1 |
commit: 917cccf0b0bf4e9bcf4d5a97c9339c82d3236238 |
2 |
Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Feb 25 10:58:09 2023 +0000 |
4 |
Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Feb 25 11:14:38 2023 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=917cccf0 |
7 |
|
8 |
Linux patch 6.2.1 |
9 |
|
10 |
Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1000_linux-6.2.1.patch | 552 +++++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 556 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 8bb95e22..46624397 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -43,6 +43,10 @@ EXPERIMENTAL |
21 |
Individual Patch Descriptions: |
22 |
-------------------------------------------------------------------------- |
23 |
|
24 |
+Patch: 1000_linux-6.2.1.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 6.2.1 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1000_linux-6.2.1.patch b/1000_linux-6.2.1.patch |
33 |
new file mode 100644 |
34 |
index 00000000..5ca655c1 |
35 |
--- /dev/null |
36 |
+++ b/1000_linux-6.2.1.patch |
37 |
@@ -0,0 +1,552 @@ |
38 |
+diff --git a/MAINTAINERS b/MAINTAINERS |
39 |
+index 135d93368d36e..f77188f30210f 100644 |
40 |
+--- a/MAINTAINERS |
41 |
++++ b/MAINTAINERS |
42 |
+@@ -3515,7 +3515,7 @@ F: drivers/net/ieee802154/atusb.h |
43 |
+ AUDIT SUBSYSTEM |
44 |
+ M: Paul Moore <paul@××××××××××.com> |
45 |
+ M: Eric Paris <eparis@××××××.com> |
46 |
+-L: linux-audit@××××××.com (moderated for non-subscribers) |
47 |
++L: audit@×××××××××××.org |
48 |
+ S: Supported |
49 |
+ W: https://github.com/linux-audit |
50 |
+ T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git |
51 |
+diff --git a/Makefile b/Makefile |
52 |
+index 3f6628780eb21..f26824f367a99 100644 |
53 |
+--- a/Makefile |
54 |
++++ b/Makefile |
55 |
+@@ -1,7 +1,7 @@ |
56 |
+ # SPDX-License-Identifier: GPL-2.0 |
57 |
+ VERSION = 6 |
58 |
+ PATCHLEVEL = 2 |
59 |
+-SUBLEVEL = 0 |
60 |
++SUBLEVEL = 1 |
61 |
+ EXTRAVERSION = |
62 |
+ NAME = Hurr durr I'ma ninja sloth |
63 |
+ |
64 |
+diff --git a/arch/x86/include/asm/text-patching.h b/arch/x86/include/asm/text-patching.h |
65 |
+index f4b87f08f5c50..29832c338cdc5 100644 |
66 |
+--- a/arch/x86/include/asm/text-patching.h |
67 |
++++ b/arch/x86/include/asm/text-patching.h |
68 |
+@@ -184,6 +184,37 @@ void int3_emulate_ret(struct pt_regs *regs) |
69 |
+ unsigned long ip = int3_emulate_pop(regs); |
70 |
+ int3_emulate_jmp(regs, ip); |
71 |
+ } |
72 |
++ |
73 |
++static __always_inline |
74 |
++void int3_emulate_jcc(struct pt_regs *regs, u8 cc, unsigned long ip, unsigned long disp) |
75 |
++{ |
76 |
++ static const unsigned long jcc_mask[6] = { |
77 |
++ [0] = X86_EFLAGS_OF, |
78 |
++ [1] = X86_EFLAGS_CF, |
79 |
++ [2] = X86_EFLAGS_ZF, |
80 |
++ [3] = X86_EFLAGS_CF | X86_EFLAGS_ZF, |
