]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
4.14-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 27 Feb 2020 10:14:42 +0000 (11:14 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 27 Feb 2020 10:14:42 +0000 (11:14 +0100)
added patches:
ecryptfs-replace-bug_on-with-error-handling-code.patch
genirq-proc-reject-invalid-affinity-masks-again.patch
iommu-vt-d-fix-compile-warning-from-intel-svm.h.patch
scsi-revert-rdma-isert-fix-a-recently-introduced-regression-related-to-logout.patch
scsi-revert-target-iscsi-wait-for-all-commands-to-finish-before-freeing-a-session.patch
staging-greybus-use-after-free-in-gb_audio_manager_remove_all.patch
staging-rtl8723bs-fix-copy-of-overlapping-memory.patch
usb-gadget-composite-fix-bmaxpower-for-superspeedplus.patch

queue-4.14/ecryptfs-replace-bug_on-with-error-handling-code.patch [new file with mode: 0644]
queue-4.14/genirq-proc-reject-invalid-affinity-masks-again.patch [new file with mode: 0644]
queue-4.14/iommu-vt-d-fix-compile-warning-from-intel-svm.h.patch [new file with mode: 0644]
queue-4.14/scsi-revert-rdma-isert-fix-a-recently-introduced-regression-related-to-logout.patch [new file with mode: 0644]
queue-4.14/scsi-revert-target-iscsi-wait-for-all-commands-to-finish-before-freeing-a-session.patch [new file with mode: 0644]
queue-4.14/series
queue-4.14/staging-greybus-use-after-free-in-gb_audio_manager_remove_all.patch [new file with mode: 0644]
queue-4.14/staging-rtl8723bs-fix-copy-of-overlapping-memory.patch [new file with mode: 0644]
queue-4.14/usb-gadget-composite-fix-bmaxpower-for-superspeedplus.patch [new file with mode: 0644]

diff --git a/queue-4.14/ecryptfs-replace-bug_on-with-error-handling-code.patch b/queue-4.14/ecryptfs-replace-bug_on-with-error-handling-code.patch
new file mode 100644 (file)
index 0000000..5c75d25
--- /dev/null
@@ -0,0 +1,39 @@
+From 2c2a7552dd6465e8fde6bc9cccf8d66ed1c1eb72 Mon Sep 17 00:00:00 2001
+From: Aditya Pakki <pakki001@umn.edu>
+Date: Fri, 14 Feb 2020 12:21:01 -0600
+Subject: ecryptfs: replace BUG_ON with error handling code
+
+From: Aditya Pakki <pakki001@umn.edu>
+
+commit 2c2a7552dd6465e8fde6bc9cccf8d66ed1c1eb72 upstream.
+
+In crypt_scatterlist, if the crypt_stat argument is not set up
+correctly, the kernel crashes. Instead, by returning an error code
+upstream, the error is handled safely.
+
+The issue is detected via a static analysis tool written by us.
+
+Fixes: 237fead619984 (ecryptfs: fs/Makefile and fs/Kconfig)
+Signed-off-by: Aditya Pakki <pakki001@umn.edu>
+Signed-off-by: Tyler Hicks <code@tyhicks.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ecryptfs/crypto.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/fs/ecryptfs/crypto.c
++++ b/fs/ecryptfs/crypto.c
+@@ -339,8 +339,10 @@ static int crypt_scatterlist(struct ecry
+       struct extent_crypt_result ecr;
+       int rc = 0;
+-      BUG_ON(!crypt_stat || !crypt_stat->tfm
+-             || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
++      if (!crypt_stat || !crypt_stat->tfm
++             || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
++              return -EINVAL;
++
+       if (unlikely(ecryptfs_verbosity > 0)) {
+               ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
+                               crypt_stat->key_size);
diff --git a/queue-4.14/genirq-proc-reject-invalid-affinity-masks-again.patch b/queue-4.14/genirq-proc-reject-invalid-affinity-masks-again.patch
new file mode 100644 (file)
index 0000000..dfa1beb
--- /dev/null
@@ -0,0 +1,128 @@
+From cba6437a1854fde5934098ec3bd0ee83af3129f5 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 12 Feb 2020 12:19:41 +0100
+Subject: genirq/proc: Reject invalid affinity masks (again)
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit cba6437a1854fde5934098ec3bd0ee83af3129f5 upstream.
