4.19-stable patches

added patches:
	cfg80211-fix-deadlocks-in-autodisconnect-work.patch
	cfg80211-fix-memory-leak-in-cfg80211_cqm_rssi_update.patch
	cfg80211-fix-page-refcount-issue-in-a-msdu-decap.patch

diff --git a/queue-4.19/cfg80211-fix-deadlocks-in-autodisconnect-work.patch b/queue-4.19/cfg80211-fix-deadlocks-in-autodisconnect-work.patch
new file mode 100644 (file)
index 0000000..494739b
--- /dev/null
+++ b/queue-4.19/cfg80211-fix-deadlocks-in-autodisconnect-work.patch
@@ -0,0 +1,42 @@
+From 5a128a088a2ab0b5190eeb232b5aa0b1017a0317 Mon Sep 17 00:00:00 2001
+From: Markus Theil <markus.theil@tu-ilmenau.de>
+Date: Wed, 8 Jan 2020 12:55:36 +0100
+Subject: cfg80211: fix deadlocks in autodisconnect work
+
+From: Markus Theil <markus.theil@tu-ilmenau.de>
+
+commit 5a128a088a2ab0b5190eeb232b5aa0b1017a0317 upstream.
+
+Use methods which do not try to acquire the wdev lock themselves.
+
+Cc: stable@vger.kernel.org
+Fixes: 37b1c004685a3 ("cfg80211: Support all iftypes in autodisconnect_wk")
+Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
+Link: https://lore.kernel.org/r/20200108115536.2262-1-markus.theil@tu-ilmenau.de
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/sme.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/wireless/sme.c
++++ b/net/wireless/sme.c
+@@ -1281,14 +1281,14 @@ void cfg80211_autodisconnect_wk(struct w
+       if (wdev->conn_owner_nlportid) {
+               switch (wdev->iftype) {
+               case NL80211_IFTYPE_ADHOC:
+-                      cfg80211_leave_ibss(rdev, wdev->netdev, false);
++                      __cfg80211_leave_ibss(rdev, wdev->netdev, false);
+                       break;
+               case NL80211_IFTYPE_AP:
+               case NL80211_IFTYPE_P2P_GO:
+-                      cfg80211_stop_ap(rdev, wdev->netdev, false);
++                      __cfg80211_stop_ap(rdev, wdev->netdev, false);
+                       break;
+               case NL80211_IFTYPE_MESH_POINT:
+-                      cfg80211_leave_mesh(rdev, wdev->netdev);
++                      __cfg80211_leave_mesh(rdev, wdev->netdev);
+                       break;
+               case NL80211_IFTYPE_STATION:
+               case NL80211_IFTYPE_P2P_CLIENT:

diff --git a/queue-4.19/cfg80211-fix-memory-leak-in-cfg80211_cqm_rssi_update.patch b/queue-4.19/cfg80211-fix-memory-leak-in-cfg80211_cqm_rssi_update.patch
new file mode 100644 (file)
index 0000000..e753826
--- /dev/null
+++ b/queue-4.19/cfg80211-fix-memory-leak-in-cfg80211_cqm_rssi_update.patch
@@ -0,0 +1,32 @@
+From df16737d438f534d0cc9948c7c5158f1986c5c87 Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 8 Jan 2020 18:06:30 +0100
+Subject: cfg80211: fix memory leak in cfg80211_cqm_rssi_update
+
+From: Felix Fietkau <nbd@nbd.name>
+
+commit df16737d438f534d0cc9948c7c5158f1986c5c87 upstream.
+
+The per-tid statistics need to be released after the call to rdev_get_station
+
+Cc: stable@vger.kernel.org
+Fixes: 8689c051a201 ("cfg80211: dynamically allocate per-tid stats for station info")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Link: https://lore.kernel.org/r/20200108170630.33680-2-nbd@nbd.name
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -10305,6 +10305,7 @@ static int cfg80211_cqm_rssi_update(stru
+               if (err)
+                       return err;
+ 
++              cfg80211_sinfo_release_content(&sinfo);
+               if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
+                       wdev->cqm_config->last_rssi_event_value =
+                               (s8) sinfo.rx_beacon_signal_avg;

diff --git a/queue-4.19/cfg80211-fix-page-refcount-issue-in-a-msdu-decap.patch b/queue-4.19/cfg80211-fix-page-refcount-issue-in-a-msdu-decap.patch
new file mode 100644 (file)
index 0000000..23200ed
--- /dev/null
+++ b/queue-4.19/cfg80211-fix-page-refcount-issue-in-a-msdu-decap.patch
@@ -0,0 +1,36 @@
+From 81c044fc3bdc5b7be967cd3682528ea94b58c06a Mon Sep 17 00:00:00 2001
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 13 Jan 2020 19:21:07 +0100
+Subject: cfg80211: fix page refcount issue in A-MSDU decap
+
+From: Felix Fietkau <nbd@nbd.name>
+
+commit 81c044fc3bdc5b7be967cd3682528ea94b58c06a upstream.
+
+The fragments attached to a skb can be part of a compound page. In that case,
+page_ref_inc will increment the refcount for the wrong page. Fix this by
+using get_page instead, which calls page_ref_inc on the compound head and
+also checks for overflow.
+
+Fixes: 2b67f944f88c ("cfg80211: reuse existing page fragments in A-MSDU rx")
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Link: https://lore.kernel.org/r/20200113182107.20461-1-nbd@nbd.name
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/util.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/wireless/util.c
++++ b/net/wireless/util.c
+@@ -537,7 +537,7 @@ __frame_add_frag(struct sk_buff *skb, st
+       struct skb_shared_info *sh = skb_shinfo(skb);
+       int page_offset;
+ 
+-      page_ref_inc(page);
++      get_page(page);
+       page_offset = ptr - page_address(page);
+       skb_add_rx_frag(skb, sh->nr_frags, page, page_offset, len, size);
+ }

diff --git a/queue-4.19/series b/queue-4.19/series
index 1e6ec5d2a7aef6bfea1af7331420c6f267d6ade1..95b57ac510e1eaea660b7f0191c942a5b0f9515f 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -52,3 +52,6 @@ mm-huge_memory.c-make-__thp_get_unmapped_area-static.patch
 mm-huge_memory.c-thp-fix-conflict-of-above-47bit-hin.patch
 arm64-dts-agilex-stratix10-fix-pmu-interrupt-numbers.patch
 bpf-fix-incorrect-verifier-simulation-of-arsh-under-alu32.patch
+cfg80211-fix-deadlocks-in-autodisconnect-work.patch
+cfg80211-fix-memory-leak-in-cfg80211_cqm_rssi_update.patch
+cfg80211-fix-page-refcount-issue-in-a-msdu-decap.patch