81 |
++ [4] = X86_EFLAGS_SF, |
82 |
++ [5] = X86_EFLAGS_PF, |
83 |
++ }; |
84 |
++ |
85 |
++ bool invert = cc & 1; |
86 |
++ bool match; |
87 |
++ |
88 |
++ if (cc < 0xc) { |
89 |
++ match = regs->flags & jcc_mask[cc >> 1]; |
90 |
++ } else { |
91 |
++ match = ((regs->flags & X86_EFLAGS_SF) >> X86_EFLAGS_SF_BIT) ^ |
92 |
++ ((regs->flags & X86_EFLAGS_OF) >> X86_EFLAGS_OF_BIT); |
93 |
++ if (cc >= 0xe) |
94 |
++ match = match || (regs->flags & X86_EFLAGS_ZF); |
95 |
++ } |
96 |
++ |
97 |
++ if ((match && !invert) || (!match && invert)) |
98 |
++ ip += disp; |
99 |
++ |
100 |
++ int3_emulate_jmp(regs, ip); |
101 |
++} |
102 |
++ |
103 |
+ #endif /* !CONFIG_UML_X86 */ |
104 |
+ |
105 |
+ #endif /* _ASM_X86_TEXT_PATCHING_H */ |
106 |
+diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c |
107 |
+index 7d8c3cbde3685..81381a0194f39 100644 |
108 |
+--- a/arch/x86/kernel/alternative.c |
109 |
++++ b/arch/x86/kernel/alternative.c |
110 |
+@@ -340,6 +340,12 @@ next: |
111 |
+ } |
112 |
+ } |
113 |
+ |
114 |
++static inline bool is_jcc32(struct insn *insn) |
115 |
++{ |
116 |
++ /* Jcc.d32 second opcode byte is in the range: 0x80-0x8f */ |
117 |
++ return insn->opcode.bytes[0] == 0x0f && (insn->opcode.bytes[1] & 0xf0) == 0x80; |
118 |
++} |
119 |
++ |
120 |
+ #if defined(CONFIG_RETPOLINE) && defined(CONFIG_OBJTOOL) |
121 |
+ |
122 |
+ /* |
123 |
+@@ -378,12 +384,6 @@ static int emit_indirect(int op, int reg, u8 *bytes) |
124 |
+ return i; |
125 |
+ } |
126 |
+ |
127 |
+-static inline bool is_jcc32(struct insn *insn) |
128 |
+-{ |
129 |
+- /* Jcc.d32 second opcode byte is in the range: 0x80-0x8f */ |
130 |
+- return insn->opcode.bytes[0] == 0x0f && (insn->opcode.bytes[1] & 0xf0) == 0x80; |
131 |
+-} |
132 |
+- |
133 |
+ static int emit_call_track_retpoline(void *addr, struct insn *insn, int reg, u8 *bytes) |
134 |
+ { |
135 |
+ u8 op = insn->opcode.bytes[0]; |
136 |
+@@ -1772,6 +1772,11 @@ void text_poke_sync(void) |
137 |
+ on_each_cpu(do_sync_core, NULL, 1); |
138 |
+ } |
139 |
+ |
140 |
++/* |
141 |
++ * NOTE: crazy scheme to allow patching Jcc.d32 but not increase the size of |
142 |
++ * this thing. When len == 6 everything is prefixed with 0x0f and we map |
143 |
++ * opcode to Jcc.d8, using len to distinguish. |
144 |
++ */ |
145 |
+ struct text_poke_loc { |
146 |
+ /* addr := _stext + rel_addr */ |
147 |
+ s32 rel_addr; |
148 |
+@@ -1893,6 +1898,10 @@ noinstr int poke_int3_handler(struct pt_regs *regs) |
149 |
+ int3_emulate_jmp(regs, (long)ip + tp->disp); |
150 |
+ break; |
151 |
+ |
152 |
++ case 0x70 ... 0x7f: /* Jcc */ |
153 |
++ int3_emulate_jcc(regs, tp->opcode & 0xf, (long)ip, tp->disp); |
154 |
++ break; |
155 |
++ |
156 |
+ default: |
157 |
+ BUG(); |
158 |
+ } |
159 |