+
+Qian Cai reported that the WARN_ON() in the x86/msi affinity setting code,
+which catches cases where the affinity setting is not done on the CPU which
+is the current target of the interrupt, triggers during CPU hotplug stress
+testing.
+
+It turns out that the warning which was added with the commit addressing
+the MSI affinity race unearthed yet another long standing bug.
+
+If user space writes a bogus affinity mask, i.e. it contains no online CPUs,
+then it calls irq_select_affinity_usr(). This was introduced for ALPHA in
+
+  eee45269b0f5 ("[PATCH] Alpha: convert to generic irq framework (generic part)")
+
+and subsequently made available for all architectures in
+
+  18404756765c ("genirq: Expose default irq affinity mask (take 3)")
+
+which introduced the circumvention of the affinity setting restrictions for
+interrupt which cannot be moved in process context.
+
+The whole exercise is bogus in various aspects:
+
+  1) If the interrupt is already started up then there is absolutely
+     no point to honour a bogus interrupt affinity setting from user
+     space. The interrupt is already assigned to an online CPU and it
+     does not make any sense to reassign it to some other randomly
+     chosen online CPU.
+
+  2) If the interupt is not yet started up then there is no point
+     either. A subsequent startup of the interrupt will invoke
+     irq_setup_affinity() anyway which will chose a valid target CPU.
+
+So the only correct solution is to just return -EINVAL in case user space
+wrote an affinity mask which does not contain any online CPUs, except for
+ALPHA which has it's own magic sauce for this.
+
+Fixes: 18404756765c ("genirq: Expose default irq affinity mask (take 3)")
+Reported-by: Qian Cai <cai@lca.pw>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: Qian Cai <cai@lca.pw>
+Link: https://lkml.kernel.org/r/878sl8xdbm.fsf@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/irq/internals.h |    2 --
+ kernel/irq/manage.c    |   18 ++----------------
+ kernel/irq/proc.c      |   22 ++++++++++++++++++++++
+ 3 files changed, 24 insertions(+), 18 deletions(-)
+
+--- a/kernel/irq/internals.h
++++ b/kernel/irq/internals.h
+@@ -119,8 +119,6 @@ static inline void unregister_handler_pr
+ extern bool irq_can_set_affinity_usr(unsigned int irq);
+-extern int irq_select_affinity_usr(unsigned int irq);
+-
+ extern void irq_set_thread_affinity(struct irq_desc *desc);
+ extern int irq_do_set_affinity(struct irq_data *data,
+--- a/kernel/irq/manage.c
++++ b/kernel/irq/manage.c
+@@ -382,23 +382,9 @@ int irq_setup_affinity(struct irq_desc *
+ {
+       return irq_select_affinity(irq_desc_get_irq(desc));
+ }
+-#endif
++#endif /* CONFIG_AUTO_IRQ_AFFINITY */
++#endif /* CONFIG_SMP */
+-/*
+- * Called when a bogus affinity is set via /proc/irq
+- */
+-int irq_select_affinity_usr(unsigned int irq)
+-{
+-      struct irq_desc *desc = irq_to_desc(irq);
+-      unsigned long flags;
+-      int ret;
+-
+-      raw_spin_lock_irqsave(&desc->lock, flags);
+-      ret = irq_setup_affinity(desc);
+-      raw_spin_unlock_irqrestore(&desc->lock, flags);
+-      return ret;
+-}
+-#endif
+ /**
+  *    irq_set_vcpu_affinity - Set vcpu affinity for the interrupt
+--- a/kernel/irq/proc.c
++++ b/kernel/irq/proc.c
+@@ -117,6 +117,28 @@ static int irq_affinity_list_proc_show(s
+       return show_irq_affinity(AFFINITY_LIST, m);
+ }
++#ifndef CONFIG_AUTO_IRQ_AFFINITY
++static inline int irq_select_affinity_usr(unsigned int irq)
++{
++      /*
++       * If the interrupt is started up already then this fails. The
++       * interrupt is assigned to an online CPU already. There is no
++       * point to move it around randomly. Tell user space that the
++       * selected mask is bogus.
