--- /dev/null
+From ffab78558cc11fa4252f4ac55d4f21fe695bbed3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 13 Sep 2020 09:52:30 -0700
+Subject: ALSA: asihpi: fix iounmap in error handler
+
+From: Tom Rix <trix@redhat.com>
+
+[ Upstream commit 472eb39103e885f302fd8fd6eff104fcf5503f1b ]
+
+clang static analysis flags this problem
+hpioctl.c:513:7: warning: Branch condition evaluates to
+ a garbage value
+ if (pci.ap_mem_base[idx]) {
+ ^~~~~~~~~~~~~~~~~~~~
+
+If there is a failure in the middle of the memory space loop,
+only some of the memory spaces need to be cleaned up.
+
+At the error handler, idx holds the number of successful
+memory spaces mapped. So rework the handler loop to use the
+old idx.
+
+There is a second problem, the memory space loop conditionally
+iomaps()/sets the mem_base so it is necessay to initize pci.
+
+Fixes: 719f82d3987a ("ALSA: Add support of AudioScience ASI boards")
+Signed-off-by: Tom Rix <trix@redhat.com>
+Link: https://lore.kernel.org/r/20200913165230.17166-1-trix@redhat.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/pci/asihpi/hpioctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c
+index 7a32abbe0cef8..4bdcb7443b1f5 100644
+--- a/sound/pci/asihpi/hpioctl.c
++++ b/sound/pci/asihpi/hpioctl.c
+@@ -346,7 +346,7 @@ int asihpi_adapter_probe(struct pci_dev *pci_dev,
+ struct hpi_message hm;
+ struct hpi_response hr;
+ struct hpi_adapter adapter;
+- struct hpi_pci pci;
++ struct hpi_pci pci = { 0 };
+
+ memset(&adapter, 0, sizeof(adapter));
+
+@@ -502,7 +502,7 @@ int asihpi_adapter_probe(struct pci_dev *pci_dev,
+ return 0;
+
+ err:
+- for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; idx++) {
++ while (--idx >= 0) {
+ if (pci.ap_mem_base[idx]) {
+ iounmap(pci.ap_mem_base[idx]);
+ pci.ap_mem_base[idx] = NULL;
+--
+2.25.1
+
--- /dev/null
+From a1fa07f34a2b7f4c3468212f4e084d26701f55d0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 4 Sep 2020 10:51:03 +0800
+Subject: atm: eni: fix the missed pci_disable_device() for eni_init_one()
+
+From: Jing Xiangfeng <jingxiangfeng@huawei.com>
+
+[ Upstream commit c2b947879ca320ac5505c6c29a731ff17da5e805 ]
+
+eni_init_one() misses to call pci_disable_device() in an error path.
+Jump to err_disable to fix it.
+
+Fixes: ede58ef28e10 ("atm: remove deprecated use of pci api")
+Signed-off-by: Jing Xiangfeng <jingxiangfeng@huawei.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/atm/eni.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c
+index ad591a2f7c822..340a1ee79d280 100644
+--- a/drivers/atm/eni.c
++++ b/drivers/atm/eni.c
+@@ -2242,7 +2242,7 @@ static int eni_init_one(struct pci_dev *pci_dev,
+
+ rc = dma_set_mask_and_coherent(&pci_dev->dev, DMA_BIT_MASK(32));
+ if (rc < 0)
+- goto out;
++ goto err_disable;
+
+ rc = -ENOMEM;
+ eni_dev = kmalloc(sizeof(struct eni_dev), GFP_KERNEL);
+--
+2.25.1
+
--- /dev/null
+From b47e26b17baed6d930e1f791b468785fc79f8eb2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 27 Aug 2020 17:34:48 +0200
+Subject: batman-adv: bla: fix type misuse for backbone_gw hash indexing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Linus Lüssing <ll@simonwunderlich.de>
+
+[ Upstream commit 097930e85f90f252c44dc0d084598265dd44ca48 ]
+
+It seems that due to a copy & paste error the void pointer
+in batadv_choose_backbone_gw() is cast to the wrong type.
+
+Fixing this by using "struct batadv_bla_backbone_gw" instead of "struct
+batadv_bla_claim" which better matches the caller's side.
+
+For now it seems that we were lucky because the two structs both have
+their orig/vid and addr/vid in the beginning. However I stumbled over
+this issue when I was trying to add some debug variables in front of
+"orig" in batadv_backbone_gw, which caused hash lookups to fail.
