aboutsummaryrefslogtreecommitdiff
path: root/SOURCES/patch-5.11-redhat.patch
diff options
context:
space:
mode:
Diffstat (limited to 'SOURCES/patch-5.11-redhat.patch')
-rw-r--r--SOURCES/patch-5.11-redhat.patch314
1 files changed, 177 insertions, 137 deletions
diff --git a/SOURCES/patch-5.11-redhat.patch b/SOURCES/patch-5.11-redhat.patch
index c74a82d..431293c 100644
--- a/SOURCES/patch-5.11-redhat.patch
+++ b/SOURCES/patch-5.11-redhat.patch
@@ -44,7 +44,6 @@
drivers/input/rmi4/rmi_driver.c | 124 +++--
drivers/iommu/iommu.c | 22 +
drivers/net/ethernet/sfc/ef10.c | 3 +-
- drivers/net/ethernet/sfc/farch.c | 16 +-
drivers/pci/controller/dwc/Kconfig | 10 +-
drivers/pci/controller/dwc/Makefile | 2 +-
drivers/pci/controller/dwc/pcie-tegra194.c | 102 +++++
@@ -55,7 +54,7 @@
drivers/platform/x86/thinkpad_acpi.c | 510 ++++++++++++++++++++-
drivers/scsi/smartpqi/smartpqi_init.c | 16 +
drivers/usb/core/hub.c | 7 +
- drivers/virt/nitro_enclaves/ne_misc_dev.c | 43 +-
+ fs/io_uring.c | 4 +-
include/linux/efi.h | 22 +-
include/linux/lsm_hook_defs.h | 2 +
include/linux/lsm_hooks.h | 6 +
@@ -63,9 +62,12 @@
include/linux/platform_profile.h | 41 ++
include/linux/rmi.h | 1 +
include/linux/security.h | 5 +
+ kernel/bpf/ringbuf.c | 24 +-
+ kernel/bpf/verifier.c | 22 +-
kernel/crash_core.c | 28 +-
kernel/module_signing.c | 9 +-
mm/kmemleak.c | 5 +
+ net/nfc/llcp_sock.c | 4 +
security/integrity/platform_certs/load_uefi.c | 6 +-
security/lockdown/Kconfig | 13 +
security/lockdown/lockdown.c | 1 +
@@ -82,7 +84,7 @@
sound/soc/sof/ops.h | 8 +
sound/soc/sof/sof-pci-dev.c | 2 +-
sound/soc/sof/sof-priv.h | 4 +-
- 84 files changed, 2422 insertions(+), 366 deletions(-)
+ 86 files changed, 2423 insertions(+), 360 deletions(-)
diff --git a/Documentation/ABI/testing/sysfs-platform_profile b/Documentation/ABI/testing/sysfs-platform_profile
new file mode 100644
@@ -296,7 +298,7 @@ index 000000000000..c33a71263d9e
+ 2. Add the new profile name, along with a clear description of the
+ expected behaviour, to the sysfs-platform_profile ABI documentation.
diff --git a/Makefile b/Makefile
-index a3b7a2602100..6eb7ce52c05b 100644
+index 87597736db03..57e472835133 100644
--- a/Makefile
+++ b/Makefile
@@ -495,6 +495,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE
@@ -827,10 +829,10 @@ index 239eeeafc62f..bb8c046fc4cb 100644
acpi_dev_get_resources(device, &resource_list,
acpi_check_serial_bus_slave,
diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
-index ea5bf5f4cbed..71c55cae27ac 100644
+index fec2e9754aed..bea4e2973259 100644
--- a/drivers/ata/libahci.c
+++ b/drivers/ata/libahci.c
-@@ -666,6 +666,24 @@ int ahci_stop_engine(struct ata_port *ap)
+@@ -671,6 +671,24 @@ int ahci_stop_engine(struct ata_port *ap)
tmp &= ~PORT_CMD_START;
writel(tmp, port_mmio + PORT_CMD);
@@ -2408,50 +2410,6 @@ index da6886dcac37..4fa72b573c17 100644
if (!tx_queue->timestamping) {
/* Transmit completion */
-diff --git a/drivers/net/ethernet/sfc/farch.c b/drivers/net/ethernet/sfc/farch.c
-index d75cf5ff5686..49df02ecee91 100644
---- a/drivers/net/ethernet/sfc/farch.c
-+++ b/drivers/net/ethernet/sfc/farch.c
-@@ -835,14 +835,14 @@ efx_farch_handle_tx_event(struct efx_channel *channel, efx_qword_t *event)
- /* Transmit completion */
- tx_ev_desc_ptr = EFX_QWORD_FIELD(*event, FSF_AZ_TX_EV_DESC_PTR);
- tx_ev_q_label = EFX_QWORD_FIELD(*event, FSF_AZ_TX_EV_Q_LABEL);
-- tx_queue = efx_channel_get_tx_queue(
-- channel, tx_ev_q_label % EFX_MAX_TXQ_PER_CHANNEL);