++       *
++       * If not then any change to the affinity is pointless because the
++       * startup code invokes irq_setup_affinity() which will select
++       * a online CPU anyway.
++       */
++      return -EINVAL;
++}
++#else
++/* ALPHA magic affinity auto selector. Keep it for historical reasons. */
++static inline int irq_select_affinity_usr(unsigned int irq)
++{
++      return irq_select_affinity(irq);
++}
++#endif
+ static ssize_t write_irq_affinity(int type, struct file *file,
+               const char __user *buffer, size_t count, loff_t *pos)
diff --git a/queue-4.14/iommu-vt-d-fix-compile-warning-from-intel-svm.h.patch b/queue-4.14/iommu-vt-d-fix-compile-warning-from-intel-svm.h.patch
new file mode 100644 (file)
index 0000000..53df956
--- /dev/null
@@ -0,0 +1,41 @@
+From e7598fac323aad0e502415edeffd567315994dd6 Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <jroedel@suse.de>
+Date: Mon, 10 Feb 2020 10:36:56 +0100
+Subject: iommu/vt-d: Fix compile warning from intel-svm.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Joerg Roedel <jroedel@suse.de>
+
+commit e7598fac323aad0e502415edeffd567315994dd6 upstream.
+
+The intel_svm_is_pasid_valid() needs to be marked inline, otherwise it
+causes the compile warning below:
+
+  CC [M]  drivers/dma/idxd/cdev.o
+In file included from drivers/dma/idxd/cdev.c:9:0:
+./include/linux/intel-svm.h:125:12: warning: â€˜intel_svm_is_pasid_valid’ defined but not used [-Wunused-function]
+ static int intel_svm_is_pasid_valid(struct device *dev, int pasid)
+            ^~~~~~~~~~~~~~~~~~~~~~~~
+
+Reported-by: Borislav Petkov <bp@alien8.de>
+Fixes: 15060aba71711 ('iommu/vt-d: Helper function to query if a pasid has any active users')
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/intel-svm.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/intel-svm.h
++++ b/include/linux/intel-svm.h
+@@ -130,7 +130,7 @@ static inline int intel_svm_unbind_mm(st
+       BUG();
+ }
+-static int intel_svm_is_pasid_valid(struct device *dev, int pasid)
++static inline int intel_svm_is_pasid_valid(struct device *dev, int pasid)
+ {
+       return -EINVAL;
+ }
diff --git a/queue-4.14/scsi-revert-rdma-isert-fix-a-recently-introduced-regression-related-to-logout.patch b/queue-4.14/scsi-revert-rdma-isert-fix-a-recently-introduced-regression-related-to-logout.patch
new file mode 100644 (file)
index 0000000..284b77c
--- /dev/null
@@ -0,0 +1,77 @@
+From 76261ada16dcc3be610396a46d35acc3efbda682 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Wed, 12 Feb 2020 21:08:59 -0800
+Subject: scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
+
+From: Bart Van Assche <bvanassche@acm.org>
+
+commit 76261ada16dcc3be610396a46d35acc3efbda682 upstream.
+
+Since commit 04060db41178 introduces soft lockups when toggling network
+interfaces, revert it.
