_la
+ {
+       u32 reg = kvm_lapic_get_reg(apic, lvt_type);
+       int vector, mode, trig_mode;
++      int r;
+ 
+       if (kvm_apic_hw_enabled(apic) && !(reg & APIC_LVT_MASKED)) {
+               vector = reg & APIC_VECTOR_MASK;
+               mode = reg & APIC_MODE_MASK;
+               trig_mode = reg & APIC_LVT_LEVEL_TRIGGER;
+-              return __apic_accept_irq(apic, mode, vector, 1, trig_mode,
+-                                      NULL);
++
++              r = __apic_accept_irq(apic, mode, vector, 1, trig_mode, NULL);
++              if (r && lvt_type == APIC_LVTPC)
++                      kvm_lapic_set_reg(apic, APIC_LVTPC, reg | APIC_LVT_MASKED);
++              return r;
+       }
+       return 0;
+ }

diff --git a/queue-4.19/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch b/queue-4.19/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
new file mode 100644 (file)
index 0000000..4beb1ea
--- /dev/null
+++ b/queue-4.19/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
@@ -0,0 +1,38 @@
+From 7937609cd387246aed994e81aa4fa951358fba41 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Date: Fri, 13 Oct 2023 20:41:29 +0200
+Subject: nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+
+commit 7937609cd387246aed994e81aa4fa951358fba41 upstream.
+
+Handle memory allocation failure from nci_skb_alloc() (calling
+alloc_skb()) to avoid possible NULL pointer dereference.
+
+Reported-by: 黄思聪 <huangsicong@iie.ac.cn>
+Fixes: 391d8a2da787 ("NFC: Add NCI over SPI receive")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://lore.kernel.org/r/20231013184129.18738-1-krzysztof.kozlowski@linaro.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/nfc/nci/spi.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/nfc/nci/spi.c
++++ b/net/nfc/nci/spi.c
+@@ -163,6 +163,8 @@ static int send_acknowledge(struct nci_s
+       int ret;
+ 
+       skb = nci_skb_alloc(nspi->ndev, 0, GFP_KERNEL);
++      if (!skb)
++              return -ENOMEM;
+ 
+       /* add the NCI SPI header to the start of the buffer */
+       hdr = skb_push(skb, NCI_SPI_HDR_LEN);

diff --git a/queue-4.19/regmap-fix-null-deref-on-lookup.patch b/queue-4.19/regmap-fix-null-deref-on-lookup.patch
new file mode 100644 (file)
index 0000000..7e55586
--- /dev/null
+++ b/queue-4.19/regmap-fix-null-deref-on-lookup.patch
@@ -0,0 +1,35 @@
+From c6df843348d6b71ea986266c12831cb60c2cf325 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Fri, 6 Oct 2023 10:21:04 +0200
+Subject: regmap: fix NULL deref on lookup
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit c6df843348d6b71ea986266c12831cb60c2cf325 upstream.
+
+Not all regmaps have a name so make sure to check for that to avoid
+dereferencing a NULL pointer when dev_get_regmap() is used to lookup a
+named regmap.
+
+Fixes: e84861fec32d ("regmap: dev_get_regmap_match(): fix string comparison")
+Cc: stable@vger.kernel.org      # 5.8
+Cc: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Link: https://lore.kernel.org/r/20231006082104.16707-1-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/base/regmap/regmap.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/base/regmap/regmap.c
++++ b/drivers/base/regmap/regmap.c
+@@ -1343,7 +1343,7 @@ static int dev_get_regmap_match(struct d
+ 
+       /* If the user didn't specify a name match any */
+       if (data)
+-              return !strcmp((*r)->name, data);
++              return (*r)->name && !strcmp((*r)->name, data);
+       else
+               return 1;
+ }

diff --git a/queue-4.19/series b/queue-4.19/series
index f37d0b6db95f67fae8e54c23c7966cbeb1d6543f..c8235fe3d6a0fb81a9fff6f0270782749c871d47 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -49,3 +49,6 @@ bluetooth-fix-a-refcnt-underflow-problem-for-hci_conn.patch
 bluetooth-vhci-fix-race-when-opening-vhci-device.patch
 bluetooth-hci_event-fix-coding-style.patch
 bluetooth-avoid-memcmp-out-of-bounds-warning.patch
+nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
+regmap-fix-null-deref-on-lookup.patch
+kvm-x86-mask-lvtpc-when-handling-a-pmi.patch