-+ tx_queue = channel->tx_queue +
-+ (tx_ev_q_label % EFX_MAX_TXQ_PER_CHANNEL);
- efx_xmit_done(tx_queue, tx_ev_desc_ptr);
- } else if (EFX_QWORD_FIELD(*event, FSF_AZ_TX_EV_WQ_FF_FULL)) {
- /* Rewrite the FIFO write pointer */
- tx_ev_q_label = EFX_QWORD_FIELD(*event, FSF_AZ_TX_EV_Q_LABEL);
-- tx_queue = efx_channel_get_tx_queue(
-- channel, tx_ev_q_label % EFX_MAX_TXQ_PER_CHANNEL);
-+ tx_queue = channel->tx_queue +
-+ (tx_ev_q_label % EFX_MAX_TXQ_PER_CHANNEL);
-
- netif_tx_lock(efx->net_dev);
- efx_farch_notify_tx_desc(tx_queue);
-@@ -1081,16 +1081,16 @@ static void
- efx_farch_handle_tx_flush_done(struct efx_nic *efx, efx_qword_t *event)
- {
- struct efx_tx_queue *tx_queue;
-+ struct efx_channel *channel;
- int qid;
-
- qid = EFX_QWORD_FIELD(*event, FSF_AZ_DRIVER_EV_SUBDATA);
- if (qid < EFX_MAX_TXQ_PER_CHANNEL * (efx->n_tx_channels + efx->n_extra_tx_channels)) {
-- tx_queue = efx_get_tx_queue(efx, qid / EFX_MAX_TXQ_PER_CHANNEL,
-- qid % EFX_MAX_TXQ_PER_CHANNEL);
-- if (atomic_cmpxchg(&tx_queue->flush_outstanding, 1, 0)) {
-+ channel = efx_get_tx_channel(efx, qid / EFX_MAX_TXQ_PER_CHANNEL);
-+ tx_queue = channel->tx_queue + (qid % EFX_MAX_TXQ_PER_CHANNEL);
-+ if (atomic_cmpxchg(&tx_queue->flush_outstanding, 1, 0))
- efx_farch_magic_event(tx_queue->channel,
- EFX_CHANNEL_MAGIC_TX_DRAIN(tx_queue));
-- }
- }
- }
-
diff --git a/drivers/pci/controller/dwc/Kconfig b/drivers/pci/controller/dwc/Kconfig
index 22c5529e9a65..259ff5ff3f24 100644
--- a/drivers/pci/controller/dwc/Kconfig
@@ -3617,10 +3575,10 @@ index 77d457915925..02f9c281dd54 100644
static int __init set_ibm_param(const char *val, const struct kernel_param *kp)
diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
-index c53f456fbd09..ea190660c86e 100644
+index 5ff14b409c23..ec42020dcd58 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
-@@ -8313,6 +8313,18 @@ static const struct pci_device_id pqi_pci_id_table[] = {
+@@ -8338,6 +8338,18 @@ static const struct pci_device_id pqi_pci_id_table[] = {
PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
0x19e5, 0xd22c)
},
@@ -3639,7 +3597,7 @@ index c53f456fbd09..ea190660c86e 100644
{
PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
PCI_VENDOR_ID_ADAPTEC2, 0x0110)
-@@ -8453,6 +8465,10 @@ static const struct pci_device_id pqi_pci_id_table[] = {
+@@ -8594,6 +8606,10 @@ static const struct pci_device_id pqi_pci_id_table[] = {
PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
PCI_VENDOR_ID_ADVANTECH, 0x8312)
},
@@ -3651,7 +3609,7 @@ index c53f456fbd09..ea190660c86e 100644
PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
PCI_VENDOR_ID_DELL, 0x1fe0)
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 7f71218cc1e5..283fc0f41cd2 100644
+index 404507d1b76f..51ee8f28a60b 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5532,6 +5532,13 @@ static void hub_event(struct work_struct *work)
@@ -3668,86 +3626,28 @@ index 7f71218cc1e5..283fc0f41cd2 100644
/* Lock the device, then check to see if we were
* disconnected while waiting for the lock to succeed. */
usb_lock_device(hdev);
-diff --git a/drivers/virt/nitro_enclaves/ne_misc_dev.c b/drivers/virt/nitro_enclaves/ne_misc_dev.c
-index f1964ea4b826..e21e1e86ad15 100644
---- a/drivers/virt/nitro_enclaves/ne_misc_dev.c
-+++ b/drivers/virt/nitro_enclaves/ne_misc_dev.c
-@@ -1524,7 +1524,8 @@ static const struct file_operations ne_enclave_fops = {
- * enclave file descriptor to be further used for enclave
- * resources handling e.g. memory regions and CPUs.
