]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
Fixes for 4.19
authorSasha Levin <sashal@kernel.org>
Tue, 28 Mar 2023 10:07:04 +0000 (06:07 -0400)
committerSasha Levin <sashal@kernel.org>
Tue, 28 Mar 2023 10:07:04 +0000 (06:07 -0400)
Signed-off-by: Sasha Levin <sashal@kernel.org>
queue-4.19/ca8210-fix-mac_len-negative-array-access.patch [new file with mode: 0644]
queue-4.19/m68k-only-force-030-bus-error-if-pc-not-in-exception.patch [new file with mode: 0644]
queue-4.19/net-usb-cdc_mbim-avoid-altsetting-toggling-for-telit.patch [new file with mode: 0644]
queue-4.19/net-usb-qmi_wwan-add-telit-0x1080-composition.patch [new file with mode: 0644]
queue-4.19/riscv-bump-command_line_size-value-to-1024.patch [new file with mode: 0644]
queue-4.19/scsi-target-iscsi-fix-an-error-message-in-iscsi_chec.patch [new file with mode: 0644]
queue-4.19/scsi-ufs-core-add-soft-dependency-on-governor_simple.patch [new file with mode: 0644]
queue-4.19/series
queue-4.19/sh-sanitize-the-flags-on-sigreturn.patch [new file with mode: 0644]

diff --git a/queue-4.19/ca8210-fix-mac_len-negative-array-access.patch b/queue-4.19/ca8210-fix-mac_len-negative-array-access.patch
new file mode 100644 (file)
index 0000000..4cd0718
--- /dev/null
@@ -0,0 +1,37 @@
+From d3358c596a7791cb73009293d12088c384163ca3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 16 Feb 2023 23:25:04 -0500
+Subject: ca8210: fix mac_len negative array access
+
+From: Alexander Aring <aahringo@redhat.com>
+
+[ Upstream commit 6c993779ea1d0cccdb3a5d7d45446dd229e610a3 ]
+
+This patch fixes a buffer overflow access of skb->data if
+ieee802154_hdr_peek_addrs() fails.
+
+Reported-by: lianhui tang <bluetlh@gmail.com>
+Signed-off-by: Alexander Aring <aahringo@redhat.com>
+Link: https://lore.kernel.org/r/20230217042504.3303396-1-aahringo@redhat.com
+Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ieee802154/ca8210.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c
+index 917edb3d04b78..2d4471b77fa7c 100644
+--- a/drivers/net/ieee802154/ca8210.c
++++ b/drivers/net/ieee802154/ca8210.c
+@@ -1954,6 +1954,8 @@ static int ca8210_skb_tx(
+        * packet
+        */
+       mac_len = ieee802154_hdr_peek_addrs(skb, &header);
++      if (mac_len < 0)
++              return mac_len;
+       secspec.security_level = header.sec.level;
+       secspec.key_id_mode = header.sec.key_id_mode;
+-- 
+2.39.2
+
diff --git a/queue-4.19/m68k-only-force-030-bus-error-if-pc-not-in-exception.patch b/queue-4.19/m68k-only-force-030-bus-error-if-pc-not-in-exception.patch
new file mode 100644 (file)
index 0000000..38cc08a
--- /dev/null
@@ -0,0 +1,75 @@
+From 26358b8227862fc62c1ef738f21f82d2e53612e0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 1 Mar 2023 15:11:07 +1300
+Subject: m68k: Only force 030 bus error if PC not in exception table
+
+From: Michael Schmitz <schmitzmic@gmail.com>
+
+[ Upstream commit e36a82bebbf7da814530d5a179bef9df5934b717 ]
+
+__get_kernel_nofault() does copy data in supervisor mode when
+forcing a task backtrace log through /proc/sysrq_trigger.
+This is expected cause a bus error exception on e.g. NULL
+pointer dereferencing when logging a kernel task has no
+workqueue associated. This bus error ought to be ignored.