+@@ -1966,16 +1975,26 @@ static void text_poke_bp_batch(struct text_poke_loc *tp, unsigned int nr_entries |
160 |
+ * Second step: update all but the first byte of the patched range. |
161 |
+ */ |
162 |
+ for (do_sync = 0, i = 0; i < nr_entries; i++) { |
163 |
+- u8 old[POKE_MAX_OPCODE_SIZE] = { tp[i].old, }; |
164 |
++ u8 old[POKE_MAX_OPCODE_SIZE+1] = { tp[i].old, }; |
165 |
++ u8 _new[POKE_MAX_OPCODE_SIZE+1]; |
166 |
++ const u8 *new = tp[i].text; |
167 |
+ int len = tp[i].len; |
168 |
+ |
169 |
+ if (len - INT3_INSN_SIZE > 0) { |
170 |
+ memcpy(old + INT3_INSN_SIZE, |
171 |
+ text_poke_addr(&tp[i]) + INT3_INSN_SIZE, |
172 |
+ len - INT3_INSN_SIZE); |
173 |
++ |
174 |
++ if (len == 6) { |
175 |
++ _new[0] = 0x0f; |
176 |
++ memcpy(_new + 1, new, 5); |
177 |
++ new = _new; |
178 |
++ } |
179 |
++ |
180 |
+ text_poke(text_poke_addr(&tp[i]) + INT3_INSN_SIZE, |
181 |
+- (const char *)tp[i].text + INT3_INSN_SIZE, |
182 |
++ new + INT3_INSN_SIZE, |
183 |
+ len - INT3_INSN_SIZE); |
184 |
++ |
185 |
+ do_sync++; |
186 |
+ } |
187 |
+ |
188 |
+@@ -2003,8 +2022,7 @@ static void text_poke_bp_batch(struct text_poke_loc *tp, unsigned int nr_entries |
189 |
+ * The old instruction is recorded so that the event can be |
190 |
+ * processed forwards or backwards. |
191 |
+ */ |
192 |
+- perf_event_text_poke(text_poke_addr(&tp[i]), old, len, |
193 |
+- tp[i].text, len); |
194 |
++ perf_event_text_poke(text_poke_addr(&tp[i]), old, len, new, len); |
195 |
+ } |
196 |
+ |
197 |
+ if (do_sync) { |
198 |
+@@ -2021,10 +2039,15 @@ static void text_poke_bp_batch(struct text_poke_loc *tp, unsigned int nr_entries |
199 |
+ * replacing opcode. |
200 |
+ */ |
201 |
+ for (do_sync = 0, i = 0; i < nr_entries; i++) { |
202 |
+- if (tp[i].text[0] == INT3_INSN_OPCODE) |
203 |
++ u8 byte = tp[i].text[0]; |
204 |
++ |
205 |
++ if (tp[i].len == 6) |
206 |
++ byte = 0x0f; |
207 |
++ |
208 |
++ if (byte == INT3_INSN_OPCODE) |
209 |
+ continue; |
210 |
+ |
211 |
+- text_poke(text_poke_addr(&tp[i]), tp[i].text, INT3_INSN_SIZE); |
212 |
++ text_poke(text_poke_addr(&tp[i]), &byte, INT3_INSN_SIZE); |
213 |
+ do_sync++; |
214 |
+ } |
215 |
+ |
216 |
+@@ -2042,9 +2065,11 @@ static void text_poke_loc_init(struct text_poke_loc *tp, void *addr, |
217 |
+ const void *opcode, size_t len, const void *emulate) |
218 |
+ { |
219 |
+ struct insn insn; |
220 |
+- int ret, i; |
221 |
++ int ret, i = 0; |
222 |
+ |
223 |
+- memcpy((void *)tp->text, opcode, len); |
224 |
++ if (len == 6) |
225 |
++ i = 1; |
226 |
++ memcpy((void *)tp->text, opcode+i, len-i); |
227 |
+ if (!emulate) |
228 |
+ emulate = opcode; |
229 |
+ |
230 |
+@@ -2055,6 +2080,13 @@ static void text_poke_loc_init(struct text_poke_loc *tp, void *addr, |
231 |
+ tp->len = len; |
232 |
+ tp->opcode = insn.opcode.bytes[0]; |
233 |
+ |
234 |
++ if (is_jcc32(&insn)) { |
