Fixes for 4.19

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.19/alsa-usb-update-old-style-static-const-declaration.patch b/queue-4.19/alsa-usb-update-old-style-static-const-declaration.patch
new file mode 100644 (file)
index 0000000..4787688
--- /dev/null
+++ b/queue-4.19/alsa-usb-update-old-style-static-const-declaration.patch
@@ -0,0 +1,46 @@
+From a7b245f214b62b16cbe59fb7cf2f2b2a399c6709 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 11 Jan 2020 15:47:36 -0600
+Subject: ALSA: usb: update old-style static const declaration
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+
+[ Upstream commit ff40e0d41af19e36b43693fcb9241b4a6795bb44 ]
+
+GCC reports the following warning with W=1
+
+sound/usb/mixer_quirks.c: In function ‘snd_microii_controls_create’:
+sound/usb/mixer_quirks.c:1694:2: warning: ‘static’ is not at beginning
+of declaration [-Wold-style-declaration]
+ 1694 |  const static usb_mixer_elem_resume_func_t resume_funcs[] = {
+      |  ^~~~~
+
+Move static to the beginning of declaration
+
+Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Link: https://lore.kernel.org/r/20200111214736.3002-3-pierre-louis.bossart@linux.intel.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/usb/mixer_quirks.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
+index 169679419b39..a74e07eff60c 100644
+--- a/sound/usb/mixer_quirks.c
++++ b/sound/usb/mixer_quirks.c
+@@ -1708,7 +1708,7 @@ static struct snd_kcontrol_new snd_microii_mixer_spdif[] = {
+ static int snd_microii_controls_create(struct usb_mixer_interface *mixer)
+ {
+       int err, i;
+-      const static usb_mixer_elem_resume_func_t resume_funcs[] = {
++      static const usb_mixer_elem_resume_func_t resume_funcs[] = {
+               snd_microii_spdif_default_update,
+               NULL,
+               snd_microii_spdif_switch_update
+-- 
+2.30.2
+

diff --git a/queue-4.19/net-usb-cdc_ncm-don-t-spew-notifications.patch b/queue-4.19/net-usb-cdc_ncm-don-t-spew-notifications.patch
new file mode 100644 (file)
index 0000000..d4bc6d5
--- /dev/null
+++ b/queue-4.19/net-usb-cdc_ncm-don-t-spew-notifications.patch
@@ -0,0 +1,112 @@
+From ba8ac89f2b4e4310a4ac84c5f38d2e1f1e110f82 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 19 Jan 2021 17:12:08 -0800
+Subject: net: usb: cdc_ncm: don't spew notifications
+
+From: Grant Grundler <grundler@chromium.org>
+
+[ Upstream commit de658a195ee23ca6aaffe197d1d2ea040beea0a2 ]
+
+RTL8156 sends notifications about every 32ms.
+Only display/log notifications when something changes.
+
+This issue has been reported by others:
+       https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832472
+       https://lkml.org/lkml/2020/8/27/1083
+
+...
+[785962.779840] usb 1-1: new high-speed USB device number 5 using xhci_hcd
+[785962.929944] usb 1-1: New USB device found, idVendor=0bda, idProduct=8156, bcdDevice=30.00
+[785962.929949] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=6
+[785962.929952] usb 1-1: Product: USB 10/100/1G/2.5G LAN
+[785962.929954] usb 1-1: Manufacturer: Realtek
+[785962.929956] usb 1-1: SerialNumber: 000000001
+[785962.991755] usbcore: registered new interface driver cdc_ether
+[785963.017068] cdc_ncm 1-1:2.0: MAC-Address: 00:24:27:88:08:15
+[785963.017072] cdc_ncm 1-1:2.0: setting rx_max = 16384
+[785963.017169] cdc_ncm 1-1:2.0: setting tx_max = 16384
+[785963.017682] cdc_ncm 1-1:2.0 usb0: register 'cdc_ncm' at usb-0000:00:14.0-1, CDC NCM, 00:24:27:88:08:15
+[785963.019211] usbcore: registered new interface driver cdc_ncm
+[785963.023856] usbcore: registered new interface driver cdc_wdm
+[785963.025461] usbcore: registered new interface driver cdc_mbim
+[785963.038824] cdc_ncm 1-1:2.0 enx002427880815: renamed from usb0
+[785963.089586] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected
+[785963.121673] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected
+[785963.153682] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected
+...
+
+This is about 2KB per second and will overwrite all contents of a 1MB
+dmesg buffer in under 10 minutes rendering them useless for debugging
+many kernel problems.
+
+This is also an extra 180 MB/day in /var/logs (or 1GB per week) rendering
+the majority of those logs useless too.
+
+When the link is up (expected state), spew amount is >2x higher:
+...
+[786139.600992] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected
+[786139.632997] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink
+[786139.665097] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected
+[786139.697100] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink
+[786139.729094] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected
+[786139.761108] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink
+...
+
+Chrome OS cannot support RTL8156 until this is fixed.
+
+Signed-off-by: Grant Grundler <grundler@chromium.org>
+Reviewed-by: Hayes Wang <hayeswang@realtek.com>
+Link: https://lore.kernel.org/r/20210120011208.3768105-1-grundler@chromium.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/cdc_ncm.c  | 12 +++++++++++-
+ include/linux/usb/usbnet.h |  2 ++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
+index faca70c3647d..82ec00a7370d 100644
+--- a/drivers/net/usb/cdc_ncm.c
++++ b/drivers/net/usb/cdc_ncm.c
+@@ -1590,6 +1590,15 @@ cdc_ncm_speed_change(struct usbnet *dev,
+       uint32_t rx_speed = le32_to_cpu(data->DLBitRRate);
+       uint32_t tx_speed = le32_to_cpu(data->ULBitRate);
+ 
++      /* if the speed hasn't changed, don't report it.
++       * RTL8156 shipped before 2021 sends notification about every 32ms.
++       */
++      if (dev->rx_speed == rx_speed && dev->tx_speed == tx_speed)
++              return;
++
++      dev->rx_speed = rx_speed;
++      dev->tx_speed = tx_speed;
++
+       /*
+        * Currently the USB-NET API does not support reporting the actual
+        * device speed. Do print it instead.
+@@ -1633,7 +1642,8 @@ static void cdc_ncm_status(struct usbnet *dev, struct urb *urb)
+                * USB_CDC_NOTIFY_NETWORK_CONNECTION notification shall be
+                * sent by device after USB_CDC_NOTIFY_SPEED_CHANGE.
+                */
+-              usbnet_link_change(dev, !!event->wValue, 0);
++              if (netif_carrier_ok(dev->net) != !!event->wValue)
++                      usbnet_link_change(dev, !!event->wValue, 0);
+               break;
+ 
+       case USB_CDC_NOTIFY_SPEED_CHANGE:
+diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h
+index e2ec3582e549..452ca06ed253 100644
+--- a/include/linux/usb/usbnet.h
++++ b/include/linux/usb/usbnet.h
+@@ -83,6 +83,8 @@ struct usbnet {
+ #             define EVENT_LINK_CHANGE        11
+ #             define EVENT_SET_RX_MODE        12
+ #             define EVENT_NO_IP_ALIGN        13
++      u32                     rx_speed;       /* in bps - NOT Mbps */
++      u32                     tx_speed;       /* in bps - NOT Mbps */
+ };
+ 
+ static inline struct usb_driver *driver_of(struct usb_interface *intf)
+-- 
+2.30.2
+

