]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.9-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 6 Dec 2018 12:49:42 +0000 (13:49 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 6 Dec 2018 12:49:42 +0000 (13:49 +0100)
added patches:
net-qed-use-correct-strncpy-size.patch
tipc-use-destination-length-for-copy-string.patch
usb-gadget-dummy-fix-nonsensical-comparisons.patch

queue-4.9/net-qed-use-correct-strncpy-size.patch [new file with mode: 0644]
queue-4.9/series
queue-4.9/tipc-use-destination-length-for-copy-string.patch [new file with mode: 0644]
queue-4.9/usb-gadget-dummy-fix-nonsensical-comparisons.patch [new file with mode: 0644]

diff --git a/queue-4.9/net-qed-use-correct-strncpy-size.patch b/queue-4.9/net-qed-use-correct-strncpy-size.patch
new file mode 100644 (file)
index 0000000..12d5b3e
--- /dev/null
@@ -0,0 +1,43 @@
+From 11f711081af0eb54190dc0de96ba4a9cd494666b Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Fri, 2 Feb 2018 16:44:47 +0100
+Subject: net: qed: use correct strncpy() size
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 11f711081af0eb54190dc0de96ba4a9cd494666b upstream.
+
+passing the strlen() of the source string as the destination
+length is pointless, and gcc-8 now warns about it:
+
+drivers/net/ethernet/qlogic/qed/qed_debug.c: In function 'qed_grc_dump':
+include/linux/string.h:253: error: 'strncpy' specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
+
+This changes qed_grc_dump_big_ram() to instead uses the length of
+the destination buffer, and use strscpy() to guarantee nul-termination.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/qlogic/qed/qed_debug.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/ethernet/qlogic/qed/qed_debug.c
++++ b/drivers/net/ethernet/qlogic/qed/qed_debug.c
+@@ -3039,10 +3039,10 @@ static u32 qed_grc_dump_big_ram(struct q
+               s_big_ram_defs[big_ram_id].num_of_blocks[dev_data->chip_id];
+       ram_size = total_blocks * BIG_RAM_BLOCK_SIZE_DWORDS;
+-      strncpy(type_name, s_big_ram_defs[big_ram_id].instance_name,
+-              strlen(s_big_ram_defs[big_ram_id].instance_name));
+-      strncpy(mem_name, s_big_ram_defs[big_ram_id].instance_name,
+-              strlen(s_big_ram_defs[big_ram_id].instance_name));
++      strscpy(type_name, s_big_ram_defs[big_ram_id].instance_name,
++              sizeof(type_name));
++      strscpy(mem_name, s_big_ram_defs[big_ram_id].instance_name,
++              sizeof(mem_name));
+       /* Dump memory header */
+       offset += qed_grc_dump_mem_hdr(p_hwfn,
index e20a54fdde5e0981d850676dceba93fbfa4b8257..62e12da7bef357e698459e5278eeb3ff7fb19722 100644 (file)
@@ -42,3 +42,6 @@ reset-add-exported-__reset_control_get-return-null-if-optional.patch
 reset-make-device_reset_optional-really-optional.patch
 reset-remove-remaining-warn_on-in-linux-reset.h.patch
 mm-cleancache-fix-corruption-on-missed-inode-invalidation.patch
+usb-gadget-dummy-fix-nonsensical-comparisons.patch
+net-qed-use-correct-strncpy-size.patch
+tipc-use-destination-length-for-copy-string.patch
diff --git a/queue-4.9/tipc-use-destination-length-for-copy-string.patch b/queue-4.9/tipc-use-destination-length-for-copy-string.patch
new file mode 100644 (file)
index 0000000..ebc00c8
--- /dev/null
@@ -0,0 +1,43 @@
+From 29e270fc32192e7729057963ae7120663856c93e Mon Sep 17 00:00:00 2001
+From: Guoqing Jiang <gqjiang@suse.com>
+Date: Fri, 19 Oct 2018 12:08:22 +0800
+Subject: tipc: use destination length for copy string
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Guoqing Jiang <gqjiang@suse.com>
+
+commit 29e270fc32192e7729057963ae7120663856c93e upstream.
+
+Got below warning with gcc 8.2 compiler.