235 |
++ /* |
236 |
++ * Map Jcc.d32 onto Jcc.d8 and use len to distinguish. |
237 |
++ */ |
238 |
++ tp->opcode = insn.opcode.bytes[1] - 0x10; |
239 |
++ } |
240 |
++ |
241 |
+ switch (tp->opcode) { |
242 |
+ case RET_INSN_OPCODE: |
243 |
+ case JMP32_INSN_OPCODE: |
244 |
+@@ -2071,7 +2103,6 @@ static void text_poke_loc_init(struct text_poke_loc *tp, void *addr, |
245 |
+ BUG_ON(len != insn.length); |
246 |
+ } |
247 |
+ |
248 |
+- |
249 |
+ switch (tp->opcode) { |
250 |
+ case INT3_INSN_OPCODE: |
251 |
+ case RET_INSN_OPCODE: |
252 |
+@@ -2080,6 +2111,7 @@ static void text_poke_loc_init(struct text_poke_loc *tp, void *addr, |
253 |
+ case CALL_INSN_OPCODE: |
254 |
+ case JMP32_INSN_OPCODE: |
255 |
+ case JMP8_INSN_OPCODE: |
256 |
++ case 0x70 ... 0x7f: /* Jcc */ |
257 |
+ tp->disp = insn.immediate.value; |
258 |
+ break; |
259 |
+ |
260 |
+diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c |
261 |
+index 695873c0f50b5..0ce969ae250f7 100644 |
262 |
+--- a/arch/x86/kernel/kprobes/core.c |
263 |
++++ b/arch/x86/kernel/kprobes/core.c |
264 |
+@@ -464,50 +464,26 @@ static void kprobe_emulate_call(struct kprobe *p, struct pt_regs *regs) |
265 |
+ } |
266 |
+ NOKPROBE_SYMBOL(kprobe_emulate_call); |
267 |
+ |
268 |
+-static nokprobe_inline |
269 |
+-void __kprobe_emulate_jmp(struct kprobe *p, struct pt_regs *regs, bool cond) |
270 |
++static void kprobe_emulate_jmp(struct kprobe *p, struct pt_regs *regs) |
271 |
+ { |
272 |
+ unsigned long ip = regs->ip - INT3_INSN_SIZE + p->ainsn.size; |
273 |
+ |
274 |
+- if (cond) |
275 |
+- ip += p->ainsn.rel32; |
276 |
++ ip += p->ainsn.rel32; |
277 |
+ int3_emulate_jmp(regs, ip); |
278 |
+ } |
279 |
+- |
280 |
+-static void kprobe_emulate_jmp(struct kprobe *p, struct pt_regs *regs) |
281 |
+-{ |
282 |
+- __kprobe_emulate_jmp(p, regs, true); |
283 |
+-} |
284 |
+ NOKPROBE_SYMBOL(kprobe_emulate_jmp); |
285 |
+ |
286 |
+-static const unsigned long jcc_mask[6] = { |
287 |
+- [0] = X86_EFLAGS_OF, |
288 |
+- [1] = X86_EFLAGS_CF, |
289 |
+- [2] = X86_EFLAGS_ZF, |
290 |
+- [3] = X86_EFLAGS_CF | X86_EFLAGS_ZF, |
291 |
+- [4] = X86_EFLAGS_SF, |
292 |
+- [5] = X86_EFLAGS_PF, |
293 |
+-}; |
294 |
+- |
295 |
+ static void kprobe_emulate_jcc(struct kprobe *p, struct pt_regs *regs) |
296 |
+ { |
297 |
+- bool invert = p->ainsn.jcc.type & 1; |
298 |
+- bool match; |
299 |
++ unsigned long ip = regs->ip - INT3_INSN_SIZE + p->ainsn.size; |
300 |
+ |
301 |
+- if (p->ainsn.jcc.type < 0xc) { |
302 |
+- match = regs->flags & jcc_mask[p->ainsn.jcc.type >> 1]; |
303 |
+- } else { |
304 |
+- match = ((regs->flags & X86_EFLAGS_SF) >> X86_EFLAGS_SF_BIT) ^ |
305 |
+- ((regs->flags & X86_EFLAGS_OF) >> X86_EFLAGS_OF_BIT); |
306 |
+- if (p->ainsn.jcc.type >= 0xe) |
307 |
+- match = match || (regs->flags & X86_EFLAGS_ZF); |