+
+Link: https://marc.info/?l=target-devel&m=158157054906196
+Cc: Rahul Kundu <rahul.kundu@chelsio.com>
+Cc: Mike Marciniszyn <mike.marciniszyn@intel.com>
+Cc: Sagi Grimberg <sagi@grimberg.me>
+Reported-by: Dakshaja Uppalapati <dakshaja@chelsio.com>
+Fixes: 04060db41178 ("scsi: RDMA/isert: Fix a recently introduced regression related to logout")
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/ulp/isert/ib_isert.c |   12 ++++++++++++
+ drivers/target/iscsi/iscsi_target.c     |    6 +++---
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+--- a/drivers/infiniband/ulp/isert/ib_isert.c
++++ b/drivers/infiniband/ulp/isert/ib_isert.c
+@@ -2582,6 +2582,17 @@ isert_wait4logout(struct isert_conn *ise
+       }
+ }
++static void
++isert_wait4cmds(struct iscsi_conn *conn)
++{
++      isert_info("iscsi_conn %p\n", conn);
++
++      if (conn->sess) {
++              target_sess_cmd_list_set_waiting(conn->sess->se_sess);
++              target_wait_for_sess_cmds(conn->sess->se_sess);
++      }
++}
++
+ /**
+  * isert_put_unsol_pending_cmds() - Drop commands waiting for
+  *     unsolicitate dataout
+@@ -2629,6 +2640,7 @@ static void isert_wait_conn(struct iscsi
+       ib_drain_qp(isert_conn->qp);
+       isert_put_unsol_pending_cmds(conn);
++      isert_wait4cmds(conn);
+       isert_wait4logout(isert_conn);
+       queue_work(isert_release_wq, &isert_conn->release_work);
+--- a/drivers/target/iscsi/iscsi_target.c
++++ b/drivers/target/iscsi/iscsi_target.c
+@@ -4155,6 +4155,9 @@ int iscsit_close_connection(
+       iscsit_stop_nopin_response_timer(conn);
+       iscsit_stop_nopin_timer(conn);
++      if (conn->conn_transport->iscsit_wait_conn)
++              conn->conn_transport->iscsit_wait_conn(conn);
++
+       /*
+        * During Connection recovery drop unacknowledged out of order
+        * commands for this connection, and prepare the other commands
+@@ -4240,9 +4243,6 @@ int iscsit_close_connection(
+       target_sess_cmd_list_set_waiting(sess->se_sess);
+       target_wait_for_sess_cmds(sess->se_sess);
+-      if (conn->conn_transport->iscsit_wait_conn)
+-              conn->conn_transport->iscsit_wait_conn(conn);
+-
+       ahash_request_free(conn->conn_tx_hash);
+       if (conn->conn_rx_hash) {
+               struct crypto_ahash *tfm;
diff --git a/queue-4.14/scsi-revert-target-iscsi-wait-for-all-commands-to-finish-before-freeing-a-session.patch b/queue-4.14/scsi-revert-target-iscsi-wait-for-all-commands-to-finish-before-freeing-a-session.patch
new file mode 100644 (file)
index 0000000..a2caf52
--- /dev/null
@@ -0,0 +1,70 @@
+From 807b9515b7d044cf77df31f1af9d842a76ecd5cb Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Wed, 12 Feb 2020 21:09:00 -0800
+Subject: scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
+
+From: Bart Van Assche <bvanassche@acm.org>
+
+commit 807b9515b7d044cf77df31f1af9d842a76ecd5cb upstream.
+
+Since commit e9d3009cb936 introduced a regression and since the fix for
+that regression was not perfect, revert this commit.
+
+Link: https://marc.info/?l=target-devel&m=158157054906195
+Cc: Rahul Kundu <rahul.kundu@chelsio.com>
+Cc: Mike Marciniszyn <mike.marciniszyn@intel.com>
+Cc: Sagi Grimberg <sagi@grimberg.me>
+Reported-by: Dakshaja Uppalapati <dakshaja@chelsio.com>
+Fixes: e9d3009cb936 ("scsi: target: iscsi: Wait for all commands to finish before freeing a session")
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/iscsi/iscsi_target.c |   10 ++--------
+ include/scsi/iscsi_proto.h          |    1 -
+ 2 files changed, 2 insertions(+), 9 deletions(-)
+
+--- a/drivers/target/iscsi/iscsi_target.c
++++ b/drivers/target/iscsi/iscsi_target.c
+@@ -1158,9 +1158,7 @@ int iscsit_setup_scsi_cmd(struct iscsi_c
+               hdr->cmdsn, be32_to_cpu(hdr->data_length), payload_length,
+               conn->cid);
+-      if (target_get_sess_cmd(&cmd->se_cmd, true) < 0)
+-              return iscsit_add_reject_cmd(cmd,
+-                              ISCSI_REASON_WAITING_FOR_LOGOUT, buf);
++      target_get_sess_cmd(&cmd->se_cmd, true);
+       cmd->sense_reason = transport_lookup_cmd_lun(&cmd->se_cmd,
+                                                    scsilun_to_int(&hdr->lun));
+@@ -2006,9 +2004,7 @@ iscsit_handle_task_mgt_cmd(struct iscsi_
+                             conn->sess->se_sess, 0, DMA_NONE,
+                             TCM_SIMPLE_TAG, cmd->sense_buffer + 2);
+-      if (target_get_sess_cmd(&cmd->se_cmd, true) < 0)
+-              return iscsit_add_reject_cmd(cmd,
+-                              ISCSI_REASON_WAITING_FOR_LOGOUT, buf);
++      target_get_sess_cmd(&cmd->se_cmd, true);
+       /*
+        * TASK_REASSIGN for ERL=2 / connection stays inside of
+@@ -4240,8 +4236,6 @@ int iscsit_close_connection(
+        * must wait until they have completed.
