From 70818bb3e84ee1fea0fe40220eb71a2f9af81bb6 Mon Sep 17 00:00:00 2001 From: Mike Pagano Date: Wed, 27 Apr 2022 07:38:31 -0400 Subject: Linux patch 4.9.312 Signed-off-by: Mike Pagano --- 0000_README | 4 + 1311_linux-4.9.312.patch | 450 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 454 insertions(+) create mode 100644 1311_linux-4.9.312.patch diff --git a/0000_README b/0000_README index 26dfe77a..9590ee57 100644 --- a/0000_README +++ b/0000_README @@ -1287,6 +1287,10 @@ Patch: 1310_linux-4.9.311.patch From: http://www.kernel.org Desc: Linux 4.9.311 +Patch: 1311_linux-4.9.312.patch +From: http://www.kernel.org +Desc: Linux 4.9.312 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1311_linux-4.9.312.patch b/1311_linux-4.9.312.patch new file mode 100644 index 00000000..fe2e29a4 --- /dev/null +++ b/1311_linux-4.9.312.patch @@ -0,0 +1,450 @@ +diff --git a/Makefile b/Makefile +index c1a20e4a2d136..a9f16c9c9614f 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 9 +-SUBLEVEL = 311 ++SUBLEVEL = 312 + EXTRAVERSION = + NAME = Roaring Lionus + +diff --git a/arch/arc/kernel/entry.S b/arch/arc/kernel/entry.S +index 37ad245cf9899..fb458623f3860 100644 +--- a/arch/arc/kernel/entry.S ++++ b/arch/arc/kernel/entry.S +@@ -191,6 +191,7 @@ tracesys_exit: + st r0, [sp, PT_r0] ; sys call return value in pt_regs + + ;POST Sys Call Ptrace Hook ++ mov r0, sp ; pt_regs needed + bl @syscall_trace_exit + b ret_from_exception ; NOT ret_from_system_call at is saves r0 which + ; we'd done before calling post hook above +diff --git a/arch/arm/mach-vexpress/spc.c b/arch/arm/mach-vexpress/spc.c +index 635b0d5494874..c16f396140032 100644 +--- a/arch/arm/mach-vexpress/spc.c ++++ b/arch/arm/mach-vexpress/spc.c +@@ -584,7 +584,7 @@ static int __init ve_spc_clk_init(void) + } + + cluster = topology_physical_package_id(cpu_dev->id); +- if (init_opp_table[cluster]) ++ if (cluster < 0 || init_opp_table[cluster]) + continue; + + if (ve_init_opp_table(cpu_dev)) +diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c +index b6e5447d563ee..f538bac4ac66a 100644 +--- a/block/compat_ioctl.c ++++ b/block/compat_ioctl.c +@@ -394,7 +394,7 @@ long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg) + return 0; + case BLKGETSIZE: + size = i_size_read(bdev->bd_inode); +- if ((size >> 9) > ~0UL) ++ if ((size >> 9) > ~(compat_ulong_t)0) + return -EFBIG; + return compat_put_ulong(arg, size >> 9); + +diff --git a/drivers/ata/pata_marvell.c b/drivers/ata/pata_marvell.c +index ff468a6fd8ddc..677f582cf3d6c 100644 +--- a/drivers/ata/pata_marvell.c ++++ b/drivers/ata/pata_marvell.c +@@ -82,6 +82,8 @@ static int marvell_cable_detect(struct ata_port *ap) + switch(ap->port_no) + { + case 0: ++ if (!ap->ioaddr.bmdma_addr) ++ return ATA_CBL_PATA_UNK; + if (ioread8(ap->ioaddr.bmdma_addr + 1) & 1) + return ATA_CBL_PATA40; + return ATA_CBL_PATA80; +diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c +index c15ca560fe60d..ca266fcca186c 100644 +--- a/drivers/dma/at_xdmac.c ++++ b/drivers/dma/at_xdmac.c +@@ -1392,7 +1392,7 @@ at_xdmac_tx_status(struct dma_chan *chan, dma_cookie_t cookie, + { + struct at_xdmac_chan *atchan = to_at_xdmac_chan(chan); + struct at_xdmac *atxdmac = to_at_xdmac(atchan->chan.device); +- struct at_xdmac_desc *desc, *_desc; ++ struct at_xdmac_desc *desc, *_desc, *iter; + struct list_head *descs_list; + enum dma_status ret; + int residue, retry; +@@ -1507,11 +1507,13 @@ at_xdmac_tx_status(struct dma_chan *chan, dma_cookie_t cookie, + * microblock. + */ + descs_list = &desc->descs_list; +- list_for_each_entry_safe(desc, _desc, descs_list, desc_node) { +- dwidth = at_xdmac_get_dwidth(desc->lld.mbr_cfg); +- residue -= (desc->lld.mbr_ubc & 0xffffff) << dwidth; +- if ((desc->lld.mbr_nda & 0xfffffffc) == cur_nda) ++ list_for_each_entry_safe(iter, _desc, descs_list, desc_node) { ++ dwidth = at_xdmac_get_dwidth(iter->lld.mbr_cfg); ++ residue -= (iter->lld.mbr_ubc & 0xffffff) << dwidth; ++ if ((iter->lld.mbr_nda & 0xfffffffc) == cur_nda) { ++ desc = iter; + break; ++ } + } + residue += cur_ubc << dwidth; + +diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c +index 558d509b7d855..4337cf9defc24 100644 +--- a/drivers/dma/imx-sdma.c ++++ b/drivers/dma/imx-sdma.c +@@ -1528,7 +1528,7 @@ static int sdma_event_remap(struct sdma_engine *sdma) + u32 reg, val, shift, num_map, i; + int ret = 0; + +- if (IS_ERR(np) || IS_ERR(gpr_np)) ++ if (IS_ERR(np) || !gpr_np) + goto out; + + event_remap = of_find_property(np, propname, NULL); +@@ -1576,7 +1576,7 @@ static int sdma_event_remap(struct sdma_engine *sdma) + } + + out: +- if (!IS_ERR(gpr_np)) ++ if (gpr_np) + of_node_put(gpr_np); + + return ret; +diff --git a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c +index 83bf997dda03c..e14bfbdbaf2bf 100644 +--- a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c ++++ b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c +@@ -192,7 +192,10 @@ static void mdp5_plane_reset(struct drm_plane *plane) + drm_framebuffer_unreference(plane->state->fb); + + kfree(to_mdp5_plane_state(plane->state)); ++ plane->state = NULL; + mdp5_state = kzalloc(sizeof(*mdp5_state), GFP_KERNEL); ++ if (!mdp5_state) ++ return; + + /* assign default blend parameters */ + mdp5_state->alpha = 255; +diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c +index 500016209ae0c..3ed40bde796b7 100644 +--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c ++++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c +@@ -1010,8 +1010,8 @@ static s32 e1000_platform_pm_pch_lpt(struct e1000_hw *hw, bool link) + { + u32 reg = link << (E1000_LTRV_REQ_SHIFT + E1000_LTRV_NOSNOOP_SHIFT) | + link << E1000_LTRV_REQ_SHIFT | E1000_LTRV_SEND; +- u16 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */ +- u16 lat_enc_d = 0; /* latency decoded */ ++ u32 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */ ++ u32 lat_enc_d = 0; /* latency decoded */ + u16 lat_enc = 0; /* latency encoded */ + + if (link) { +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c +index 0bfadec8b79c9..d59cb381e80b1 100644 +--- a/drivers/net/vxlan.c ++++ b/drivers/net/vxlan.c +@@ -490,11 +490,11 @@ static int vxlan_fdb_append(struct vxlan_fdb *f, + + rd = kmalloc(sizeof(*rd), GFP_ATOMIC); + if (rd == NULL) +- return -ENOBUFS; ++ return -ENOMEM; + + if (dst_cache_init(&rd->dst_cache, GFP_ATOMIC)) { + kfree(rd); +- return -ENOBUFS; ++ return -ENOMEM; + } + + rd->remote_ip = *ip; +diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c +index 998a4bd6db78a..d8f34883c0960 100644 +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c +@@ -547,7 +547,7 @@ enum brcmf_sdio_frmtype { + BRCMF_SDIO_FT_SUB, + }; + +-#define SDIOD_DRVSTR_KEY(chip, pmu) (((chip) << 16) | (pmu)) ++#define SDIOD_DRVSTR_KEY(chip, pmu) (((unsigned int)(chip) << 16) | (pmu)) + + /* SDIO Pad drive strength to select value mappings */ + struct sdiod_drive_str { +diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c +index 8c146e2b6727a..4664d3e191c81 100644 +--- a/drivers/platform/x86/samsung-laptop.c ++++ b/drivers/platform/x86/samsung-laptop.c +@@ -1125,8 +1125,6 @@ static void kbd_led_set(struct led_classdev *led_cdev, + + if (value > samsung->kbd_led.max_brightness) + value = samsung->kbd_led.max_brightness; +- else if (value < 0) +- value = 0; + + samsung->kbd_led_wk = value; + queue_work(samsung->led_workqueue, &samsung->kbd_led_work); +diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c +index 95e4f074b7665..b85c283ad08b3 100644 +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -766,7 +766,7 @@ cifs_loose_read_iter(struct kiocb *iocb, struct iov_iter *iter) + ssize_t rc; + struct inode *inode = file_inode(iocb->ki_filp); + +- if (iocb->ki_filp->f_flags & O_DIRECT) ++ if (iocb->ki_flags & IOCB_DIRECT) + return cifs_user_readv(iocb, iter); + + rc = cifs_revalidate_mapping(inode); +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index e66aa8918dee2..754b33828853d 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -3980,7 +3980,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) + struct super_block *sb = inode->i_sb; + ext4_lblk_t first_block, stop_block; + struct