+
+Our 030 bus error handler is ill equipped to deal with this:
+
+Whenever ssw indicates a kernel mode access on a data fault,
+we don't even attempt to handle the fault and instead always
+send a SEGV signal (or panic). As a result, the check
+for exception handling at the fault PC (buried in
+send_sig_fault() which gets called from do_page_fault()
+eventually) is never used.
+
+In contrast, both 040 and 060 access error handlers do not
+care whether a fault happened on supervisor mode access,
+and will call do_page_fault() on those, ultimately honoring
+the exception table.
+
+Add a check in bus_error030 to call do_page_fault() in case
+we do have an entry for the fault PC in our exception table.
+
+I had attempted a fix for this earlier in 2019 that did rely
+on testing pagefault_disabled() (see link below) to achieve
+the same thing, but this patch should be more generic.
+
+Tested on 030 Atari Falcon.
+
+Reported-by: Eero Tamminen <oak@helsinkinet.fi>
+Link: https://lore.kernel.org/r/alpine.LNX.2.21.1904091023540.25@nippy.intranet
+Link: https://lore.kernel.org/r/63130691-1984-c423-c1f2-73bfd8d3dcd3@gmail.com
+Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
+Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Link: https://lore.kernel.org/r/20230301021107.26307-1-schmitzmic@gmail.com
+Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/m68k/kernel/traps.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/arch/m68k/kernel/traps.c b/arch/m68k/kernel/traps.c
+index 9b70a7f5e7058..35f706d836c50 100644
+--- a/arch/m68k/kernel/traps.c
++++ b/arch/m68k/kernel/traps.c
+@@ -30,6 +30,7 @@
+ #include <linux/init.h>
+ #include <linux/ptrace.h>
+ #include <linux/kallsyms.h>
++#include <linux/extable.h>
+ #include <asm/setup.h>
+ #include <asm/fpu.h>
+@@ -550,7 +551,8 @@ static inline void bus_error030 (struct frame *fp)
+                       errorcode |= 2;
+               if (mmusr & (MMU_I | MMU_WP)) {
+-                      if (ssw & 4) {
++                      /* We might have an exception table for this PC */
++                      if (ssw & 4 && !search_exception_tables(fp->ptregs.pc)) {
+                               pr_err("Data %s fault at %#010lx in %s (pc=%#lx)\n",
+                                      ssw & RW ? "read" : "write",
+                                      fp->un.fmtb.daddr,
+-- 
+2.39.2
+
diff --git a/queue-4.19/net-usb-cdc_mbim-avoid-altsetting-toggling-for-telit.patch b/queue-4.19/net-usb-cdc_mbim-avoid-altsetting-toggling-for-telit.patch
new file mode 100644 (file)
index 0000000..c49952d
--- /dev/null
@@ -0,0 +1,39 @@
+From 89072214a63b1f2459537480e26e4dc7dd14ec3e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Mar 2023 12:59:33 +0100
+Subject: net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
+
+From: Enrico Sau <enrico.sau@gmail.com>
+
+[ Upstream commit 418383e6ed6b4624a54ec05c535f13d184fbf33b ]
+
+Add quirk CDC_MBIM_FLAG_AVOID_ALTSETTING_TOGGLE for Telit FE990
+0x1081 composition in order to avoid bind error.