308 |
+- } |
309 |
+- __kprobe_emulate_jmp(p, regs, (match && !invert) || (!match && invert)); |
310 |
++ int3_emulate_jcc(regs, p->ainsn.jcc.type, ip, p->ainsn.rel32); |
311 |
+ } |
312 |
+ NOKPROBE_SYMBOL(kprobe_emulate_jcc); |
313 |
+ |
314 |
+ static void kprobe_emulate_loop(struct kprobe *p, struct pt_regs *regs) |
315 |
+ { |
316 |
++ unsigned long ip = regs->ip - INT3_INSN_SIZE + p->ainsn.size; |
317 |
+ bool match; |
318 |
+ |
319 |
+ if (p->ainsn.loop.type != 3) { /* LOOP* */ |
320 |
+@@ -535,7 +511,9 @@ static void kprobe_emulate_loop(struct kprobe *p, struct pt_regs *regs) |
321 |
+ else if (p->ainsn.loop.type == 1) /* LOOPE */ |
322 |
+ match = match && (regs->flags & X86_EFLAGS_ZF); |
323 |
+ |
324 |
+- __kprobe_emulate_jmp(p, regs, match); |
325 |
++ if (match) |
326 |
++ ip += p->ainsn.rel32; |
327 |
++ int3_emulate_jmp(regs, ip); |
328 |
+ } |
329 |
+ NOKPROBE_SYMBOL(kprobe_emulate_loop); |
330 |
+ |
331 |
+diff --git a/arch/x86/kernel/static_call.c b/arch/x86/kernel/static_call.c |
332 |
+index 2ebc338980bcd..b70670a985978 100644 |
333 |
+--- a/arch/x86/kernel/static_call.c |
334 |
++++ b/arch/x86/kernel/static_call.c |
335 |
+@@ -9,6 +9,7 @@ enum insn_type { |
336 |
+ NOP = 1, /* site cond-call */ |
337 |
+ JMP = 2, /* tramp / site tail-call */ |
338 |
+ RET = 3, /* tramp / site cond-tail-call */ |
339 |
++ JCC = 4, |
340 |
+ }; |
341 |
+ |
342 |
+ /* |
343 |
+@@ -25,12 +26,40 @@ static const u8 xor5rax[] = { 0x2e, 0x2e, 0x2e, 0x31, 0xc0 }; |
344 |
+ |
345 |
+ static const u8 retinsn[] = { RET_INSN_OPCODE, 0xcc, 0xcc, 0xcc, 0xcc }; |
346 |
+ |
347 |
++static u8 __is_Jcc(u8 *insn) /* Jcc.d32 */ |
348 |
++{ |
349 |
++ u8 ret = 0; |
350 |
++ |
351 |
++ if (insn[0] == 0x0f) { |
352 |
++ u8 tmp = insn[1]; |
353 |
++ if ((tmp & 0xf0) == 0x80) |
354 |
++ ret = tmp; |
355 |
++ } |
356 |
++ |
357 |
++ return ret; |
358 |
++} |
359 |
++ |
360 |
++extern void __static_call_return(void); |
361 |
++ |
362 |
++asm (".global __static_call_return\n\t" |
363 |
++ ".type __static_call_return, @function\n\t" |
364 |
++ ASM_FUNC_ALIGN "\n\t" |
365 |
++ "__static_call_return:\n\t" |
366 |
++ ANNOTATE_NOENDBR |
367 |
++ ANNOTATE_RETPOLINE_SAFE |
368 |
++ "ret; int3\n\t" |
369 |
++ ".size __static_call_return, . - __static_call_return \n\t"); |
370 |
++ |
371 |
+ static void __ref __static_call_transform(void *insn, enum insn_type type, |
372 |
+ void *func, bool modinit) |
373 |
+ { |
374 |
+ const void *emulate = NULL; |
375 |
+ int size = CALL_INSN_SIZE; |
376 |
+ const void *code; |
377 |
++ u8 op, buf[6]; |
378 |
++ |
379 |
++ if ((type == JMP || type == RET) && (op = __is_Jcc(insn))) |
380 |
++ type = JCC; |
381 |
+ |
382 |
+ switch (type) { |
383 |
+ case CALL: |
384 |
+@@ -57,6 +86,20 @@ static void __ref __static_call_transform(void *insn, enum insn_type type, |
