From a94c11aba23db0c7c05cc9b3147a185e97d4cb81 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 20 Oct 2023 18:55:42 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	kvm-x86-mask-lvtpc-when-handling-a-pmi.patch
	nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
	regmap-fix-null-deref-on-lookup.patch
---
 ...m-x86-mask-lvtpc-when-handling-a-pmi.patch | 53 +++++++++++++++++++
 ...nter-dereference-in-send_acknowledge.patch | 38 +++++++++++++
 .../regmap-fix-null-deref-on-lookup.patch     | 35 ++++++++++++
 queue-4.14/series                             |  3 ++
 4 files changed, 129 insertions(+)
 create mode 100644 queue-4.14/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch
 create mode 100644 queue-4.14/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
 create mode 100644 queue-4.14/regmap-fix-null-deref-on-lookup.patch

diff --git a/queue-4.14/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch b/queue-4.14/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch
new file mode 100644
index 00000000000..bf38504f231
--- /dev/null
+++ b/queue-4.14/kvm-x86-mask-lvtpc-when-handling-a-pmi.patch
@@ -0,0 +1,53 @@
+From a16eb25b09c02a54c1c1b449d4b6cfa2cf3f013a Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Mon, 25 Sep 2023 17:34:47 +0000
+Subject: KVM: x86: Mask LVTPC when handling a PMI
+
+From: Jim Mattson <jmattson@google.com>
+
+commit a16eb25b09c02a54c1c1b449d4b6cfa2cf3f013a upstream.
+
+Per the SDM, "When the local APIC handles a performance-monitoring
+counters interrupt, it automatically sets the mask flag in the LVT
+performance counter register."  Add this behavior to KVM's local APIC
+emulation.
+
+Failure to mask the LVTPC entry results in spurious PMIs, e.g. when
+running Linux as a guest, PMI handlers that do a "late_ack" spew a large
+number of "dazed and confused" spurious NMI warnings.
+
+Fixes: f5132b01386b ("KVM: Expose a version 2 architectural PMU to a guests")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Tested-by: Mingwei Zhang <mizhang@google.com>
+Signed-off-by: Mingwei Zhang <mizhang@google.com>
+Link: https://lore.kernel.org/r/20230925173448.3518223-3-mizhang@google.com
+[sean: massage changelog, correct Fixes]
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/lapic.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/lapic.c
++++ b/arch/x86/kvm/lapic.c
+@@ -2085,13 +2085,17 @@ int kvm_apic_local_deliver(struct kvm_la
+ {
+ 	u32 reg = kvm_lapic_get_reg(apic, lvt_type);
+ 	int vector, mode, trig_mode;
++	int r;
+ 
+ 	if (kvm_apic_hw_enabled(apic) && !(reg & APIC_LVT_MASKED)) {
+ 		vector = reg & APIC_VECTOR_MASK;
+ 		mode = reg & APIC_MODE_MASK;
+ 		trig_mode = reg & APIC_LVT_LEVEL_TRIGGER;
+-		return __apic_accept_irq(apic, mode, vector, 1, trig_mode,
+-					NULL);
++
++		r = __apic_accept_irq(apic, mode, vector, 1, trig_mode, NULL);
++		if (r && lvt_type == APIC_LVTPC)
++			kvm_lapic_set_reg(apic, APIC_LVTPC, reg | APIC_LVT_MASKED);
++		return r;
+ 	}
+ 	return 0;
+ }
diff --git a/queue-4.14/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch b/queue-4.14/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
new file mode 100644
index 00000000000..4beb1ea239a
--- /dev/null
+++ b/queue-4.14/nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
@@ -0,0 +1,38 @@
+From 7937609cd387246aed994e81aa4fa951358fba41 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Date: Fri, 13 Oct 2023 20:41:29 +0200
+Subject: nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+
+commit 7937609cd387246aed994e81aa4fa951358fba41 upstream.
+
+Handle memory allocation failure from nci_skb_alloc() (calling
+alloc_skb()) to avoid possible NULL pointer dereference.
+
+Reported-by: 黄思聪 <huangsicong@iie.ac.cn>
+Fixes: 391d8a2da787 ("NFC: Add NCI over SPI receive")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://lore.kernel.org/r/20231013184129.18738-1-krzysztof.kozlowski@linaro.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/nfc/nci/spi.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/nfc/nci/spi.c
++++ b/net/nfc/nci/spi.c
+@@ -163,6 +163,8 @@ static int send_acknowledge(struct nci_s
+ 	int ret;
+ 
+ 	skb = nci_skb_alloc(nspi->ndev, 0, GFP_KERNEL);
++	if (!skb)
++		return -ENOMEM;
+ 
+ 	/* add the NCI SPI header to the start of the buffer */
+ 	hdr = skb_push(skb, NCI_SPI_HDR_LEN);
diff --git a/queue-4.14/regmap-fix-null-deref-on-lookup.patch b/queue-4.14/regmap-fix-null-deref-on-lookup.patch
new file mode 100644
index 00000000000..1397cfe1593
--- /dev/null
+++ b/queue-4.14/regmap-fix-null-deref-on-lookup.patch
@@ -0,0 +1,35 @@
+From c6df843348d6b71ea986266c12831cb60c2cf325 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Fri, 6 Oct 2023 10:21:04 +0200
+Subject: regmap: fix NULL deref on lookup
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit c6df843348d6b71ea986266c12831cb60c2cf325 upstream.
+
+Not all regmaps have a name so make sure to check for that to avoid
+dereferencing a NULL pointer when dev_get_regmap() is used to lookup a
+named regmap.
+
+Fixes: e84861fec32d ("regmap: dev_get_regmap_match(): fix string comparison")
+Cc: stable@vger.kernel.org      # 5.8
+Cc: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Link: https://lore.kernel.org/r/20231006082104.16707-1-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/base/regmap/regmap.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/base/regmap/regmap.c
++++ b/drivers/base/regmap/regmap.c
+@@ -1242,7 +1242,7 @@ static int dev_get_regmap_match(struct d
+ 
+ 	/* If the user didn't specify a name match any */
+ 	if (data)
+-		return !strcmp((*r)->name, data);
++		return (*r)->name && !strcmp((*r)->name, data);
+ 	else
+ 		return 1;
+ }
diff --git a/queue-4.14/series b/queue-4.14/series
index 25828194bfa..2c1adf61213 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -29,3 +29,6 @@ bluetooth-fix-a-refcnt-underflow-problem-for-hci_conn.patch
 bluetooth-vhci-fix-race-when-opening-vhci-device.patch
 bluetooth-hci_event-fix-coding-style.patch
 bluetooth-avoid-memcmp-out-of-bounds-warning.patch
+nfc-nci-fix-possible-null-pointer-dereference-in-send_acknowledge.patch
+regmap-fix-null-deref-on-lookup.patch
+kvm-x86-mask-lvtpc-when-handling-a-pmi.patch
-- 
2.47.3