From 54c4fbeaa960eb03dadb8b1f6b55c54c464264a1 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 17 Jun 2024 14:18:20 +0200
Subject: [PATCH] 4.19-stable patches

added patches:
	jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
	xhci-apply-broken-streams-quirk-to-etron-ej188-xhci-host.patch
	xhci-apply-reset-resume-quirk-to-etron-ej188-xhci-host.patch
---
 ...ix-buffer-overflow-for-invalid-xattr.patch | 40 +++++++++++++++++
 queue-4.19/series                             |  3 ++
 ...reams-quirk-to-etron-ej188-xhci-host.patch | 37 ++++++++++++++++
 ...esume-quirk-to-etron-ej188-xhci-host.patch | 43 +++++++++++++++++++
 4 files changed, 123 insertions(+)
 create mode 100644 queue-4.19/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
 create mode 100644 queue-4.19/xhci-apply-broken-streams-quirk-to-etron-ej188-xhci-host.patch
 create mode 100644 queue-4.19/xhci-apply-reset-resume-quirk-to-etron-ej188-xhci-host.patch

diff --git a/queue-4.19/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch b/queue-4.19/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
new file mode 100644
index 00000000000..f7bb214c862
--- /dev/null
+++ b/queue-4.19/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
@@ -0,0 +1,40 @@
+From 7c55b78818cfb732680c4a72ab270cc2d2ee3d0f Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Tue, 14 May 2024 12:06:34 +0200
+Subject: jfs: xattr: fix buffer overflow for invalid xattr
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+commit 7c55b78818cfb732680c4a72ab270cc2d2ee3d0f upstream.
+
+When an xattr size is not what is expected, it is printed out to the
+kernel log in hex format as a form of debugging.  But when that xattr
+size is bigger than the expected size, printing it out can cause an
+access off the end of the buffer.
+
+Fix this all up by properly restricting the size of the debug hex dump
+in the kernel log.
+
+Reported-by: syzbot+9dfe490c8176301c1d06@syzkaller.appspotmail.com
+Cc: Dave Kleikamp <shaggy@kernel.org>
+Link: https://lore.kernel.org/r/2024051433-slider-cloning-98f9@gregkh
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/jfs/xattr.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/jfs/xattr.c
++++ b/fs/jfs/xattr.c
+@@ -570,9 +570,11 @@ static int ea_get(struct inode *inode, s
+ 
+       size_check:
+ 	if (EALIST_SIZE(ea_buf->xattr) != ea_size) {
++		int size = min_t(int, EALIST_SIZE(ea_buf->xattr), ea_size);
++
+ 		printk(KERN_ERR "ea_get: invalid extended attribute\n");
+ 		print_hex_dump(KERN_ERR, "", DUMP_PREFIX_ADDRESS, 16, 1,
+-				     ea_buf->xattr, ea_size, 1);
++				     ea_buf->xattr, size, 1);
+ 		ea_release(inode, ea_buf);
+ 		rc = -EIO;
+ 		goto clean_up;
diff --git a/queue-4.19/series b/queue-4.19/series
index ec6bb12b3de..6d9562ef0d4 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -30,3 +30,6 @@ nilfs2-return-the-mapped-address-from-nilfs_get_page.patch
 nilfs2-fix-nilfs_empty_dir-misjudgment-and-long-loop.patch
 usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch
 mei-me-release-irq-in-mei_me_pci_resume-error-path.patch
+jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
+xhci-apply-reset-resume-quirk-to-etron-ej188-xhci-host.patch
+xhci-apply-broken-streams-quirk-to-etron-ej188-xhci-host.patch
diff --git a/queue-4.19/xhci-apply-broken-streams-quirk-to-etron-ej188-xhci-host.patch b/queue-4.19/xhci-apply-broken-streams-quirk-to-etron-ej188-xhci-host.patch
new file mode 100644
index 00000000000..3aa744bbebe
--- /dev/null
+++ b/queue-4.19/xhci-apply-broken-streams-quirk-to-etron-ej188-xhci-host.patch
@@ -0,0 +1,37 @@
+From 91f7a1524a92c70ffe264db8bdfa075f15bbbeb9 Mon Sep 17 00:00:00 2001
+From: Kuangyi Chiang <ki.chiang65@gmail.com>
+Date: Tue, 11 Jun 2024 15:06:09 +0300
+Subject: xhci: Apply broken streams quirk to Etron EJ188 xHCI host
+
+From: Kuangyi Chiang <ki.chiang65@gmail.com>
+
+commit 91f7a1524a92c70ffe264db8bdfa075f15bbbeb9 upstream.
