--- /dev/null
+From 8e8ce08198de193e3d21d42e96945216e3d9ac7f Mon Sep 17 00:00:00 2001
+From: Sven Eckelmann <sven@narfation.org>
+Date: Sun, 16 Feb 2020 13:02:06 +0100
+Subject: batman-adv: Don't schedule OGM for disabled interface
+
+From: Sven Eckelmann <sven@narfation.org>
+
+commit 8e8ce08198de193e3d21d42e96945216e3d9ac7f upstream.
+
+A transmission scheduling for an interface which is currently dropped by
+batadv_iv_ogm_iface_disable could still be in progress. The B.A.T.M.A.N. V
+is simply cancelling the workqueue item in an synchronous way but this is
+not possible with B.A.T.M.A.N. IV because the OGM submissions are
+intertwined.
+
+Instead it has to stop submitting the OGM when it detect that the buffer
+pointer is set to NULL.
+
+Reported-by: syzbot+a98f2016f40b9cd3818a@syzkaller.appspotmail.com
+Reported-by: syzbot+ac36b6a33c28a491e929@syzkaller.appspotmail.com
+Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Cc: Hillf Danton <hdanton@sina.com>
+Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/batman-adv/bat_iv_ogm.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/net/batman-adv/bat_iv_ogm.c
++++ b/net/batman-adv/bat_iv_ogm.c
+@@ -926,6 +926,10 @@ static void batadv_iv_ogm_schedule(struc
+ (hard_iface->if_status == BATADV_IF_TO_BE_REMOVED))
+ return;
+
++ /* interface already disabled by batadv_iv_ogm_iface_disable */
++ if (!*ogm_buff)
++ return;
++
+ /* the interface gets activated here to avoid race conditions between
+ * the moment of activating the interface in
+ * hardif_activate_interface() where the originator mac is set and
--- /dev/null
+From c049b3450072b8e3998053490e025839fecfef31 Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:08:31 -0800
+Subject: netfilter: cthelper: add missing attribute validation for cthelper
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit c049b3450072b8e3998053490e025839fecfef31 upstream.
+
+Add missing attribute validation for cthelper
+to the netlink policy.
+
+Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_cthelper.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/netfilter/nfnetlink_cthelper.c
++++ b/net/netfilter/nfnetlink_cthelper.c
+@@ -733,6 +733,8 @@ static const struct nla_policy nfnl_cthe
+ [NFCTH_NAME] = { .type = NLA_NUL_STRING,
+ .len = NF_CT_HELPER_NAME_LEN-1 },
+ [NFCTH_QUEUE_NUM] = { .type = NLA_U32, },
++ [NFCTH_PRIV_DATA_LEN] = { .type = NLA_U32, },
++ [NFCTH_STATUS] = { .type = NLA_U32, },
+ };
+
+ static const struct nfnl_callback nfnl_cthelper_cb[NFNL_MSG_CTHELPER_MAX] = {
--- /dev/null
+From 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:10:57 -0800
+Subject: nl80211: add missing attribute validation for beacon report scanning
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d upstream.
+
+Add missing attribute validation for beacon report scanning
+to the netlink policy.
+
+Fixes: 1d76250bd34a ("nl80211: support beacon report scanning")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Link: https://lore.kernel.org/r/20200303051058.4089398-3-kuba@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -347,6 +347,8 @@ static const struct nla_policy nl80211_p
+ [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
+ [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
+ [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
++ [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
++ [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
+ [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
+ [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
+ [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
--- /dev/null
+From 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:10:58 -0800
+Subject: nl80211: add missing attribute validation for channel switch
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 upstream.
+
+Add missing attribute validation for NL80211_ATTR_OPER_CLASS
+to the netlink policy.
+
+Fixes: 1057d35ede5d ("cfg80211: introduce TDLS channel switch commands")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Link: https://lore.kernel.org/r/20200303051058.4089398-4-kuba@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -424,6 +424,7 @@ static const struct nla_policy nl80211_p
+ [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
+ [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
+ [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
++ [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
+ [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
+ [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
+ [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
--- /dev/null
+From 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 Mon Sep 17 00:00:00 2001
+From: Jakub Kicinski <kuba@kernel.org>
+Date: Mon, 2 Mar 2020 21:10:56 -0800
+Subject: nl80211: add missing attribute validation for critical protocol indication
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+commit 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 upstream.
+
+Add missing attribute validation for critical protocol fields
+to the netlink policy.