- * @ne_pci_dev : Private data associated with the PCI device.
-- * @slot_uid: Generated unique slot id associated with an enclave.
-+ * @slot_uid: User pointer to store the generated unique slot id
-+ * associated with an enclave to.
- *
- * Context: Process context. This function is called with the ne_pci_dev enclave
- * mutex held.
-@@ -1532,7 +1533,7 @@ static const struct file_operations ne_enclave_fops = {
- * * Enclave fd on success.
- * * Negative return value on failure.
- */
--static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 *slot_uid)
-+static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 __user *slot_uid)
- {
- struct ne_pci_dev_cmd_reply cmd_reply = {};
- int enclave_fd = -1;
-@@ -1634,7 +1635,18 @@ static int ne_create_vm_ioctl(struct ne_pci_dev *ne_pci_dev, u64 *slot_uid)
-
- list_add(&ne_enclave->enclave_list_entry, &ne_pci_dev->enclaves_list);
-
-- *slot_uid = ne_enclave->slot_uid;
-+ if (copy_to_user(slot_uid, &ne_enclave->slot_uid, sizeof(ne_enclave->slot_uid))) {
-+ /*
-+ * As we're holding the only reference to 'enclave_file', fput()
-+ * will call ne_enclave_release() which will do a proper cleanup
-+ * of all so far allocated resources, leaving only the unused fd
-+ * for us to free.
-+ */
-+ fput(enclave_file);
-+ put_unused_fd(enclave_fd);
-+
-+ return -EFAULT;
-+ }
-
- fd_install(enclave_fd, enclave_file);
-
-@@ -1671,34 +1683,13 @@ static long ne_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
- switch (cmd) {
- case NE_CREATE_VM: {
- int enclave_fd = -1;
-- struct file *enclave_file = NULL;
- struct ne_pci_dev *ne_pci_dev = ne_devs.ne_pci_dev;
-- int rc = -EINVAL;
-- u64 slot_uid = 0;
-+ u64 __user *slot_uid = (void __user *)arg;
+diff --git a/fs/io_uring.c b/fs/io_uring.c
+index 95b4a89dad4e..157ceda04650 100644
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -222,7 +222,7 @@ struct fixed_file_data {
+ struct io_buffer {
+ struct list_head list;
+ __u64 addr;
+- __s32 len;
++ __u32 len;
+ __u16 bid;
+ };
- mutex_lock(&ne_pci_dev->enclaves_list_mutex);
--
-- enclave_fd = ne_create_vm_ioctl(ne_pci_dev, &slot_uid);
-- if (enclave_fd < 0) {
-- rc = enclave_fd;
--
-- mutex_unlock(&ne_pci_dev->enclaves_list_mutex);
--
-- return rc;
-- }
--
-+ enclave_fd = ne_create_vm_ioctl(ne_pci_dev, slot_uid);
- mutex_unlock(&ne_pci_dev->enclaves_list_mutex);
-
-- if (copy_to_user((void __user *)arg, &slot_uid, sizeof(slot_uid))) {
-- enclave_file = fget(enclave_fd);
-- /* Decrement file refs to have release() called. */
-- fput(enclave_file);
-- fput(enclave_file);
-- put_unused_fd(enclave_fd);
--
-- return -EFAULT;
-- }
--
- return enclave_fd;
- }
+@@ -4252,7 +4252,7 @@ static int io_add_buffers(struct io_provide_buf *pbuf, struct io_buffer **head)
+ break;
+ buf->addr = addr;
+- buf->len = pbuf->len;
++ buf->len = min_t(__u32, pbuf->len, MAX_RW_COUNT);
+ buf->bid = bid;
+ addr += pbuf->len;
+ bid++;
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 119262585e9b..7d67f0187c34 100644
--- a/include/linux/efi.h
@@ -3940,6 +3840,111 @@ index c35ea0ffccd9..342d4579bf5c 100644
#endif /* CONFIG_SECURITY */
#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
+diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c