+
+Signed-off-by: Enrico Sau <enrico.sau@gmail.com>
+Link: https://lore.kernel.org/r/20230306115933.198259-1-enrico.sau@gmail.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/cdc_mbim.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c
+index 41bac861ca99d..72a93dc2df868 100644
+--- a/drivers/net/usb/cdc_mbim.c
++++ b/drivers/net/usb/cdc_mbim.c
+@@ -665,6 +665,11 @@ static const struct usb_device_id mbim_devs[] = {
+         .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle,
+       },
++      /* Telit FE990 */
++      { USB_DEVICE_AND_INTERFACE_INFO(0x1bc7, 0x1081, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE),
++        .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle,
++      },
++
+       /* default entry */
+       { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE),
+         .driver_info = (unsigned long)&cdc_mbim_info_zlp,
+-- 
+2.39.2
+
diff --git a/queue-4.19/net-usb-qmi_wwan-add-telit-0x1080-composition.patch b/queue-4.19/net-usb-qmi_wwan-add-telit-0x1080-composition.patch
new file mode 100644 (file)
index 0000000..87c5080
--- /dev/null
@@ -0,0 +1,36 @@
+From 666bd695cdbfef4fccc7c6f91cce053cdb31b2c6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Mar 2023 13:05:28 +0100
+Subject: net: usb: qmi_wwan: add Telit 0x1080 composition
+
+From: Enrico Sau <enrico.sau@gmail.com>
+
+[ Upstream commit 382e363d5bed0cec5807b35761d14e55955eee63 ]
+
+Add the following Telit FE990 composition:
+
+0x1080: tty, adb, rmnet, tty, tty, tty, tty
+
+Signed-off-by: Enrico Sau <enrico.sau@gmail.com>
+Link: https://lore.kernel.org/r/20230306120528.198842-1-enrico.sau@gmail.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/qmi_wwan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
+index 24ce49b311c4c..5417932242e77 100644
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1322,6 +1322,7 @@ static const struct usb_device_id products[] = {
+       {QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */
+       {QMI_QUIRK_SET_DTR(0x1bc7, 0x1060, 2)}, /* Telit LN920 */
+       {QMI_QUIRK_SET_DTR(0x1bc7, 0x1070, 2)}, /* Telit FN990 */
++      {QMI_QUIRK_SET_DTR(0x1bc7, 0x1080, 2)}, /* Telit FE990 */
+       {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)},    /* Telit ME910 */
+       {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)},    /* Telit ME910 dual modem */
+       {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)},    /* Telit LE920 */
+-- 
+2.39.2
+
diff --git a/queue-4.19/riscv-bump-command_line_size-value-to-1024.patch b/queue-4.19/riscv-bump-command_line_size-value-to-1024.patch
new file mode 100644 (file)
index 0000000..520d520
--- /dev/null
@@ -0,0 +1,46 @@
+From f6253e06753d3638a086be2865578b633ea7817a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 16 Mar 2021 15:34:20 -0400
+Subject: riscv: Bump COMMAND_LINE_SIZE value to 1024
+
+From: Alexandre Ghiti <alex@ghiti.fr>
+
+[ Upstream commit 61fc1ee8be26bc192d691932b0a67eabee45d12f ]
+
+Increase COMMAND_LINE_SIZE as the current default value is too low
+for syzbot kernel command line.
+
+There has been considerable discussion on this patch that has led to a
+larger patch set removing COMMAND_LINE_SIZE from the uapi headers on all
+ports.  That's not quite done yet, but it's gotten far enough we're
+confident this is not a uABI change so this is safe.