385 |
+ else |
386 |
+ code = &retinsn; |
387 |
+ break; |
388 |
++ |
389 |
++ case JCC: |
390 |
++ if (!func) { |
391 |
++ func = __static_call_return; |
392 |
++ if (cpu_feature_enabled(X86_FEATURE_RETHUNK)) |
393 |
++ func = x86_return_thunk; |
394 |
++ } |
395 |
++ |
396 |
++ buf[0] = 0x0f; |
397 |
++ __text_gen_insn(buf+1, op, insn+1, func, 5); |
398 |
++ code = buf; |
399 |
++ size = 6; |
400 |
++ |
401 |
++ break; |
402 |
+ } |
403 |
+ |
404 |
+ if (memcmp(insn, code, size) == 0) |
405 |
+@@ -68,9 +111,9 @@ static void __ref __static_call_transform(void *insn, enum insn_type type, |
406 |
+ text_poke_bp(insn, code, size, emulate); |
407 |
+ } |
408 |
+ |
409 |
+-static void __static_call_validate(void *insn, bool tail, bool tramp) |
410 |
++static void __static_call_validate(u8 *insn, bool tail, bool tramp) |
411 |
+ { |
412 |
+- u8 opcode = *(u8 *)insn; |
413 |
++ u8 opcode = insn[0]; |
414 |
+ |
415 |
+ if (tramp && memcmp(insn+5, tramp_ud, 3)) { |
416 |
+ pr_err("trampoline signature fail"); |
417 |
+@@ -79,7 +122,8 @@ static void __static_call_validate(void *insn, bool tail, bool tramp) |
418 |
+ |
419 |
+ if (tail) { |
420 |
+ if (opcode == JMP32_INSN_OPCODE || |
421 |
+- opcode == RET_INSN_OPCODE) |
422 |
++ opcode == RET_INSN_OPCODE || |
423 |
++ __is_Jcc(insn)) |
424 |
+ return; |
425 |
+ } else { |
426 |
+ if (opcode == CALL_INSN_OPCODE || |
427 |
+diff --git a/drivers/hid/hid-mcp2221.c b/drivers/hid/hid-mcp2221.c |
428 |
+index e61dd039354b8..f74a977cf8f87 100644 |
429 |
+--- a/drivers/hid/hid-mcp2221.c |
430 |
++++ b/drivers/hid/hid-mcp2221.c |
431 |
+@@ -922,6 +922,9 @@ static void mcp2221_hid_unregister(void *ptr) |
432 |
+ /* This is needed to be sure hid_hw_stop() isn't called twice by the subsystem */ |
433 |
+ static void mcp2221_remove(struct hid_device *hdev) |
434 |
+ { |
435 |
++ struct mcp2221 *mcp = hid_get_drvdata(hdev); |
436 |
++ |
437 |
++ cancel_delayed_work_sync(&mcp->init_work); |
438 |
+ } |
439 |
+ |
440 |
+ #if IS_REACHABLE(CONFIG_IIO) |
441 |
+diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c |
442 |
+index b8dc3b5c9ad94..9f506efa53705 100644 |
443 |
+--- a/drivers/net/wireless/marvell/mwifiex/sdio.c |
444 |
++++ b/drivers/net/wireless/marvell/mwifiex/sdio.c |
445 |
+@@ -480,6 +480,7 @@ static struct memory_type_mapping mem_type_mapping_tbl[] = { |
446 |
+ }; |
447 |
+ |
448 |
+ static const struct of_device_id mwifiex_sdio_of_match_table[] = { |
449 |
++ { .compatible = "marvell,sd8787" }, |
450 |
+ { .compatible = "marvell,sd8897" }, |
451 |
+ { .compatible = "marvell,sd8997" }, |
452 |
+ { } |
453 |
+diff --git a/drivers/platform/x86/amd/pmf/Kconfig b/drivers/platform/x86/amd/pmf/Kconfig |
454 |
+index c375498c40717..6d89528c31779 100644 |
455 |