+
+Fixes: 5de17984898c ("cfg80211: introduce critical protocol indication from user-space")
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Link: https://lore.kernel.org/r/20200303051058.4089398-2-kuba@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -395,6 +395,8 @@ static const struct nla_policy nl80211_p
+ [NL80211_ATTR_MDID] = { .type = NLA_U16 },
+ [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
+ .len = IEEE80211_MAX_DATA_LEN },
++ [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
++ [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
+ [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
+ [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
+ [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
--- /dev/null
+From aafd56fc79041bf36f97712d4b35208cbe07db90 Mon Sep 17 00:00:00 2001
+From: Charles Keepax <ckeepax@opensource.cirrus.com>
+Date: Fri, 28 Feb 2020 15:41:42 +0000
+Subject: pinctrl: core: Remove extra kref_get which blocks hogs being freed
+
+From: Charles Keepax <ckeepax@opensource.cirrus.com>
+
+commit aafd56fc79041bf36f97712d4b35208cbe07db90 upstream.
+
+kref_init starts with the reference count at 1, which will be balanced
+by the pinctrl_put in pinctrl_unregister. The additional kref_get in
+pinctrl_claim_hogs will increase this count to 2 and cause the hogs to
+not get freed when pinctrl_unregister is called.
+
+Fixes: 6118714275f0 ("pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable()")
+Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
+Link: https://lore.kernel.org/r/20200228154142.13860-1-ckeepax@opensource.cirrus.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pinctrl/core.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/pinctrl/core.c
++++ b/drivers/pinctrl/core.c
+@@ -2031,7 +2031,6 @@ static int pinctrl_claim_hogs(struct pin
+ return PTR_ERR(pctldev->p);
+ }
+
+- kref_get(&pctldev->p->users);
+ pctldev->hog_default =
+ pinctrl_lookup_state(pctldev->p, PINCTRL_STATE_DEFAULT);
+ if (IS_ERR(pctldev->hog_default)) {
--- /dev/null
+From dc7a06b0dbbafac8623c2b7657e61362f2f479a7 Mon Sep 17 00:00:00 2001
+From: Nicolas Belin <nbelin@baylibre.com>
+Date: Thu, 20 Feb 2020 14:15:12 +0100
+Subject: pinctrl: meson-gxl: fix GPIOX sdio pins
+
+From: Nicolas Belin <nbelin@baylibre.com>
+
+commit dc7a06b0dbbafac8623c2b7657e61362f2f479a7 upstream.
+
+In the gxl driver, the sdio cmd and clk pins are inverted. It has not caused
+any issue so far because devices using these pins always take both pins
+so the resulting configuration is OK.
+
+Fixes: 0f15f500ff2c ("pinctrl: meson: Add GXL pinctrl definitions")
+Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
+Signed-off-by: Nicolas Belin <nbelin@baylibre.com>
+Link: https://lore.kernel.org/r/1582204512-7582-1-git-send-email-nbelin@baylibre.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pinctrl/meson/pinctrl-meson-gxl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/pinctrl/meson/pinctrl-meson-gxl.c
++++ b/drivers/pinctrl/meson/pinctrl-meson-gxl.c
+@@ -158,8 +158,8 @@ static const unsigned int sdio_d0_pins[]
+ static const unsigned int sdio_d1_pins[] = { PIN(GPIOX_1, EE_OFF) };
+ static const unsigned int sdio_d2_pins[] = { PIN(GPIOX_2, EE_OFF) };
+ static const unsigned int sdio_d3_pins[] = { PIN(GPIOX_3, EE_OFF) };
+-static const unsigned int sdio_cmd_pins[] = { PIN(GPIOX_4, EE_OFF) };
+-static const unsigned int sdio_clk_pins[] = { PIN(GPIOX_5, EE_OFF) };
++static const unsigned int sdio_clk_pins[] = { PIN(GPIOX_4, EE_OFF) };
++static const unsigned int sdio_cmd_pins[] = { PIN(GPIOX_5, EE_OFF) };
+ static const unsigned int sdio_irq_pins[] = { PIN(GPIOX_7, EE_OFF) };
+
+ static const unsigned int nand_ce0_pins[] = { PIN(BOOT_8, EE_OFF) };
iommu-dma-fix-msi-reservation-allocation.patch
iommu-vt-d-dmar-replace-warn_taint-with-pr_warn-add_taint.patch
iommu-vt-d-fix-a-bug-in-intel_iommu_iova_to_phys-for-huge-page.patch
+batman-adv-don-t-schedule-ogm-for-disabled-interface.patch
+pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch
+pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch
+nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch
+nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch
+nl80211-add-missing-attribute-validation-for-channel-switch.patch
+netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