+
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Signed-off-by: Alexandre Ghiti <alex@ghiti.fr>
+Link: https://lore.kernel.org/r/20210316193420.904-1-alex@ghiti.fr
+[Palmer: it's not uabi]
+Link: https://lore.kernel.org/linux-riscv/874b8076-b0d1-4aaa-bcd8-05d523060152@app.fastmail.com/#t
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/include/uapi/asm/setup.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+ create mode 100644 arch/riscv/include/uapi/asm/setup.h
+
+diff --git a/arch/riscv/include/uapi/asm/setup.h b/arch/riscv/include/uapi/asm/setup.h
+new file mode 100644
+index 0000000000000..66b13a5228808
+--- /dev/null
++++ b/arch/riscv/include/uapi/asm/setup.h
+@@ -0,0 +1,8 @@
++/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
++
++#ifndef _UAPI_ASM_RISCV_SETUP_H
++#define _UAPI_ASM_RISCV_SETUP_H
++
++#define COMMAND_LINE_SIZE     1024
++
++#endif /* _UAPI_ASM_RISCV_SETUP_H */
+-- 
+2.39.2
+
diff --git a/queue-4.19/scsi-target-iscsi-fix-an-error-message-in-iscsi_chec.patch b/queue-4.19/scsi-target-iscsi-fix-an-error-message-in-iscsi_chec.patch
new file mode 100644 (file)
index 0000000..175afc0
--- /dev/null
@@ -0,0 +1,55 @@
+From f1724af3b055810b37712d4f7916ee37f878d6ba Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Feb 2023 15:15:56 +0100
+Subject: scsi: target: iscsi: Fix an error message in iscsi_check_key()
+
+From: Maurizio Lombardi <mlombard@redhat.com>
+
+[ Upstream commit 6cc55c969b7ce8d85e09a636693d4126c3676c11 ]
+
+The first half of the error message is printed by pr_err(), the second half
+is printed by pr_debug(). The user will therefore see only the first part
+of the message and will miss some useful information.
+
+Link: https://lore.kernel.org/r/20230214141556.762047-1-mlombard@redhat.com
+Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
+Reviewed-by: Mike Christie <michael.christie@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/target/iscsi/iscsi_target_parameters.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c
+index 29a37b242d30a..01f93de93c8c7 100644
+--- a/drivers/target/iscsi/iscsi_target_parameters.c
++++ b/drivers/target/iscsi/iscsi_target_parameters.c
+@@ -1270,18 +1270,20 @@ static struct iscsi_param *iscsi_check_key(
+               return param;
+       if (!(param->phase & phase)) {
+-              pr_err("Key \"%s\" may not be negotiated during ",
+-                              param->name);
++              char *phase_name;
++
+               switch (phase) {
+               case PHASE_SECURITY:
+-                      pr_debug("Security phase.\n");
++                      phase_name = "Security";
+                       break;
+               case PHASE_OPERATIONAL:
+-                      pr_debug("Operational phase.\n");
++                      phase_name = "Operational";
+                       break;
+               default:
+-                      pr_debug("Unknown phase.\n");
++                      phase_name = "Unknown";
+               }
++              pr_err("Key \"%s\" may not be negotiated during %s phase.\n",
++                              param->name, phase_name);
+               return NULL;
+       }
+-- 
+2.39.2
+
diff --git a/queue-4.19/scsi-ufs-core-add-soft-dependency-on-governor_simple.patch b/queue-4.19/scsi-ufs-core-add-soft-dependency-on-governor_simple.patch
new file mode 100644 (file)
index 0000000..482aecc
--- /dev/null
@@ -0,0 +1,36 @@
+From 4b38a043ea7f79451d095f79896a7aa1061d352e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 20 Feb 2023 09:07:40 -0500
+Subject: scsi: ufs: core: Add soft dependency on governor_simpleondemand
+
+From: Adrien Thierry <athierry@redhat.com>
+
+[ Upstream commit 2ebe16155dc8bd4e602cad5b5f65458d2eaa1a75 ]
+
+The ufshcd driver uses simpleondemand governor for devfreq. Add it to the
+list of ufshcd softdeps to allow userspace initramfs tools like dracut to
+automatically pull the governor module into the initramfs together with UFS
+drivers.
