From d702d082e61b58b0659e0f161447bd99890385ea Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 10 Dec 2020 14:31:24 +0100 Subject: [PATCH] 4.9-stable patches added patches: gfs2-check-for-empty-rgrp-tree-in-gfs2_ri_update.patch i2c-qup-fix-error-return-code-in-qup_i2c_bam_schedule_desc.patch input-i8042-fix-error-return-code-in-i8042_setup_aux.patch --- ...or-empty-rgrp-tree-in-gfs2_ri_update.patch | 37 +++++++++++++++++++ ...rn-code-in-qup_i2c_bam_schedule_desc.patch | 35 ++++++++++++++++++ ...error-return-code-in-i8042_setup_aux.patch | 37 +++++++++++++++++++ queue-4.9/series | 3 ++ 4 files changed, 112 insertions(+) create mode 100644 queue-4.9/gfs2-check-for-empty-rgrp-tree-in-gfs2_ri_update.patch create mode 100644 queue-4.9/i2c-qup-fix-error-return-code-in-qup_i2c_bam_schedule_desc.patch create mode 100644 queue-4.9/input-i8042-fix-error-return-code-in-i8042_setup_aux.patch diff --git a/queue-4.9/gfs2-check-for-empty-rgrp-tree-in-gfs2_ri_update.patch b/queue-4.9/gfs2-check-for-empty-rgrp-tree-in-gfs2_ri_update.patch new file mode 100644 index 00000000000..a041e9f5630 --- /dev/null +++ b/queue-4.9/gfs2-check-for-empty-rgrp-tree-in-gfs2_ri_update.patch @@ -0,0 +1,37 @@ +From 778721510e84209f78e31e2ccb296ae36d623f5e Mon Sep 17 00:00:00 2001 +From: Bob Peterson +Date: Tue, 24 Nov 2020 10:44:36 -0500 +Subject: gfs2: check for empty rgrp tree in gfs2_ri_update + +From: Bob Peterson + +commit 778721510e84209f78e31e2ccb296ae36d623f5e upstream. + +If gfs2 tries to mount a (corrupt) file system that has no resource +groups it still tries to set preferences on the first one, which causes +a kernel null pointer dereference. This patch adds a check to function +gfs2_ri_update so this condition is detected and reported back as an +error. + +Reported-by: syzbot+e3f23ce40269a4c9053a@syzkaller.appspotmail.com +Signed-off-by: Bob Peterson +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Greg Kroah-Hartman + +--- + fs/gfs2/rgrp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/gfs2/rgrp.c ++++ b/fs/gfs2/rgrp.c +@@ -1000,6 +1000,10 @@ static int gfs2_ri_update(struct gfs2_in + if (error < 0) + return error; + ++ if (RB_EMPTY_ROOT(&sdp->sd_rindex_tree)) { ++ fs_err(sdp, "no resource groups found in the file system.\n"); ++ return -ENOENT; ++ } + set_rgrp_preferences(sdp); + + sdp->sd_rindex_uptodate = 1; diff --git a/queue-4.9/i2c-qup-fix-error-return-code-in-qup_i2c_bam_schedule_desc.patch b/queue-4.9/i2c-qup-fix-error-return-code-in-qup_i2c_bam_schedule_desc.patch new file mode 100644 index 00000000000..7758c547ef6 --- /dev/null +++ b/queue-4.9/i2c-qup-fix-error-return-code-in-qup_i2c_bam_schedule_desc.patch @@ -0,0 +1,35 @@ +From e9acf0298c664f825e6f1158f2a97341bf9e03ca Mon Sep 17 00:00:00 2001 +From: Zhihao Cheng +Date: Mon, 16 Nov 2020 22:10:58 +0800 +Subject: i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() + +From: Zhihao Cheng + +commit e9acf0298c664f825e6f1158f2a97341bf9e03ca upstream. + +Fix to return the error code from qup_i2c_change_state() +instaed of 0 in qup_i2c_bam_schedule_desc(). + +Fixes: fbf9921f8b35d9b2 ("i2c: qup: Fix error handling") +Reported-by: Hulk Robot +Signed-off-by: Zhihao Cheng +Reviewed-by: Bjorn Andersson +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-qup.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-qup.c ++++ b/drivers/i2c/busses/i2c-qup.c +@@ -810,7 +810,8 @@ static int qup_i2c_bam_do_xfer(struct qu + if (ret || qup->bus_err || qup->qup_err) { + reinit_completion(&qup->xfer); + +- if (qup_i2c_change_state(qup, QUP_RUN_STATE)) { ++ ret = qup_i2c_change_state(qup, QUP_RUN_STATE); ++ if (ret) { + dev_err(qup->dev, "change to run state timed out"); + goto desc_err; + } diff --git a/queue-4.9/input-i8042-fix-error-return-code-in-i8042_setup_aux.patch b/queue-4.9/input-i8042-fix-error-return-code-in-i8042_setup_aux.patch new file mode 100644 index 00000000000..4f8da35ddd1 --- /dev/null +++ b/queue-4.9/input-i8042-fix-error-return-code-in-i8042_setup_aux.patch @@ -0,0 +1,37 @@ +From 855b69857830f8d918d715014f05e59a3f7491a0 Mon Sep 17 00:00:00 2001 +From: Luo Meng +Date: Tue, 24 Nov 2020 17:45:23 -0800 +Subject: Input: i8042 - fix error return code in i8042_setup_aux() + +From: Luo Meng + +commit 855b69857830f8d918d715014f05e59a3f7491a0 upstream. + +Fix to return a negative error code from the error handling case +instead of 0 in function i8042_setup_aux(), as done elsewhere in this +function. + +Fixes: f81134163fc7 ("Input: i8042 - use platform_driver_probe") +Reported-by: Hulk Robot +Signed-off-by: Luo Meng +Reviewed-by: Hans de Goede +Link: https://lore.kernel.org/r/20201123133420.4071187-1-luomeng12@huawei.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/serio/i8042.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/input/serio/i8042.c ++++ b/drivers/input/serio/i8042.c +@@ -1456,7 +1456,8 @@ static int __init i8042_setup_aux(void) + if (error) + goto err_free_ports; + +- if (aux_enable()) ++ error = aux_enable(); ++ if (error) + goto err_free_irq; + + i8042_aux_irq_registered = true; diff --git a/queue-4.9/series b/queue-4.9/series index abf83e8224b..4512dd8129d 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -39,3 +39,6 @@ spi-bcm-qspi-fix-use-after-free-on-unbind.patch spi-bcm2835-fix-use-after-free-on-unbind.patch spi-bcm2835-release-the-dma-channel-if-probe-fails-after-dma_init.patch tracing-fix-userstacktrace-option-for-instances.patch +gfs2-check-for-empty-rgrp-tree-in-gfs2_ri_update.patch +i2c-qup-fix-error-return-code-in-qup_i2c_bam_schedule_desc.patch +input-i8042-fix-error-return-code-in-i8042_setup_aux.patch -- 2.47.3