+
+Fixes: 07568d0369f9 ("batman-adv: don't rely on positions in struct for hashing")
+Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/batman-adv/bridge_loop_avoidance.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index 9aa5daa551273..1267cbb1a329a 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -73,11 +73,12 @@ static inline u32 batadv_choose_claim(const void *data, u32 size)
+ /* return the index of the backbone gateway */
+ static inline u32 batadv_choose_backbone_gw(const void *data, u32 size)
+ {
+- const struct batadv_bla_claim *claim = (struct batadv_bla_claim *)data;
++ const struct batadv_bla_backbone_gw *gw;
+ u32 hash = 0;
+
+- hash = jhash(&claim->addr, sizeof(claim->addr), hash);
+- hash = jhash(&claim->vid, sizeof(claim->vid), hash);
++ gw = (struct batadv_bla_backbone_gw *)data;
++ hash = jhash(&gw->orig, sizeof(gw->orig), hash);
++ hash = jhash(&gw->vid, sizeof(gw->vid), hash);
+
+ return hash % size;
+ }
+--
+2.25.1
+
--- /dev/null
+From acce5fd1287be398c49cbeaf096d5b829863c696 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 4 Sep 2020 20:28:00 +0200
+Subject: batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Linus Lüssing <linus.luessing@c0d3.blue>
+
+[ Upstream commit 7dda5b3384121181c4e79f6eaeac2b94c0622c8d ]
+
+The unicast packet rerouting code makes several assumptions. For
+instance it assumes that there is always exactly one destination in the
+TT. This breaks for multicast frames in a unicast packets in several ways:
+
+For one thing if there is actually no TT entry and the destination node
+was selected due to the multicast tvlv flags it announced. Then an
+intermediate node will wrongly drop the packet.
+
+For another thing if there is a TT entry but the TTVN of this entry is
+newer than the originally addressed destination node: Then the
+intermediate node will wrongly redirect the packet, leading to
+duplicated multicast packets at a multicast listener and missing
+packets at other multicast listeners or multicast routers.
+
+Fixing this by not applying the unicast packet rerouting to batman-adv
+unicast packets with a multicast payload. We are not able to detect a
+roaming multicast listener at the moment and will just continue to send
+the multicast frame to both the new and old destination for a while in
+case of such a roaming multicast listener.
+
+Fixes: a73105b8d4c7 ("batman-adv: improved client announcement mechanism")
+Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/batman-adv/routing.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
+index b3e8b0e3073c2..e470410abb44d 100644
+--- a/net/batman-adv/routing.c
++++ b/net/batman-adv/routing.c
+@@ -782,6 +782,10 @@ static int batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
+ vid = batadv_get_vid(skb, hdr_len);
+ ethhdr = (struct ethhdr *)(skb->data + hdr_len);
+
++ /* do not reroute multicast frames in a unicast header */
++ if (is_multicast_ether_addr(ethhdr->h_dest))
++ return true;
++
+ /* check if the destination client was served by this node and it is now
+ * roaming. In this case, it means that the node has got a ROAM_ADV
+ * message and that it knows the new destination in the mesh to re-route
+--
+2.25.1
+
--- /dev/null
+From 3cd4b11459e30aeb3f3afc848671efcf555826bf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 23 Sep 2020 14:53:12 +0800
+Subject: MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
+
+From: Wei Li <liwei391@huawei.com>
+
+[ Upstream commit e393fbe6fa27af23f78df6e16a8fd2963578a8c4 ]
+
+Commit 442e14a2c55e ("MIPS: Add 1074K CPU support explicitly.") split
+1074K from the 74K as an unique CPU type, while it missed to add the
+'CPU_1074K' in __get_cpu_type(). So let's add it back.
+
+Fixes: 442e14a2c55e ("MIPS: Add 1074K CPU support explicitly.")
