From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 15 Aug 2021 12:45:59 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v5.4.142~54
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=76ccbfe38949ff17d0da5668803d4ec00ed98b1e;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	asoc-intel-atom-fix-reference-to-pcm-buffer-address.patch
	i2c-dev-zero-out-array-used-for-i2c-reads-from-userspace.patch
---

diff --git a/queue-4.4/asoc-intel-atom-fix-reference-to-pcm-buffer-address.patch b/queue-4.4/asoc-intel-atom-fix-reference-to-pcm-buffer-address.patch
new file mode 100644
index 00000000000..06db74ffd8d
--- /dev/null
+++ b/queue-4.4/asoc-intel-atom-fix-reference-to-pcm-buffer-address.patch
@@ -0,0 +1,48 @@
+From 2e6b836312a477d647a7920b56810a5a25f6c856 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 28 Jul 2021 13:23:50 +0200
+Subject: ASoC: intel: atom: Fix reference to PCM buffer address
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 2e6b836312a477d647a7920b56810a5a25f6c856 upstream.
+
+PCM buffers might be allocated dynamically when the buffer
+preallocation failed or a larger buffer is requested, and it's not
+guaranteed that substream->dma_buffer points to the actually used
+buffer.  The address should be retrieved from runtime->dma_addr,
+instead of substream->dma_buffer (and shouldn't use virt_to_phys).
+
+Also, remove the line overriding runtime->dma_area superfluously,
+which was already set up at the PCM buffer allocation.
+
+Cc: Cezary Rojewski <cezary.rojewski@intel.com>
+Cc: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Link: https://lore.kernel.org/r/20210728112353.6675-3-tiwai@suse.de
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/intel/atom/sst-mfld-platform-pcm.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/sound/soc/intel/atom/sst-mfld-platform-pcm.c
++++ b/sound/soc/intel/atom/sst-mfld-platform-pcm.c
+@@ -134,7 +134,7 @@ static void sst_fill_alloc_params(struct
+ 	snd_pcm_uframes_t period_size;
+ 	ssize_t periodbytes;
+ 	ssize_t buffer_bytes = snd_pcm_lib_buffer_bytes(substream);
+-	u32 buffer_addr = virt_to_phys(substream->dma_buffer.area);
++	u32 buffer_addr = substream->runtime->dma_addr;
+ 
+ 	channels = substream->runtime->channels;
+ 	period_size = substream->runtime->period_size;
+@@ -240,7 +240,6 @@ static int sst_platform_alloc_stream(str
+ 	/* set codec params and inform SST driver the same */
+ 	sst_fill_pcm_params(substream, &param);
+ 	sst_fill_alloc_params(substream, &alloc_params);
+-	substream->runtime->dma_area = substream->dma_buffer.area;
+ 	str_params.sparams = param;
+ 	str_params.aparams = alloc_params;
+ 	str_params.codec = SST_CODEC_TYPE_PCM;
diff --git a/queue-4.4/i2c-dev-zero-out-array-used-for-i2c-reads-from-userspace.patch b/queue-4.4/i2c-dev-zero-out-array-used-for-i2c-reads-from-userspace.patch
new file mode 100644
index 00000000000..906aaf8d5fb
--- /dev/null
+++ b/queue-4.4/i2c-dev-zero-out-array-used-for-i2c-reads-from-userspace.patch
@@ -0,0 +1,48 @@
+From 86ff25ed6cd8240d18df58930bd8848b19fce308 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Thu, 29 Jul 2021 16:35:32 +0200
+Subject: i2c: dev: zero out array used for i2c reads from userspace
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+commit 86ff25ed6cd8240d18df58930bd8848b19fce308 upstream.
+
+If an i2c driver happens to not provide the full amount of data that a
+user asks for, it is possible that some uninitialized data could be sent
+to userspace.  While all in-kernel drivers look to be safe, just be sure
+by initializing the buffer to zero before it is passed to the i2c driver
+so that any future drivers will not have this issue.
+
+Also properly copy the amount of data recvieved to the userspace buffer,
+as pointed out by Dan Carpenter.
+
+Reported-by: Eric Dumazet <edumazet@google.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/i2c/i2c-dev.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/i2c/i2c-dev.c
++++ b/drivers/i2c/i2c-dev.c
+@@ -148,7 +148,7 @@ static ssize_t i2cdev_read(struct file *
+ 	if (count > 8192)
+ 		count = 8192;
+ 
+-	tmp = kmalloc(count, GFP_KERNEL);
++	tmp = kzalloc(count, GFP_KERNEL);
+ 	if (tmp == NULL)
+ 		return -ENOMEM;
+ 
+@@ -157,7 +157,8 @@ static ssize_t i2cdev_read(struct file *
+ 
+ 	ret = i2c_master_recv(client, tmp, count);
+ 	if (ret >= 0)
+-		ret = copy_to_user(buf, tmp, count) ? -EFAULT : ret;
++		if (copy_to_user(buf, tmp, ret))
++			ret = -EFAULT;
+ 	kfree(tmp);
+ 	return ret;
+ }
diff --git a/queue-4.4/series b/queue-4.4/series
new file mode 100644
index 00000000000..67e40efb29d
--- /dev/null
+++ b/queue-4.4/series
@@ -0,0 +1,2 @@
+asoc-intel-atom-fix-reference-to-pcm-buffer-address.patch
+i2c-dev-zero-out-array-used-for-i2c-reads-from-userspace.patch