From: Michael Schmitz <schmitzmic(a)gmail.com>
[ Upstream commit fc3d092c6bb48d5865fec15ed5b333c12f36288c ]
The Amiga partition parser module uses signed int for partition sector
address and count, which will overflow for disks larger than 1 TB.
Use sector_t as type for sector address and size to allow using disks
up to 2 TB without LBD support, and disks larger than 2 TB with LBD.
This bug was reported originally in 2012, and the fix was created by
the RDB author, Joanne Dow <jdow(a)earthlink.net>. A patch had been
discussed and reviewed on linux-m68k at that time but never officially
submitted. This patch differs from Joanne's patch only in its use of
sector_t instead of unsigned int. No checking for overflows is done
(see patch 3 of this series for that).
Reported-by: Martin Steigerwald <Martin(a)lichtvoll.de>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=43511
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Message-ID: <201206192146.09327.Martin(a)lichtvoll.de>
Cc: <stable(a)vger.kernel.org> # 5.2
Signed-off-by: Michael Schmitz <schmitzmic(a)gmail.com>
Tested-by: Martin Steigerwald <Martin(a)lichtvoll.de>
Reviewed-by: Geert Uytterhoeven <geert(a)linux-m68k.org>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
Link: https://lore.kernel.org/r/20230620201725.7020-2-schmitzmic@gmail.com
Signed-off-by: Jens Axboe <axboe(a)kernel.dk>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
block/partitions/amiga.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c
index 560936617d9c1..4a4160221183b 100644
--- a/block/partitions/amiga.c
+++ b/block/partitions/amiga.c
@@ -32,7 +32,8 @@ int amiga_partition(struct parsed_partitions *state)
unsigned char *data;
struct RigidDiskBlock *rdb;
struct PartitionBlock *pb;
- int start_sect, nr_sects, blk, part, res = 0;
+ sector_t start_sect, nr_sects;
+ int blk, part, res = 0;
int blksize = 1; /* Multiplier for disk block size */
int slot = 1;
char b[BDEVNAME_SIZE];
@@ -100,14 +101,14 @@ int amiga_partition(struct parsed_partitions *state)
/* Tell Kernel about it */
- nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 -
- be32_to_cpu(pb->pb_Environment[9])) *
+ nr_sects = ((sector_t)be32_to_cpu(pb->pb_Environment[10]) + 1 -
+ be32_to_cpu(pb->pb_Environment[9])) *
be32_to_cpu(pb->pb_Environment[3]) *
be32_to_cpu(pb->pb_Environment[5]) *
blksize;
if (!nr_sects)
continue;
- start_sect = be32_to_cpu(pb->pb_Environment[9]) *
+ start_sect = (sector_t)be32_to_cpu(pb->pb_Environment[9]) *
be32_to_cpu(pb->pb_Environment[3]) *
be32_to_cpu(pb->pb_Environment[5]) *
blksize;
--
2.43.0
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041548-aftermath-grafted-5575@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com>
Date: Fri, 5 Apr 2024 00:34:27 +0300
Subject: [PATCH] drm/i915: Disable port sync when bigjoiner is used
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The current modeset sequence can't handle port sync and bigjoiner
at the same time. Refuse port sync when bigjoiner is needed,
at least until we fix the modeset sequence.
v2: Add a FIXME (Vandite)
Cc: stable(a)vger.kernel.org
Tested-by: Vidya Srinivas <vidya.srinivas(a)intel.com>
Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240404213441.17637-4-ville.…
Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
(cherry picked from commit b37e1347b991459c38c56ec2476087854a4f720b)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com>
diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c
index c587a8efeafc..c17462b4c2ac 100644
--- a/drivers/gpu/drm/i915/display/intel_ddi.c
+++ b/drivers/gpu/drm/i915/display/intel_ddi.c
@@ -4256,7 +4256,12 @@ static bool m_n_equal(const struct intel_link_m_n *m_n_1,
static bool crtcs_port_sync_compatible(const struct intel_crtc_state *crtc_state1,
const struct intel_crtc_state *crtc_state2)
{
+ /*
+ * FIXME the modeset sequence is currently wrong and
+ * can't deal with bigjoiner + port sync at the same time.