+
+As described in commit 8f873c1ff4ca ("xhci: Blacklist using streams on the
+Etron EJ168 controller"), EJ188 have the same issue as EJ168, where Streams
+do not work reliable on EJ188. So apply XHCI_BROKEN_STREAMS quirk to EJ188
+as well.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Kuangyi Chiang <ki.chiang65@gmail.com>
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Link: https://lore.kernel.org/r/20240611120610.3264502-4-mathias.nyman@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/host/xhci-pci.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/host/xhci-pci.c
++++ b/drivers/usb/host/xhci-pci.c
+@@ -225,8 +225,10 @@ static void xhci_pci_quirks(struct devic
+ 		xhci->quirks |= XHCI_BROKEN_STREAMS;
+ 	}
+ 	if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
+-			pdev->device == PCI_DEVICE_ID_EJ188)
++			pdev->device == PCI_DEVICE_ID_EJ188) {
+ 		xhci->quirks |= XHCI_RESET_ON_RESUME;
++		xhci->quirks |= XHCI_BROKEN_STREAMS;
++	}
+ 
+ 	if (pdev->vendor == PCI_VENDOR_ID_RENESAS &&
+ 	    pdev->device == 0x0014) {
diff --git a/queue-4.19/xhci-apply-reset-resume-quirk-to-etron-ej188-xhci-host.patch b/queue-4.19/xhci-apply-reset-resume-quirk-to-etron-ej188-xhci-host.patch
new file mode 100644
index 00000000000..9474b8c57cd
--- /dev/null
+++ b/queue-4.19/xhci-apply-reset-resume-quirk-to-etron-ej188-xhci-host.patch
@@ -0,0 +1,43 @@
+From 17bd54555c2aaecfdb38e2734149f684a73fa584 Mon Sep 17 00:00:00 2001
+From: Kuangyi Chiang <ki.chiang65@gmail.com>
+Date: Tue, 11 Jun 2024 15:06:08 +0300
+Subject: xhci: Apply reset resume quirk to Etron EJ188 xHCI host
+
+From: Kuangyi Chiang <ki.chiang65@gmail.com>
+
+commit 17bd54555c2aaecfdb38e2734149f684a73fa584 upstream.
+
+As described in commit c877b3b2ad5c ("xhci: Add reset on resume quirk for
+asrock p67 host"), EJ188 have the same issue as EJ168, where completely
+dies on resume. So apply XHCI_RESET_ON_RESUME quirk to EJ188 as well.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Kuangyi Chiang <ki.chiang65@gmail.com>
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Link: https://lore.kernel.org/r/20240611120610.3264502-3-mathias.nyman@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/host/xhci-pci.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/usb/host/xhci-pci.c
++++ b/drivers/usb/host/xhci-pci.c
+@@ -33,6 +33,7 @@
+ 
+ #define PCI_VENDOR_ID_ETRON		0x1b6f
+ #define PCI_DEVICE_ID_EJ168		0x7023
++#define PCI_DEVICE_ID_EJ188		0x7052
+ 
+ #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI	0x8c31
+ #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI	0x9c31
+@@ -223,6 +224,10 @@ static void xhci_pci_quirks(struct devic
+ 		xhci->quirks |= XHCI_TRUST_TX_LENGTH;
+ 		xhci->quirks |= XHCI_BROKEN_STREAMS;
+ 	}
++	if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
++			pdev->device == PCI_DEVICE_ID_EJ188)
++		xhci->quirks |= XHCI_RESET_ON_RESUME;
++
+ 	if (pdev->vendor == PCI_VENDOR_ID_RENESAS &&
+ 	    pdev->device == 0x0014) {
+ 		xhci->quirks |= XHCI_TRUST_TX_LENGTH;
-- 
2.47.3