+        */
+       iscsit_check_conn_usage_count(conn);
+-      target_sess_cmd_list_set_waiting(sess->se_sess);
+-      target_wait_for_sess_cmds(sess->se_sess);
+       ahash_request_free(conn->conn_tx_hash);
+       if (conn->conn_rx_hash) {
+--- a/include/scsi/iscsi_proto.h
++++ b/include/scsi/iscsi_proto.h
+@@ -638,7 +638,6 @@ struct iscsi_reject {
+ #define ISCSI_REASON_BOOKMARK_INVALID 9
+ #define ISCSI_REASON_BOOKMARK_NO_RESOURCES    10
+ #define ISCSI_REASON_NEGOTIATION_RESET        11
+-#define ISCSI_REASON_WAITING_FOR_LOGOUT       12
+ /* Max. number of Key=Value pairs in a text message */
+ #define MAX_KEY_VALUE_PAIRS   8192
index 163edf18344b128d8cb26ddb58ed4729822d5d98..f7d46e8731a99164131b218b493ab33c35ba94a7 100644 (file)
@@ -220,3 +220,11 @@ kvm-apic-avoid-calculating-pending-eoi-from-an-uninitialized-val.patch
 btrfs-fix-bytes_may_use-underflow-in-prealloc-error-condtition.patch
 btrfs-do-not-check-delayed-items-are-empty-for-single-transaction-cleanup.patch
 btrfs-fix-btrfs_wait_ordered_range-so-that-it-waits-for-all-ordered-extents.patch
+scsi-revert-rdma-isert-fix-a-recently-introduced-regression-related-to-logout.patch
+scsi-revert-target-iscsi-wait-for-all-commands-to-finish-before-freeing-a-session.patch
+usb-gadget-composite-fix-bmaxpower-for-superspeedplus.patch
+staging-rtl8723bs-fix-copy-of-overlapping-memory.patch
+staging-greybus-use-after-free-in-gb_audio_manager_remove_all.patch
+ecryptfs-replace-bug_on-with-error-handling-code.patch
+iommu-vt-d-fix-compile-warning-from-intel-svm.h.patch
+genirq-proc-reject-invalid-affinity-masks-again.patch
diff --git a/queue-4.14/staging-greybus-use-after-free-in-gb_audio_manager_remove_all.patch b/queue-4.14/staging-greybus-use-after-free-in-gb_audio_manager_remove_all.patch
new file mode 100644 (file)
index 0000000..9b3ef2a
--- /dev/null
@@ -0,0 +1,36 @@
+From b7db58105b80fa9232719c8329b995b3addfab55 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 5 Feb 2020 15:32:17 +0300
+Subject: staging: greybus: use after free in gb_audio_manager_remove_all()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit b7db58105b80fa9232719c8329b995b3addfab55 upstream.
+
+When we call kobject_put() and it's the last reference to the kobject
+then it calls gb_audio_module_release() and frees module.  We dereference
+"module" on the next line which is a use after free.
+
+Fixes: c77f85bbc91a ("greybus: audio: Fix incorrect counting of 'ida'")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Vaibhav Agarwal <vaibhav.sr@gmail.com>
+Link: https://lore.kernel.org/r/20200205123217.jreendkyxulqsool@kili.mountain
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/greybus/audio_manager.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/greybus/audio_manager.c
++++ b/drivers/staging/greybus/audio_manager.c
+@@ -90,8 +90,8 @@ void gb_audio_manager_remove_all(void)
+       list_for_each_entry_safe(module, next, &modules_list, list) {
+               list_del(&module->list);
+-              kobject_put(&module->kobj);
+               ida_simple_remove(&module_id, module->id);
++              kobject_put(&module->kobj);
+       }
+       is_empty = list_empty(&modules_list);
diff --git a/queue-4.14/staging-rtl8723bs-fix-copy-of-overlapping-memory.patch b/queue-4.14/staging-rtl8723bs-fix-copy-of-overlapping-memory.patch
new file mode 100644 (file)
index 0000000..3a46e5a
--- /dev/null
@@ -0,0 +1,45 @@
+From 8ae9a588ca35eb9c32dc03299c5e1f4a1e9a9617 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Sun, 26 Jan 2020 22:05:49 +0000
+Subject: staging: rtl8723bs: fix copy of overlapping memory
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit 8ae9a588ca35eb9c32dc03299c5e1f4a1e9a9617 upstream.