address_space *mapping = inode->i_mapping; +- loff_t first_block_offset, last_block_offset; ++ loff_t first_block_offset, last_block_offset, max_length; ++ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); + handle_t *handle; + unsigned int credits; + int ret = 0; +@@ -4026,6 +4027,14 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) + offset; + } + ++ /* ++ * For punch hole the length + offset needs to be within one block ++ * before last range. Adjust the length if it goes beyond that limit. ++ */ ++ max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize; ++ if (offset + length > max_length) ++ length = max_length - offset; ++ + if (offset & (sb->s_blocksize - 1) || + (offset + length) & (sb->s_blocksize - 1)) { + /* +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index e17a6396bde6c..c50ba683a570a 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -3241,9 +3241,11 @@ static int count_overhead(struct super_block *sb, ext4_group_t grp, + ext4_fsblk_t first_block, last_block, b; + ext4_group_t i, ngroups = ext4_get_groups_count(sb); + int s, j, count = 0; ++ int has_super = ext4_bg_has_super(sb, grp); + + if (!ext4_has_feature_bigalloc(sb)) +- return (ext4_bg_has_super(sb, grp) + ext4_bg_num_gdb(sb, grp) + ++ return (has_super + ext4_bg_num_gdb(sb, grp) + ++ (has_super ? le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) : 0) + + sbi->s_itb_per_group + 2); + + first_block = le32_to_cpu(sbi->s_es->s_first_data_block) + +@@ -4162,9 +4164,18 @@ no_journal: + * Get the # of file system overhead blocks from the + * superblock if present. + */ +- if (es->s_overhead_clusters) +- sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); +- else { ++ sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); ++ /* ignore the precalculated value if it is ridiculous */ ++ if (sbi->s_overhead > ext4_blocks_count(es)) ++ sbi->s_overhead = 0; ++ /* ++ * If the bigalloc feature is not enabled recalculating the ++ * overhead doesn't take long, so we might as well just redo ++ * it to make sure we are using the correct value. ++ */ ++ if (!ext4_has_feature_bigalloc(sb)) ++ sbi->s_overhead = 0; ++ if (sbi->s_overhead == 0) { + err = ext4_calculate_overhead(sb); + if (err) + goto failed_mount_wq; +diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c +index a4182b150bb07..9f83a4c602f99 100644 +--- a/fs/gfs2/rgrp.c ++++ b/fs/gfs2/rgrp.c +@@ -917,15 +917,15 @@ static int read_rindex_entry(struct gfs2_inode *ip) + rgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes); + spin_lock_init(&rgd->rd_rsspin); + +- error = compute_bitstructs(rgd); +- if (error) +- goto fail; +- + error = gfs2_glock_get(sdp, rgd->rd_addr, + &gfs2_rgrp_glops, CREATE, &rgd->rd_gl); + if (error) + goto fail; + ++ error = compute_bitstructs(rgd); ++ if (error) ++ goto fail_glock; ++ + rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr; + rgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED); + if (rgd->rd_data > sdp->sd_max_rg_data) +@@ -942,6 +942,7 @@ static int read_rindex_entry(struct gfs2_inode *ip) + } + + error = 0; /* someone else read in the rgrp; free it and ignore it */ ++fail_glock: + gfs2_glock_put(rgd->rd_gl); + + fail: +diff --git a/include/linux/etherdevice.h b/include/linux/etherdevice.h +index 6fec9e81bd70d..1979298fdca9e 100644 +--- a/include/linux/etherdevice.h ++++ b/include/linux/etherdevice.h +@@ -125,7 +125,7 @@ static inline bool is_multicast_ether_addr(const u8 *addr) + #endif + } + +-static inline bool is_multicast_ether_addr_64bits(const u8 addr[6+2]) ++static inline bool is_multicast_ether_addr_64bits(const u8 *addr) + { + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + #ifdef __BIG_ENDIAN +@@ -339,8 +339,7 @@ static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2) + * Please note that alignment of addr1 & addr2 are only guaranteed to be 16 bits. + */ + +-static inline bool ether_addr_equal_64bits(const u8 addr1[6+2], +- const u8 addr2[6+2]) ++static inline bool ether_addr_equal_64bits(const u8 *addr1, const u8 *addr2) + { + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 + u64 fold = (*(const u64 *)addr1) ^ (*(const u64 *)addr2); +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index 25c21aa398f8c..a6e682569e5b9 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -6504,7 +6504,7 @@ void __init mem_init_print_info(const char *str) + */ + #define adj_init_size(start, end, size, pos, adj) \ + do { \ +- if (start <= pos && pos < end && size > adj) \ ++ if (&start[0] <= &pos[0] && &pos[0] < &end[0] && size > adj) \ + size -= adj; \ + } while (0) + +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c +index 8aef475fef310..a8674e9ff37b7 100644 +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -2194,6 +2194,13 @@ static int netlink_dump(struct sock *sk) + * single netdev. The outcome is MSG_TRUNC error. + */ + skb_reserve(skb, skb_tailroom(skb) - alloc_size); ++ ++ /* Make sure malicious BPF programs can not read unitialized memory ++ * from skb->head -> skb->data ++ */ ++ skb_reset_network_header(skb); ++ skb_reset_mac_header(skb); ++ + netlink_skb_set_owner_r(skb, sk); + + if (nlk->dump_done_errno > 0) +diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c +index 28471cfad9225..26921f755f3a9 100644 +--- a/net/openvswitch/flow_netlink.c ++++ b/net/openvswitch/flow_netlink.c +@@ -1863,7 +1863,7 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, + new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); + + if (new_acts_size > MAX_ACTIONS_BUFSIZE) { +- if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { ++ if ((next_offset + req_size) > MAX_ACTIONS_BUFSIZE) { + OVS_NLERR(log, "Flow action size exceeds max %u", + MAX_ACTIONS_BUFSIZE); + return ERR_PTR(-EMSGSIZE); +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index e79d6881a97eb..2ae2801dd7bee 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -2808,8 +2808,9 @@ tpacket_error: + + status = TP_STATUS_SEND_REQUEST; + err = po->xmit(skb); +- if (unlikely(err > 0)) { +- err = net_xmit_errno(err); ++ if (unlikely(err != 0)) { ++ if (err > 0) ++ err = net_xmit_errno(err); + if (err && __packet_get_status(po, ph) == + TP_STATUS_AVAILABLE) { + /* skb was destructed already */ +@@ -3009,8 +3010,12 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) + skb->no_fcs = 1; + + err = po->xmit(skb); +- if (err > 0 && (err = net_xmit_errno(err)) != 0) +- goto out_unlock; ++ if (unlikely(err != 0)) { ++ if (err > 0) ++ err = net_xmit_errno(err); ++ if (err) ++ goto out_unlock; ++ } + + dev_put(dev); + +diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c +index 21b0368c2a3bc..878a4fc97f042 100644 +--- a/sound/soc/soc-dapm.c ++++ b/sound/soc/soc-dapm.c +@@ -1569,8 +1569,7 @@ static void dapm_seq_run(struct snd_soc_card *card, + switch (w->id) { + case snd_soc_dapm_pre: + if (!w->event) +- list_for_each_entry_safe_continue(w, n, list, +- power_list); ++ continue; + + if (event == SND_SOC_DAPM_STREAM_START) + ret = w->event(w, +@@ -1582,8 +1581,7 @@ static void dapm_seq_run(struct snd_soc_card *card, + + case snd_soc_dapm_post: + if (!w->event) +- list_for_each_entry_safe_continue(w, n, list, +- power_list); ++ continue; + + if (event == SND_SOC_DAPM_STREAM_START) + ret = w->event(w, +diff --git a/sound/usb/midi.c b/sound/usb/midi.c +index f0b41fee71304..83da676519a8d 100644 +--- a/sound/usb/midi.c ++++ b/sound/usb/midi.c +@@ -1210,6 +1210,7 @@ static void snd_usbmidi_output_drain(struct snd_rawmidi_substream *substream) + } while (drain_urbs && timeout); + finish_wait(&ep->drain_wait, &wait); + } ++ port->active = 0; + spin_unlock_irq(&ep->buffer_lock); + } + +diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h +index 62456a806bb4d..4b8f1c46420d4 100644 +--- a/sound/usb/usbaudio.h ++++ b/sound/usb/usbaudio.h +@@ -22,7 +22,7 @@ + */ + + /* handling of USB vendor/product ID pairs as 32-bit numbers */ +-#define USB_ID(vendor, product) (((vendor) << 16) | (product)) ++#define USB_ID(vendor, product) (((unsigned int)(vendor) << 16) | (product)) + #define USB_ID_VENDOR(id) ((id) >> 16) + #define USB_ID_PRODUCT(id) ((u16)(id)) + -- cgit v1.2.3-65-gdbad