+index f25b719ac786..84b3b35fc0d0 100644
+--- a/kernel/bpf/ringbuf.c
++++ b/kernel/bpf/ringbuf.c
+@@ -221,25 +221,20 @@ static int ringbuf_map_get_next_key(struct bpf_map *map, void *key,
+ return -ENOTSUPP;
+ }
+
+-static size_t bpf_ringbuf_mmap_page_cnt(const struct bpf_ringbuf *rb)
+-{
+- size_t data_pages = (rb->mask + 1) >> PAGE_SHIFT;
+-
+- /* consumer page + producer page + 2 x data pages */
+- return RINGBUF_POS_PAGES + 2 * data_pages;
+-}
+-
+ static int ringbuf_map_mmap(struct bpf_map *map, struct vm_area_struct *vma)
+ {
+ struct bpf_ringbuf_map *rb_map;
+- size_t mmap_sz;
+
+ rb_map = container_of(map, struct bpf_ringbuf_map, map);
+- mmap_sz = bpf_ringbuf_mmap_page_cnt(rb_map->rb) << PAGE_SHIFT;
+-
+- if (vma->vm_pgoff * PAGE_SIZE + (vma->vm_end - vma->vm_start) > mmap_sz)
+- return -EINVAL;
+
++ if (vma->vm_flags & VM_WRITE) {
++ /* allow writable mapping for the consumer_pos only */
++ if (vma->vm_pgoff != 0 || vma->vm_end - vma->vm_start != PAGE_SIZE)
++ return -EPERM;
++ } else {
++ vma->vm_flags &= ~VM_MAYWRITE;
++ }
++ /* remap_vmalloc_range() checks size and offset constraints */
+ return remap_vmalloc_range(vma, rb_map->rb,
+ vma->vm_pgoff + RINGBUF_PGOFF);
+ }
+@@ -315,6 +310,9 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size)
+ return NULL;
+
+ len = round_up(size + BPF_RINGBUF_HDR_SZ, 8);
++ if (len > rb->mask + 1)
++ return NULL;
++
+ cons_pos = smp_load_acquire(&rb->consumer_pos);
+
+ if (in_nmi()) {
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
+index 4e4a844a68c3..4d6bde433a0f 100644
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -6398,11 +6398,10 @@ static void scalar32_min_max_and(struct bpf_reg_state *dst_reg,
+ s32 smin_val = src_reg->s32_min_value;
+ u32 umax_val = src_reg->u32_max_value;
+
+- /* Assuming scalar64_min_max_and will be called so its safe
+- * to skip updating register for known 32-bit case.
+- */
+- if (src_known && dst_known)
++ if (src_known && dst_known) {
++ __mark_reg32_known(dst_reg, var32_off.value);
+ return;
++ }
+
+ /* We get our minimum from the var_off, since that's inherently
+ * bitwise. Our maximum is the minimum of the operands' maxima.
+@@ -6422,7 +6421,6 @@ static void scalar32_min_max_and(struct bpf_reg_state *dst_reg,
+ dst_reg->s32_min_value = dst_reg->u32_min_value;
+ dst_reg->s32_max_value = dst_reg->u32_max_value;
+ }
+-
+ }
+
+ static void scalar_min_max_and(struct bpf_reg_state *dst_reg,
+@@ -6469,11 +6467,10 @@ static void scalar32_min_max_or(struct bpf_reg_state *dst_reg,
+ s32 smin_val = src_reg->s32_min_value;
+ u32 umin_val = src_reg->u32_min_value;
+
+- /* Assuming scalar64_min_max_or will be called so it is safe
+- * to skip updating register for known case.
+- */
+- if (src_known && dst_known)
++ if (src_known && dst_known) {
++ __mark_reg32_known(dst_reg, var32_off.value);
+ return;
++ }
+
+ /* We get our maximum from the var_off, and our minimum is the
+ * maximum of the operands' minima
+@@ -6538,11 +6535,10 @@ static void scalar32_min_max_xor(struct bpf_reg_state *dst_reg,
+ struct tnum var32_off = tnum_subreg(dst_reg->var_off);
+ s32 smin_val = src_reg->s32_min_value;
+
+- /* Assuming scalar64_min_max_xor will be called so it is safe
+- * to skip updating register for known case.