+ */
return crtc_state1->hw.active && crtc_state2->hw.active &&
+ !crtc_state1->bigjoiner_pipes && !crtc_state2->bigjoiner_pipes &&
crtc_state1->output_types == crtc_state2->output_types &&
crtc_state1->output_format == crtc_state2->output_format &&
crtc_state1->lane_count == crtc_state2->lane_count &&
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024041547-freely-probable-b5c9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com>
Date: Fri, 5 Apr 2024 00:34:27 +0300
Subject: [PATCH] drm/i915: Disable port sync when bigjoiner is used
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The current modeset sequence can't handle port sync and bigjoiner
at the same time. Refuse port sync when bigjoiner is needed,
at least until we fix the modeset sequence.
v2: Add a FIXME (Vandite)
Cc: stable(a)vger.kernel.org
Tested-by: Vidya Srinivas <vidya.srinivas(a)intel.com>
Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240404213441.17637-4-ville.…
Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
(cherry picked from commit b37e1347b991459c38c56ec2476087854a4f720b)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com>
diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c
index c587a8efeafc..c17462b4c2ac 100644
--- a/drivers/gpu/drm/i915/display/intel_ddi.c
+++ b/drivers/gpu/drm/i915/display/intel_ddi.c
@@ -4256,7 +4256,12 @@ static bool m_n_equal(const struct intel_link_m_n *m_n_1,
static bool crtcs_port_sync_compatible(const struct intel_crtc_state *crtc_state1,
const struct intel_crtc_state *crtc_state2)
{
+ /*
+ * FIXME the modeset sequence is currently wrong and
+ * can't deal with bigjoiner + port sync at the same time.
+ */
return crtc_state1->hw.active && crtc_state2->hw.active &&
+ !crtc_state1->bigjoiner_pipes && !crtc_state2->bigjoiner_pipes &&
crtc_state1->output_types == crtc_state2->output_types &&
crtc_state1->output_format == crtc_state2->output_format &&
crtc_state1->lane_count == crtc_state2->lane_count &&
This is the start of the stable review cycle for the 5.15.155 release.
There are 57 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.155-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.15.155-rc1
Vasiliy Kovalev <kovalev(a)altlinux.org>
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: btintel: Fixe build regression
Gwendal Grignou <gwendal(a)chromium.org>
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
Kees Cook <keescook(a)chromium.org>
randomize_kstack: Improve entropy diffusion
David Hildenbrand <david(a)redhat.com>
x86/mm/pat: fix VM_PAT handling in COW mappings
David Hildenbrand <david(a)redhat.com>
virtio: reenable config if freezing device failed
Ard Biesheuvel <ardb(a)kernel.org>
gcc-plugins/stackleak: Avoid .head.text section
Kees Cook <keescook(a)chromium.org>
gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text
Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com>
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: discard table flag update with pending basechain deletion
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: release batch on table validation from abort path
Roman Smirnov <r.smirnov(a)omp.ru>
fbmon: prevent division by zero in fb_videomode_from_videomode()
Jiawei Fu (iBug) <i(a)ibugone.com>
drivers/nvme: Add quirks for device 126f:2262
Aleksandr Burakov <a.burakov(a)rosalinux.ru>
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Chancel Liu <chancel.liu(a)nxp.com>
ASoC: soc-core.c: Skip dummy codec when adding platforms
Colin Ian King <colin.i.king(a)gmail.com>
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Marco Felsch <m.felsch(a)pengutronix.de>
usb: typec: tcpci: add generic tcpci fallback compatible
Petre Rodan <petre.rodan(a)subdimension.ro>
tools: iio: replace seekdir() in iio_generic_buffer
linke li <lilinke99(a)qq.com>
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
Ricardo B. Marliere <ricardo(a)marliere.net>
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Alban Boyé <alban.boye(a)protonmail.com>
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Gergo Koteles <soyer(a)irl.hu>
Input: allocate keycode for Display refresh rate toggle
Manjunath Patil <manjunath.b.patil(a)oracle.com>
RDMA/cm: add timeout to cm_destroy_id wait
Roman Smirnov <r.smirnov(a)omp.ru>
block: prevent division by zero in blk_rq_stat_sum()
Ian Rogers <irogers(a)google.com>
libperf evlist: Avoid out-of-bounds access
Daniel Drake <drake(a)endlessos.org>
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Dai Ngo <dai.ngo(a)oracle.com>
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Aric Cyr <aric.cyr(a)amd.com>
drm/amd/display: Fix nanosec stat overflow