+
+Link: https://lore.kernel.org/r/20230220140740.14379-1-athierry@redhat.com
+Signed-off-by: Adrien Thierry <athierry@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/ufs/ufshcd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
+index abc156cf05f60..b45cd6c98bad7 100644
+--- a/drivers/scsi/ufs/ufshcd.c
++++ b/drivers/scsi/ufs/ufshcd.c
+@@ -8228,5 +8228,6 @@ EXPORT_SYMBOL_GPL(ufshcd_init);
+ MODULE_AUTHOR("Santosh Yaragnavi <santosh.sy@samsung.com>");
+ MODULE_AUTHOR("Vinayak Holikatti <h.vinayak@samsung.com>");
+ MODULE_DESCRIPTION("Generic UFS host controller driver Core");
++MODULE_SOFTDEP("pre: governor_simpleondemand");
+ MODULE_LICENSE("GPL");
+ MODULE_VERSION(UFSHCD_DRIVER_VERSION);
+-- 
+2.39.2
+
index 6ef54332e8d442da50c5433167e191b83707feaf..9ff10ce25243e88aa6caeb9f67b77b906d9217e7 100644 (file)
@@ -25,3 +25,11 @@ bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re.patch
 hwmon-it87-fix-voltage-scaling-for-chips-with-10.9mv.patch
 uas-add-us_fl_no_report_opcodes-for-jmicron-jms583gen-2.patch
 thunderbolt-use-const-qualifier-for-ring_interrupt_index.patch
+riscv-bump-command_line_size-value-to-1024.patch
+ca8210-fix-mac_len-negative-array-access.patch
+m68k-only-force-030-bus-error-if-pc-not-in-exception.patch
+scsi-target-iscsi-fix-an-error-message-in-iscsi_chec.patch
+scsi-ufs-core-add-soft-dependency-on-governor_simple.patch
+net-usb-cdc_mbim-avoid-altsetting-toggling-for-telit.patch
+net-usb-qmi_wwan-add-telit-0x1080-composition.patch
+sh-sanitize-the-flags-on-sigreturn.patch
diff --git a/queue-4.19/sh-sanitize-the-flags-on-sigreturn.patch b/queue-4.19/sh-sanitize-the-flags-on-sigreturn.patch
new file mode 100644 (file)
index 0000000..9cda755
--- /dev/null
@@ -0,0 +1,58 @@
+From 6ebd73e0ab0dee889bb67c906de0f8b6b8e9f941 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Mar 2023 01:20:30 +0000
+Subject: sh: sanitize the flags on sigreturn
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+[ Upstream commit 573b22ccb7ce9ab7f0539a2e11a9d3609a8783f5 ]
+
+We fetch %SR value from sigframe; it might have been modified by signal
+handler, so we can't trust it with any bits that are not modifiable in
+user mode.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Rich Felker <dalias@libc.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/sh/include/asm/processor_32.h | 1 +
+ arch/sh/kernel/signal_32.c         | 3 +++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/arch/sh/include/asm/processor_32.h b/arch/sh/include/asm/processor_32.h
+index 95100d8a0b7b4..fc94603724b86 100644
+--- a/arch/sh/include/asm/processor_32.h
++++ b/arch/sh/include/asm/processor_32.h
+@@ -57,6 +57,7 @@
+ #define SR_FD         0x00008000
+ #define SR_MD         0x40000000
++#define SR_USER_MASK  0x00000303      // M, Q, S, T bits
+ /*
+  * DSP structure and data
+  */
+diff --git a/arch/sh/kernel/signal_32.c b/arch/sh/kernel/signal_32.c
+index c46c0020ff55e..ce93ae78c3002 100644
+--- a/arch/sh/kernel/signal_32.c
++++ b/arch/sh/kernel/signal_32.c
+@@ -116,6 +116,7 @@ static int
+ restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc, int *r0_p)
+ {
+       unsigned int err = 0;
++      unsigned int sr = regs->sr & ~SR_USER_MASK;
+ #define COPY(x)               err |= __get_user(regs->x, &sc->sc_##x)
+                       COPY(regs[1]);
+@@ -131,6 +132,8 @@ restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc, int *r0_p
+       COPY(sr);       COPY(pc);
+ #undef COPY
++      regs->sr = (regs->sr & SR_USER_MASK) | sr;
++
+ #ifdef CONFIG_SH_FPU
+       if (boot_cpu_data.flags & CPU_HAS_FPU) {
+               int owned_fp;
+-- 
+2.39.2
+