kernel/drivers/misc, branch linux-5.12.y Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-5.12.y 2021-07-20T14:02:28Z misc: alcor_pci: fix inverted branch condition 2021-07-20T14:02:28Z Tong Zhang ztong0001@gmail.com 2021-05-22T04:37:25Z urn:sha1:eeae4230dbf181f318a6604a74106765e0c66248 commit 281e468446994a7672733af2bf941f4110d4a895 upstream. This patch fixes a trivial mistake that I made in the previous attempt in fixing the null bridge issue. The branch condition is inverted and we should call alcor_pci_find_cap_offset() only if bridge is not null. Reported-by: Colin Ian King <colin.king@canonical.com> Fixes: 3ce3e45cc333 ("misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge") Signed-off-by: Tong Zhang <ztong0001@gmail.com> Link: https://lore.kernel.org/r/20210522043725.602179-1-ztong0001@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> habanalabs/gaudi: set the correct rc in case of err 2021-07-20T14:02:10Z Koby Elbaz kelbaz@habana.ai 2021-06-10T06:14:43Z urn:sha1:470b85dad6141ee67f9523747c00505d1566a610 [ Upstream commit 1f7ef4bf41c7c2abad3d21b8c69db11fc3ebc4f5 ] fix the following smatch warnings: gaudi_internal_cb_pool_init() warn: missing error code 'rc' Signed-off-by: Koby Elbaz <kelbaz@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> habanalabs: remove node from list before freeing the node 2021-07-20T14:02:10Z Koby Elbaz kelbaz@habana.ai 2021-06-09T18:43:52Z urn:sha1:8ef320562fd30995ff12a04499440efcc0e37c88 [ Upstream commit f5eb7bf0c487a212ebda3c1b048fc3ccabacc147 ] fix the following smatch warnings: goya_pin_memory_before_cs() warn: '&userptr->job_node' not removed from list gaudi_pin_memory_before_cs() warn: '&userptr->job_node' not removed from list Signed-off-by: Koby Elbaz <kelbaz@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> habanalabs: set rc as 'valid' in case of intentional func exit 2021-07-20T14:02:10Z Koby Elbaz kelbaz@habana.ai 2021-06-10T06:01:57Z urn:sha1:84629201cf8501bc6a0dbdaba9d0a10577d987d4 [ Upstream commit 11d5cb8b95456e2432dfee2ffcebf0623998493a ] fix the following smatch warnings: hl_fw_static_init_cpu() warn: missing error code 'rc' Signed-off-by: Koby Elbaz <kelbaz@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> habanalabs: fix mask to obtain page offset 2021-07-20T14:02:10Z Ohad Sharabi osharabi@habana.ai 2021-06-02T21:24:32Z urn:sha1:13b40963d6d3e672bbcd49e227cbfd84d2995be9 [ Upstream commit 0f37510ca34848718db1003479bb4671e8f3c112 ] When converting virtual address to physical we need to add correct offset to the physical page. For this we need to use mask that include ALL bits of page offset. Signed-off-by: Ohad Sharabi <osharabi@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> habanalabs/gaudi: set the correct cpu_id on MME2_QM failure 2021-07-20T14:02:10Z Koby Elbaz kelbaz@habana.ai 2021-05-19T12:16:52Z urn:sha1:04458ea175a27679ef7ddabd4c6f502ccfa160e0 [ Upstream commit b92c637c5f5ef7e3e21dbc7bfa7f1999450f3902 ] This fix was applied since there was an incorrect reported CPU ID to GIC such that an error in MME2 QMAN aliased to be an arriving from DMA0_QM. Signed-off-by: Koby Elbaz <kelbaz@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge 2021-07-20T14:02:04Z Tong Zhang ztong0001@gmail.com 2021-05-13T04:07:33Z urn:sha1:717cf5ae52322ddbdf3ac2c584b34c5970b0d174 [ Upstream commit 3ce3e45cc333da707d4d6eb433574b990bcc26f5 ] There is an issue with the ASPM(optional) capability checking function. A device might be attached to root complex directly, in this case, bus->self(bridge) will be NULL, thus priv->parent_pdev is NULL. Since alcor_pci_init_check_aspm(priv->parent_pdev) checks the PCI link's ASPM capability and populate parent_cap_off, which will be used later by alcor_pci_aspm_ctrl() to dynamically turn on/off device, what we can do here is to avoid checking the capability if we are on the root complex. This will make pdev_cap_off 0 and alcor_pci_aspm_ctrl() will simply return when bring called, effectively disable ASPM for the device. [ 1.246492] BUG: kernel NULL pointer dereference, address: 00000000000000c0 [ 1.248731] RIP: 0010:pci_read_config_byte+0x5/0x40 [ 1.253998] Call Trace: [ 1.254131] ? alcor_pci_find_cap_offset.isra.0+0x3a/0x100 [alcor_pci] [ 1.254476] alcor_pci_probe+0x169/0x2d5 [alcor_pci] Co-developed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Tong Zhang <ztong0001@gmail.com> Link: https://lore.kernel.org/r/20210513040732.1310159-1-ztong0001@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> misc/libmasm/module: Fix two use after free in ibmasm_init_one 2021-07-20T14:02:04Z Lv Yunlong lyl2019@mail.ustc.edu.cn 2021-04-26T17:06:20Z urn:sha1:ef1067d2baa847d53c9988510d99fb494de4d12c [ Upstream commit 7272b591c4cb9327c43443f67b8fbae7657dd9ae ] In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the execution runs into error_send_message error branch of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev. My patch add a "error_init_remote" label to handle the error of ibmasm_init_remote_input_dev(), to avoid the uaf bugs. Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn> Link: https://lore.kernel.org/r/20210426170620.10546-1-lyl2019@mail.ustc.edu.cn Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> lkdtm: Enable DOUBLE_FAULT on all architectures 2021-07-19T08:01:23Z Kees Cook keescook@chromium.org 2021-06-23T20:39:33Z urn:sha1:ec0fd4afc94098501adc823e515760d9d7bbcc67 commit f123c42bbeff26bfe8bdb08a01307e92d51eec39 upstream. Where feasible, I prefer to have all tests visible on all architectures, but to have them wired to XFAIL. DOUBLE_FAIL was set up to XFAIL, but wasn't actually being added to the test list. Fixes: cea23efb4de2 ("lkdtm/bugs: Make double-fault test always available") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210623203936.3151093-7-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> lkdtm/bugs: XFAIL UNALIGNED_LOAD_STORE_WRITE 2021-07-19T08:01:22Z Kees Cook keescook@chromium.org 2021-06-23T20:39:31Z urn:sha1:4821ae11969b7605154b56a354a3dd3557c0ea34 commit a15676ac8f24a9ac5fd881cf17be4be13fa0910a upstream. When built under CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS, this test is expected to fail (i.e. not trip an exception). Fixes: 46d1a0f03d66 ("selftests/lkdtm: Add tests for LKDTM targets") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210623203936.3151093-5-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>