Ye Bin <yebin10(a)huawei.com>
ext4: forbid commit inconsistent quota data when errors=remount-ro
Zhang Yi <yi.zhang(a)huawei.com>
ext4: add a hint for block bitmap corrupt state in mb_groups
Takashi Sakamoto <o-takashi(a)sakamocchi.jp>
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Arnd Bergmann <arnd(a)arndb.de>
media: sta2x11: fix irq handler cast
Alex Henrie <alexhenrie24(a)gmail.com>
isofs: handle CDs with bad root inode but good Joliet root directory
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
sysv: don't call sb_bread() with pointers_lock held
Geert Uytterhoeven <geert+renesas(a)glider.be>
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Kunwu Chan <chentao(a)kylinos.cn>
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Edward Adam Davis <eadavis(a)qq.com>
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet <edumazet(a)google.com>
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
David Sterba <dsterba(a)suse.com>
btrfs: send: handle path ref underflow in header iterate_inode_ref()
David Sterba <dsterba(a)suse.com>
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
David Sterba <dsterba(a)suse.com>
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
Baochen Qiang <quic_bqiang(a)quicinc.com>
wifi: ath11k: decrease MHI channel buffer length to 8KB
Serge Semin <fancer.lancer(a)gmail.com>
net: pcs: xpcs: Return EINVAL in the internal methods
Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com>
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Kunwu Chan <chentao(a)kylinos.cn>
pstore/zone: Add a null pointer check to the psz_kmsg_read
Shannon Nelson <shannon.nelson(a)amd.com>
ionic: set adminq irq affinity
Johan Jonker <jbx6244(a)gmail.com>
arm64: dts: rockchip: fix rk3399 hdmi ports node
Johan Jonker <jbx6244(a)gmail.com>
arm64: dts: rockchip: fix rk3328 hdmi ports node
C Cheng <C.Cheng(a)mediatek.com>
cpuidle: Avoid potential overflow in integer multiplication
John Ogness <john.ogness(a)linutronix.de>
panic: Flush kernel log buffer at the end
Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com>
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Markus Elfring <elfring(a)users.sourceforge.net>
batman-adv: Improve exception handling in batadv_throw_uevent()
Markus Elfring <elfring(a)users.sourceforge.net>
batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: fix panic when DSA master device unbinds on shutdown
-------------
Diffstat:
Makefile | 4 +-
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++++-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 +++++-
arch/x86/mm/pat/memtype.c | 49 +++++++++++++++-------
block/blk-stat.c | 2 +-
drivers/acpi/sleep.c | 12 ------
drivers/bluetooth/btintel.c | 2 +-
drivers/cpuidle/driver.c | 3 +-
.../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +-
drivers/infiniband/core/cm.c | 20 ++++++++-
drivers/input/rmi4/rmi_driver.c | 6 ++-
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 ++--
drivers/misc/vmw_vmci/vmci_datagram.c | 6 ++-
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 ++-
drivers/net/pcs/pcs-xpcs.c | 4 +-
drivers/net/wireless/ath/ath11k/mhi.c | 2 +-
drivers/net/wireless/ath/ath9k/antenna.c | 2 +-
drivers/nvme/host/pci.c | 3 ++
drivers/pinctrl/renesas/core.c | 4 +-
drivers/platform/x86/intel/vbtn.c | 5 ++-
drivers/platform/x86/touchscreen_dmi.c | 9 ++++
drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++-
drivers/tty/n_gsm.c | 3 ++
drivers/usb/host/sl811-hcd.c | 2 +
drivers/usb/typec/tcpm/tcpci.c | 1 +
drivers/video/fbdev/core/fbmon.c | 7 ++--
drivers/video/fbdev/via/accel.c | 4 +-
drivers/virtio/virtio.c | 10 ++++-
fs/btrfs/export.c | 9 +++-
fs/btrfs/send.c | 10 ++++-
fs/btrfs/volumes.c | 12 +++++-
fs/ext4/mballoc.c | 5 ++-
fs/ext4/super.c | 12 ++++++
fs/isofs/inode.c | 18 +++++++-
fs/pstore/zone.c | 2 +
fs/sysv/itree.c | 10 ++---
include/linux/randomize_kstack.h | 2 +-
include/linux/sunrpc/sched.h | 2 +-
include/uapi/linux/input-event-codes.h | 1 +
kernel/panic.c | 8 ++++
kernel/trace/ring_buffer.c | 2 +-
mm/memory.c | 4 ++
net/batman-adv/distributed-arp-table.c | 3 +-
net/batman-adv/main.c | 14 ++++---
net/dsa/dsa2.c | 25 +++--------
net/netfilter/nf_tables_api.c | 47 ++++++++++++++++-----
net/smc/smc_pnet.c | 10 +++++
scripts/gcc-plugins/stackleak_plugin.c | 6 +++
sound/firewire/amdtp-stream.c | 12 ++++--
sound/firewire/amdtp-stream.h | 4 ++
sound/soc/soc-core.c | 3 ++
tools/iio/iio_utils.c | 2 +-
tools/lib/perf/evlist.c | 18 +++++---
tools/lib/perf/include/internal/evlist.h | 4 +-
.../x86_energy_perf_policy.c | 1 +
tools/testing/ktest/ktest.pl | 1 +
56 files changed, 326 insertions(+), 128 deletions(-)