From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 6 Nov 2024 08:12:48 +0000 (+0100)
Subject: 6.1-stable patches
X-Git-Tag: v4.19.323~15
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b6805fc95c2728eae09b0e43c092b7843a844d2a;p=thirdparty%2Fkernel%2Fstable-queue.git

6.1-stable patches

added patches:
	drm-amd-display-skip-on-writeback-when-it-s-not-applicable.patch
	vt-prevent-kernel-infoleak-in-con_font_get.patch
---

diff --git a/queue-6.1/drm-amd-display-skip-on-writeback-when-it-s-not-applicable.patch b/queue-6.1/drm-amd-display-skip-on-writeback-when-it-s-not-applicable.patch
new file mode 100644
index 00000000000..79c43d76e1b
--- /dev/null
+++ b/queue-6.1/drm-amd-display-skip-on-writeback-when-it-s-not-applicable.patch
@@ -0,0 +1,62 @@
+From ecedd99a9369fb5cde601ae9abd58bca2739f1ae Mon Sep 17 00:00:00 2001
+From: Alex Hung <alex.hung@amd.com>
+Date: Fri, 15 Mar 2024 21:25:25 -0600
+Subject: drm/amd/display: Skip on writeback when it's not applicable
+
+From: Alex Hung <alex.hung@amd.com>
+
+commit ecedd99a9369fb5cde601ae9abd58bca2739f1ae upstream.
+
+[WHY]
+dynamic memory safety error detector (KASAN) catches and generates error
+messages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not
+support certain features which are not initialized.
+
+[HOW]
+Skip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK.
+
+Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3199
+Reviewed-by: Harry Wentland <harry.wentland@amd.com>
+Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
+Acked-by: Roman Li <roman.li@amd.com>
+Signed-off-by: Alex Hung <alex.hung@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |   10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+@@ -2990,6 +2990,10 @@ static int dm_resume(void *handle)
+ 	/* Do mst topology probing after resuming cached state*/
+ 	drm_connector_list_iter_begin(ddev, &iter);
+ 	drm_for_each_connector_iter(connector, &iter) {
++
++		if (connector->connector_type == DRM_MODE_CONNECTOR_WRITEBACK)
++			continue;
++
+ 		aconnector = to_amdgpu_dm_connector(connector);
+ 		if (aconnector->dc_link->type != dc_connection_mst_branch ||
+ 		    aconnector->mst_port)
+@@ -5722,6 +5726,9 @@ get_highest_refresh_rate_mode(struct amd
+ 		&aconnector->base.probed_modes :
+ 		&aconnector->base.modes;
+ 
++	if (aconnector->base.connector_type == DRM_MODE_CONNECTOR_WRITEBACK)
++		return NULL;
++
+ 	if (aconnector->freesync_vid_base.clock != 0)
+ 		return &aconnector->freesync_vid_base;
+ 
+@@ -8242,6 +8249,9 @@ static void amdgpu_dm_commit_audio(struc
+ 			continue;
+ 
+ 	notify:
++		if (connector->connector_type == DRM_MODE_CONNECTOR_WRITEBACK)
++			continue;
++
+ 		aconnector = to_amdgpu_dm_connector(connector);
+ 
+ 		mutex_lock(&adev->dm.audio_lock);
diff --git a/queue-6.1/series b/queue-6.1/series
index fa124595e25..e504fc6c004 100644
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -120,3 +120,5 @@ mm-shmem-fix-data-race-in-shmem_getattr.patch
 loongarch-fix-build-errors-due-to-backported-timens.patch
 mtd-spi-nor-winbond-fix-w25q128-regression.patch
 drm-amd-display-add-null-checks-for-stream-and-plane-before-dereferencing.patch
+drm-amd-display-skip-on-writeback-when-it-s-not-applicable.patch
+vt-prevent-kernel-infoleak-in-con_font_get.patch
diff --git a/queue-6.1/vt-prevent-kernel-infoleak-in-con_font_get.patch b/queue-6.1/vt-prevent-kernel-infoleak-in-con_font_get.patch
new file mode 100644
index 00000000000..2e7776515a4
--- /dev/null
+++ b/queue-6.1/vt-prevent-kernel-infoleak-in-con_font_get.patch
@@ -0,0 +1,35 @@
+From f956052e00de211b5c9ebaa1958366c23f82ee9e Mon Sep 17 00:00:00 2001
+From: Jeongjun Park <aha310510@gmail.com>
+Date: Fri, 11 Oct 2024 02:46:19 +0900
+Subject: vt: prevent kernel-infoleak in con_font_get()
+
+From: Jeongjun Park <aha310510@gmail.com>
+
+commit f956052e00de211b5c9ebaa1958366c23f82ee9e upstream.
+
+font.data may not initialize all memory spaces depending on the implementation
+of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it
+is safest to modify it to initialize the allocated memory space to 0, and it
+generally does not affect the overall performance of the system.
+
+Cc: stable@vger.kernel.org
+Reported-by: syzbot+955da2d57931604ee691@syzkaller.appspotmail.com
+Fixes: 05e2600cb0a4 ("VT: Bump font size limitation to 64x128 pixels")
+Signed-off-by: Jeongjun Park <aha310510@gmail.com>
+Link: https://lore.kernel.org/r/20241010174619.59662-1-aha310510@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/vt/vt.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/tty/vt/vt.c
++++ b/drivers/tty/vt/vt.c
+@@ -4603,7 +4603,7 @@ static int con_font_get(struct vc_data *
+ 	int c;
+ 
+ 	if (op->data) {
+-		font.data = kmalloc(max_font_size, GFP_KERNEL);
++		font.data = kzalloc(max_font_size, GFP_KERNEL);
+ 		if (!font.data)
+ 			return -ENOMEM;
+ 	} else