+--- a/drivers/platform/x86/amd/pmf/Kconfig |
456 |
++++ b/drivers/platform/x86/amd/pmf/Kconfig |
457 |
+@@ -6,6 +6,7 @@ |
458 |
+ config AMD_PMF |
459 |
+ tristate "AMD Platform Management Framework" |
460 |
+ depends on ACPI && PCI |
461 |
++ depends on POWER_SUPPLY |
462 |
+ select ACPI_PLATFORM_PROFILE |
463 |
+ help |
464 |
+ This driver provides support for the AMD Platform Management Framework. |
465 |
+diff --git a/drivers/platform/x86/nvidia-wmi-ec-backlight.c b/drivers/platform/x86/nvidia-wmi-ec-backlight.c |
466 |
+index baccdf6585382..1b572c90c76ec 100644 |
467 |
+--- a/drivers/platform/x86/nvidia-wmi-ec-backlight.c |
468 |
++++ b/drivers/platform/x86/nvidia-wmi-ec-backlight.c |
469 |
+@@ -12,6 +12,10 @@ |
470 |
+ #include <linux/wmi.h> |
471 |
+ #include <acpi/video.h> |
472 |
+ |
473 |
++static bool force; |
474 |
++module_param(force, bool, 0444); |
475 |
++MODULE_PARM_DESC(force, "Force loading (disable acpi_backlight=xxx checks"); |
476 |
++ |
477 |
+ /** |
478 |
+ * wmi_brightness_notify() - helper function for calling WMI-wrapped ACPI method |
479 |
+ * @w: Pointer to the struct wmi_device identified by %WMI_BRIGHTNESS_GUID |
480 |
+@@ -91,7 +95,7 @@ static int nvidia_wmi_ec_backlight_probe(struct wmi_device *wdev, const void *ct |
481 |
+ int ret; |
482 |
+ |
483 |
+ /* drivers/acpi/video_detect.c also checks that SOURCE == EC */ |
484 |
+- if (acpi_video_get_backlight_type() != acpi_backlight_nvidia_wmi_ec) |
485 |
++ if (!force && acpi_video_get_backlight_type() != acpi_backlight_nvidia_wmi_ec) |
486 |
+ return -ENODEV; |
487 |
+ |
488 |
+ /* |
489 |
+diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c |
490 |
+index d233c24ea3425..e2b8b3437c589 100644 |
491 |
+--- a/fs/ext4/sysfs.c |
492 |
++++ b/fs/ext4/sysfs.c |
493 |
+@@ -491,6 +491,11 @@ static void ext4_sb_release(struct kobject *kobj) |
494 |
+ complete(&sbi->s_kobj_unregister); |
495 |
+ } |
496 |
+ |
497 |
++static void ext4_feat_release(struct kobject *kobj) |
498 |
++{ |
499 |
++ kfree(kobj); |
500 |
++} |
501 |
++ |
502 |
+ static const struct sysfs_ops ext4_attr_ops = { |
503 |
+ .show = ext4_attr_show, |
504 |
+ .store = ext4_attr_store, |
505 |
+@@ -505,7 +510,7 @@ static struct kobj_type ext4_sb_ktype = { |
506 |
+ static struct kobj_type ext4_feat_ktype = { |
507 |
+ .default_groups = ext4_feat_groups, |
508 |
+ .sysfs_ops = &ext4_attr_ops, |
509 |
+- .release = (void (*)(struct kobject *))kfree, |
510 |
++ .release = ext4_feat_release, |
511 |
+ }; |
512 |
+ |
513 |
+ void ext4_notify_error_sysfs(struct ext4_sb_info *sbi) |
514 |
+diff --git a/include/linux/nospec.h b/include/linux/nospec.h |
515 |
+index c1e79f72cd892..9f0af4f116d98 100644 |
516 |
+--- a/include/linux/nospec.h |
517 |
++++ b/include/linux/nospec.h |
518 |
+@@ -11,6 +11,10 @@ |