+Signed-off-by: Wei Li <liwei391@huawei.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/include/asm/cpu-type.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/mips/include/asm/cpu-type.h b/arch/mips/include/asm/cpu-type.h
+index abee2bfd10dc1..cea0bbb71590f 100644
+--- a/arch/mips/include/asm/cpu-type.h
++++ b/arch/mips/include/asm/cpu-type.h
+@@ -46,6 +46,7 @@ static inline int __pure __get_cpu_type(const int cpu_type)
+ case CPU_34K:
+ case CPU_1004K:
+ case CPU_74K:
++ case CPU_1074K:
+ case CPU_M14KC:
+ case CPU_M14KEC:
+ case CPU_INTERAPTIV:
+--
+2.25.1
+
--- /dev/null
+From 03098b7025f8c168a73b59f0a7ff4bf320014dea Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 25 Aug 2020 17:38:29 +0200
+Subject: mwifiex: Increase AES key storage size to 256 bits
+
+From: Maximilian Luz <luzmaximilian@gmail.com>
+
+[ Upstream commit 4afc850e2e9e781976fb2c7852ce7bac374af938 ]
+
+Following commit e18696786548 ("mwifiex: Prevent memory corruption
+handling keys") the mwifiex driver fails to authenticate with certain
+networks, specifically networks with 256 bit keys, and repeatedly asks
+for the password. The kernel log repeats the following lines (id and
+bssid redacted):
+
+ mwifiex_pcie 0000:01:00.0: info: trying to associate to '<id>' bssid <bssid>
+ mwifiex_pcie 0000:01:00.0: info: associated to bssid <bssid> successfully
+ mwifiex_pcie 0000:01:00.0: crypto keys added
+ mwifiex_pcie 0000:01:00.0: info: successfully disconnected from <bssid>: reason code 3
+
+Tracking down this problem lead to the overflow check introduced by the
+aforementioned commit into mwifiex_ret_802_11_key_material_v2(). This
+check fails on networks with 256 bit keys due to the current storage
+size for AES keys in struct mwifiex_aes_param being only 128 bit.
+
+To fix this issue, increase the storage size for AES keys to 256 bit.
+
+Fixes: e18696786548 ("mwifiex: Prevent memory corruption handling keys")
+Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
+Reported-by: Kaloyan Nikolov <konik98@gmail.com>
+Tested-by: Kaloyan Nikolov <konik98@gmail.com>
+Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+Tested-by: Brian Norris <briannorris@chromium.org>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/20200825153829.38043-1-luzmaximilian@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/mwifiex/fw.h | 2 +-
+ drivers/net/wireless/mwifiex/sta_cmdresp.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/wireless/mwifiex/fw.h b/drivers/net/wireless/mwifiex/fw.h
+index 9a5eb9ed89215..233af2292366d 100644
+--- a/drivers/net/wireless/mwifiex/fw.h
++++ b/drivers/net/wireless/mwifiex/fw.h
+@@ -848,7 +848,7 @@ struct mwifiex_tkip_param {
+ struct mwifiex_aes_param {
+ u8 pn[WPA_PN_SIZE];
+ __le16 key_len;
+- u8 key[WLAN_KEY_LEN_CCMP];
++ u8 key[WLAN_KEY_LEN_CCMP_256];
+ } __packed;
+
+ struct mwifiex_wapi_param {
+diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c
+index 9e3853c8a22da..32b0b06b74f1d 100644
+--- a/drivers/net/wireless/mwifiex/sta_cmdresp.c
++++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c
+@@ -631,7 +631,7 @@ static int mwifiex_ret_802_11_key_material_v2(struct mwifiex_private *priv,
+ key_v2 = &resp->params.key_material_v2;
+
+ len = le16_to_cpu(key_v2->key_param_set.key_params.aes.key_len);
+- if (len > WLAN_KEY_LEN_CCMP)
++ if (len > sizeof(key_v2->key_param_set.key_params.aes.key))
+ return -EINVAL;
+
+ if (le16_to_cpu(key_v2->action) == HostCmd_ACT_GEN_SET) {
+@@ -647,7 +647,7 @@ static int mwifiex_ret_802_11_key_material_v2(struct mwifiex_private *priv,
+ return 0;
+
+ memset(priv->aes_key_v2.key_param_set.key_params.aes.key, 0,
+- WLAN_KEY_LEN_CCMP);
++ sizeof(key_v2->key_param_set.key_params.aes.key));
+ priv->aes_key_v2.key_param_set.key_params.aes.key_len =
+ cpu_to_le16(len);
+ memcpy(priv->aes_key_v2.key_param_set.key_params.aes.key,
+--
+2.25.1
+
vfio-pci-clear-error-and-request-eventfd-ctx-after-r.patch
vfio-pci-fix-racy-on-error-and-request-eventfd-ctx.patch
s390-init-add-missing-__init-annotations.patch
+mwifiex-increase-aes-key-storage-size-to-256-bits.patch
+batman-adv-bla-fix-type-misuse-for-backbone_gw-hash-.patch
+atm-eni-fix-the-missed-pci_disable_device-for-eni_in.patch
+batman-adv-mcast-tt-fix-wrongly-dropped-or-rerouted-.patch
+alsa-asihpi-fix-iounmap-in-error-handler.patch
+mips-add-the-missing-cpu_1074k-into-__get_cpu_type.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