+- */
+- if (src_known && dst_known)
++ if (src_known && dst_known) {
++ __mark_reg32_known(dst_reg, var32_off.value);
+ return;
++ }
+
+ /* We get both minimum and maximum from the var32_off. */
+ dst_reg->u32_min_value = var32_off.value;
diff --git a/kernel/crash_core.c b/kernel/crash_core.c
index 825284baaf46..0b2b3f510b16 100644
--- a/kernel/crash_core.c
@@ -4042,6 +4047,41 @@ index c0014d3b91c1..c00e9820412a 100644
kmemleak_initialized = 1;
debugfs_create_file("kmemleak", 0644, NULL, NULL, &kmemleak_fops);
+diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
+index a3b46f888803..53dbe733f998 100644
+--- a/net/nfc/llcp_sock.c
++++ b/net/nfc/llcp_sock.c
+@@ -109,12 +109,14 @@ static int llcp_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
+ GFP_KERNEL);
+ if (!llcp_sock->service_name) {
+ nfc_llcp_local_put(llcp_sock->local);
++ llcp_sock->local = NULL;
+ ret = -ENOMEM;
+ goto put_dev;
+ }
+ llcp_sock->ssap = nfc_llcp_get_sdp_ssap(local, llcp_sock);
+ if (llcp_sock->ssap == LLCP_SAP_MAX) {
+ nfc_llcp_local_put(llcp_sock->local);
++ llcp_sock->local = NULL;
+ kfree(llcp_sock->service_name);
+ llcp_sock->service_name = NULL;
+ ret = -EADDRINUSE;
+@@ -709,6 +711,7 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr,
+ llcp_sock->ssap = nfc_llcp_get_local_ssap(local);
+ if (llcp_sock->ssap == LLCP_SAP_MAX) {
+ nfc_llcp_local_put(llcp_sock->local);
++ llcp_sock->local = NULL;
+ ret = -ENOMEM;
+ goto put_dev;
+ }
+@@ -756,6 +759,7 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr,
+ sock_llcp_release:
+ nfc_llcp_put_ssap(local, llcp_sock->ssap);
+ nfc_llcp_local_put(llcp_sock->local);
++ llcp_sock->local = NULL;
+
+ put_dev:
+ nfc_put_device(dev);
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index ee4b4c666854..eff9ff593405 100644
--- a/security/integrity/platform_certs/load_uefi.c
@@ -4194,10 +4234,10 @@ index c45686172517..68bb977c6a37 100644
},
#endif
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index a7544b77d3f7..7569fd8c9cff 100644
+index d05d16ddbdf2..3dd6362000a1 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
-@@ -5667,6 +5667,18 @@ static void alc_fixup_tpt470_dacs(struct hda_codec *codec,
+@@ -5688,6 +5688,18 @@ static void alc_fixup_tpt470_dacs(struct hda_codec *codec,
spec->gen.preferred_dacs = preferred_pairs;
}
@@ -4216,7 +4256,7 @@ index a7544b77d3f7..7569fd8c9cff 100644
static void alc_shutup_dell_xps13(struct hda_codec *codec)
{
struct alc_spec *spec = codec->spec;
-@@ -6427,6 +6439,7 @@ enum {
+@@ -6451,6 +6463,7 @@ enum {
ALC282_FIXUP_ACER_DISABLE_LINEOUT,
ALC255_FIXUP_ACER_LIMIT_INT_MIC_BOOST,
ALC256_FIXUP_ACER_HEADSET_MIC,
@@ -4224,7 +4264,7 @@ index a7544b77d3f7..7569fd8c9cff 100644
};
static const struct hda_fixup alc269_fixups[] = {
-@@ -7901,6 +7914,10 @@ static const struct hda_fixup alc269_fixups[] = {
+@@ -7939,6 +7952,10 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC
},
@@ -4235,7 +4275,7 @@ index a7544b77d3f7..7569fd8c9cff 100644
};
static const struct snd_pci_quirk alc269_fixup_tbl[] = {
-@@ -8096,6 +8113,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
+@@ -8137,6 +8154,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1043, 0x1427, "Asus Zenbook UX31E", ALC269VB_FIXUP_ASUS_ZENBOOK),
SND_PCI_QUIRK(0x1043, 0x1517, "Asus Zenbook UX31A", ALC269VB_FIXUP_ASUS_ZENBOOK_UX31A),
SND_PCI_QUIRK(0x1043, 0x16e3, "ASUS UX50", ALC269_FIXUP_STEREO_DMIC),