519 |
+ |
520 |
+ struct task_struct; |
521 |
+ |
522 |
++#ifndef barrier_nospec |
523 |
++# define barrier_nospec() do { } while (0) |
524 |
++#endif |
525 |
++ |
526 |
+ /** |
527 |
+ * array_index_mask_nospec() - generate a ~0 mask when index < size, 0 otherwise |
528 |
+ * @index: array element index |
529 |
+diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c |
530 |
+index ba3fff17e2f9f..f9c3b1033ec39 100644 |
531 |
+--- a/kernel/bpf/core.c |
532 |
++++ b/kernel/bpf/core.c |
533 |
+@@ -34,6 +34,7 @@ |
534 |
+ #include <linux/log2.h> |
535 |
+ #include <linux/bpf_verifier.h> |
536 |
+ #include <linux/nodemask.h> |
537 |
++#include <linux/nospec.h> |
538 |
+ #include <linux/bpf_mem_alloc.h> |
539 |
+ |
540 |
+ #include <asm/barrier.h> |
541 |
+@@ -1910,9 +1911,7 @@ out: |
542 |
+ * reuse preexisting logic from Spectre v1 mitigation that |
543 |
+ * happens to produce the required code on x86 for v4 as well. |
544 |
+ */ |
545 |
+-#ifdef CONFIG_X86 |
546 |
+ barrier_nospec(); |
547 |
+-#endif |
548 |
+ CONT; |
549 |
+ #define LDST(SIZEOP, SIZE) \ |
550 |
+ STX_MEM_##SIZEOP: \ |
551 |
+diff --git a/lib/usercopy.c b/lib/usercopy.c |
552 |
+index 1505a52f23a01..d29fe29c68494 100644 |
553 |
+--- a/lib/usercopy.c |
554 |
++++ b/lib/usercopy.c |
555 |
+@@ -3,6 +3,7 @@ |
556 |
+ #include <linux/fault-inject-usercopy.h> |
557 |
+ #include <linux/instrumented.h> |
558 |
+ #include <linux/uaccess.h> |
559 |
++#include <linux/nospec.h> |
560 |
+ |
561 |
+ /* out-of-line parts */ |
562 |
+ |
563 |
+@@ -12,6 +13,12 @@ unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n |
564 |
+ unsigned long res = n; |
565 |
+ might_fault(); |
566 |
+ if (!should_fail_usercopy() && likely(access_ok(from, n))) { |
567 |
++ /* |
568 |
++ * Ensure that bad access_ok() speculation will not |
569 |
++ * lead to nasty side effects *after* the copy is |
570 |
++ * finished: |
571 |
++ */ |
572 |
++ barrier_nospec(); |
573 |
+ instrument_copy_from_user_before(to, from, n); |
574 |
+ res = raw_copy_from_user(to, from, n); |
575 |
+ instrument_copy_from_user_after(to, from, n, res); |
576 |
+diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening |
577 |
+index 53baa95cb644f..0f295961e7736 100644 |
578 |
+--- a/security/Kconfig.hardening |
579 |
++++ b/security/Kconfig.hardening |
580 |
+@@ -281,6 +281,9 @@ endmenu |
581 |
+ |
582 |
+ config CC_HAS_RANDSTRUCT |
583 |
+ def_bool $(cc-option,-frandomize-layout-seed-file=/dev/null) |
584 |
++ # Randstruct was first added in Clang 15, but it isn't safe to use until |
585 |
++ # Clang 16 due to https://github.com/llvm/llvm-project/issues/60349 |
586 |
++ depends on !CC_IS_CLANG || CLANG_VERSION >= 160000 |
587 |
+ |
588 |
+ choice |
589 |
+ prompt "Randomize layout of sensitive kernel structures" |