+
+net/tipc/topsrv.c: In function ‘tipc_topsrv_start’:
+net/tipc/topsrv.c:660:2: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
+  strncpy(srv->name, name, strlen(name) + 1);
+  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+net/tipc/topsrv.c:660:27: note: length computed here
+  strncpy(srv->name, name, strlen(name) + 1);
+                           ^~~~~~~~~~~~
+So change it to correct length and use strscpy.
+
+Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
+Acked-by: Ying Xue <ying.xue@windriver.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/tipc/subscr.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/tipc/subscr.c
++++ b/net/tipc/subscr.c
+@@ -389,7 +389,7 @@ int tipc_topsrv_start(struct net *net)
+       topsrv->tipc_conn_new           = tipc_subscrb_connect_cb;
+       topsrv->tipc_conn_release       = tipc_subscrb_release_cb;
+-      strncpy(topsrv->name, name, strlen(name) + 1);
++      strscpy(topsrv->name, name, sizeof(topsrv->name));
+       tn->topsrv = topsrv;
+       atomic_set(&tn->subscription_count, 0);
diff --git a/queue-4.9/usb-gadget-dummy-fix-nonsensical-comparisons.patch b/queue-4.9/usb-gadget-dummy-fix-nonsensical-comparisons.patch
new file mode 100644 (file)
index 0000000..55b6ca2
--- /dev/null
@@ -0,0 +1,59 @@
+From 7661ca09b2ff98f48693f431bb01fed62830e433 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Thu, 7 Sep 2017 16:14:31 +0200
+Subject: usb: gadget: dummy: fix nonsensical comparisons
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 7661ca09b2ff98f48693f431bb01fed62830e433 upstream.
+
+gcc-8 points out two comparisons that are clearly bogus
+and almost certainly not what the author intended to write:
+
+drivers/usb/gadget/udc/dummy_hcd.c: In function 'set_link_state_by_speed':
+drivers/usb/gadget/udc/dummy_hcd.c:379:31: error: bitwise comparison always evaluates to false [-Werror=tautological-compare]
+         USB_PORT_STAT_ENABLE) == 1 &&
+                               ^~
+drivers/usb/gadget/udc/dummy_hcd.c:381:25: error: bitwise comparison always evaluates to false [-Werror=tautological-compare]
+      USB_SS_PORT_LS_U0) == 1 &&
+                         ^~
+
+I looked at the code for a bit and came up with a change that makes
+it look like what the author probably meant here. This makes it
+look reasonable to me and to gcc, shutting up the warning.
+
+It does of course change behavior as the two conditions are actually
+evaluated rather than being hardcoded to false, and I have made no
+attempt at verifying that the changed logic makes sense in the context
+of a USB HCD, so that part needs to be reviewed carefully.
+
+Fixes: 1cd8fd2887e1 ("usb: gadget: dummy_hcd: add SuperSpeed support")
+Cc: Tatyana Brokhman <tlinder@codeaurora.org>
+Cc: Felipe Balbi <balbi@kernel.org>
+Acked-by: Alan Stern <stern@rowland.harvard.edu>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/udc/dummy_hcd.c |    9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/drivers/usb/gadget/udc/dummy_hcd.c
++++ b/drivers/usb/gadget/udc/dummy_hcd.c
+@@ -379,11 +379,10 @@ static void set_link_state_by_speed(stru
+                            USB_PORT_STAT_CONNECTION) == 0)
+                               dum_hcd->port_status |=
+                                       (USB_PORT_STAT_C_CONNECTION << 16);
+-                      if ((dum_hcd->port_status &
+-                           USB_PORT_STAT_ENABLE) == 1 &&
+-                              (dum_hcd->port_status &
+-                               USB_SS_PORT_LS_U0) == 1 &&
+-                              dum_hcd->rh_state != DUMMY_RH_SUSPENDED)
++                      if ((dum_hcd->port_status & USB_PORT_STAT_ENABLE) &&
++                          (dum_hcd->port_status &
++                           USB_PORT_STAT_LINK_STATE) == USB_SS_PORT_LS_U0 &&
++                          dum_hcd->rh_state != DUMMY_RH_SUSPENDED)
+                               dum_hcd->active = 1;
+               }
+       } else {