+
+Currently the rtw_sprintf prints the contents of thread_name
+onto thread_name and this can lead to a potential copy of a
+string over itself. Avoid this by printing the literal string RTWHALXT
+instread of the contents of thread_name.
+
+Addresses-Coverity: ("copy of overlapping memory")
+Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Reviewed-by: Hans de Goede <hdegoede@redhat.com>
+Link: https://lore.kernel.org/r/20200126220549.9849-1-colin.king@canonical.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8723bs/hal/rtl8723bs_xmit.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/staging/rtl8723bs/hal/rtl8723bs_xmit.c
++++ b/drivers/staging/rtl8723bs/hal/rtl8723bs_xmit.c
+@@ -486,14 +486,13 @@ int rtl8723bs_xmit_thread(void *context)
+       s32 ret;
+       struct adapter *padapter;
+       struct xmit_priv *pxmitpriv;
+-      u8 thread_name[20] = "RTWHALXT";
+-
++      u8 thread_name[20];
+       ret = _SUCCESS;
+       padapter = context;
+       pxmitpriv = &padapter->xmitpriv;
+-      rtw_sprintf(thread_name, 20, "%s-"ADPT_FMT, thread_name, ADPT_ARG(padapter));
++      rtw_sprintf(thread_name, 20, "RTWHALXT-" ADPT_FMT, ADPT_ARG(padapter));
+       thread_enter(thread_name);
+       DBG_871X("start "FUNC_ADPT_FMT"\n", FUNC_ADPT_ARG(padapter));
diff --git a/queue-4.14/usb-gadget-composite-fix-bmaxpower-for-superspeedplus.patch b/queue-4.14/usb-gadget-composite-fix-bmaxpower-for-superspeedplus.patch
new file mode 100644 (file)
index 0000000..ee56401
--- /dev/null
@@ -0,0 +1,43 @@
+From c724417baf162bd3e035659e22cdf990cfb0d917 Mon Sep 17 00:00:00 2001
+From: Jack Pham <jackp@codeaurora.org>
+Date: Thu, 30 Jan 2020 19:10:35 -0800
+Subject: usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
+
+From: Jack Pham <jackp@codeaurora.org>
+
+commit c724417baf162bd3e035659e22cdf990cfb0d917 upstream.
+
+SuperSpeedPlus peripherals must report their bMaxPower of the
+configuration descriptor in units of 8mA as per the USB 3.2
+specification. The current switch statement in encode_bMaxPower()
+only checks for USB_SPEED_SUPER but not USB_SPEED_SUPER_PLUS so
+the latter falls back to USB 2.0 encoding which uses 2mA units.
+Replace the switch with a simple if/else.
+
+Fixes: eae5820b852f ("usb: gadget: composite: Write SuperSpeedPlus config descriptors")
+Signed-off-by: Jack Pham <jackp@codeaurora.org>
+Signed-off-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/composite.c |    8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+--- a/drivers/usb/gadget/composite.c
++++ b/drivers/usb/gadget/composite.c
+@@ -440,12 +440,10 @@ static u8 encode_bMaxPower(enum usb_devi
+               val = CONFIG_USB_GADGET_VBUS_DRAW;
+       if (!val)
+               return 0;
+-      switch (speed) {
+-      case USB_SPEED_SUPER:
+-              return DIV_ROUND_UP(val, 8);
+-      default:
++      if (speed < USB_SPEED_SUPER)
+               return DIV_ROUND_UP(val, 2);
+-      }
++      else
++              return DIV_ROUND_UP(val, 8);
+ }
+ static int config_buf(struct usb_configuration *config,