diff --git a/queue-4.19/nl80211-validate-key-indexes-for-cfg80211_registered.patch b/queue-4.19/nl80211-validate-key-indexes-for-cfg80211_registered.patch
new file mode 100644 (file)
index 0000000..52ce33d
--- /dev/null
+++ b/queue-4.19/nl80211-validate-key-indexes-for-cfg80211_registered.patch
@@ -0,0 +1,133 @@
+From e5af0e9f1072c5d6e5cbc46f8520417ce11ad628 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 3 Jun 2021 09:28:52 -0700
+Subject: nl80211: validate key indexes for cfg80211_registered_device
+
+From: Anant Thazhemadam <anant.thazhemadam@gmail.com>
+
+commit 2d9463083ce92636a1bdd3e30d1236e3e95d859e upstream
+
+syzbot discovered a bug in which an OOB access was being made because
+an unsuitable key_idx value was wrongly considered to be acceptable
+while deleting a key in nl80211_del_key().
+
+Since we don't know the cipher at the time of deletion, if
+cfg80211_validate_key_settings() were to be called directly in
+nl80211_del_key(), even valid keys would be wrongly determined invalid,
+and deletion wouldn't occur correctly.
+For this reason, a new function - cfg80211_valid_key_idx(), has been
+created, to determine if the key_idx value provided is valid or not.
+cfg80211_valid_key_idx() is directly called in 2 places -
+nl80211_del_key(), and cfg80211_validate_key_settings().
+
+Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
+Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
+Suggested-by: Johannes Berg <johannes@sipsolutions.net>
+Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
+Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com
+Cc: stable@vger.kernel.org
+[also disallow IGTK key IDs if no IGTK cipher is supported]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/wireless/core.h    |  2 ++
+ net/wireless/nl80211.c |  7 ++++---
+ net/wireless/util.c    | 39 ++++++++++++++++++++++++++++++++++++++-
+ 3 files changed, 44 insertions(+), 4 deletions(-)
+
+diff --git a/net/wireless/core.h b/net/wireless/core.h
+index f5d58652108d..5f177dad2fa8 100644
+--- a/net/wireless/core.h
++++ b/net/wireless/core.h
+@@ -404,6 +404,8 @@ void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev);
+ 
+ /* internal helpers */
+ bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher);
++bool cfg80211_valid_key_idx(struct cfg80211_registered_device *rdev,
++                          int key_idx, bool pairwise);
+ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
+                                  struct key_params *params, int key_idx,
+                                  bool pairwise, const u8 *mac_addr);
+diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
+index 5f0605275fa3..04c4fd376e1d 100644
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -3624,9 +3624,6 @@ static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
+       if (err)
+               return err;
+ 
+-      if (key.idx < 0)
+-              return -EINVAL;
+-
+       if (info->attrs[NL80211_ATTR_MAC])
+               mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
+ 
+@@ -3642,6 +3639,10 @@ static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
+           key.type != NL80211_KEYTYPE_GROUP)
+               return -EINVAL;
+ 
++      if (!cfg80211_valid_key_idx(rdev, key.idx,
++                                  key.type == NL80211_KEYTYPE_PAIRWISE))
++              return -EINVAL;
++
+       if (!rdev->ops->del_key)
+               return -EOPNOTSUPP;
+ 
+diff --git a/net/wireless/util.c b/net/wireless/util.c
+index 6f9cff2ee795..c4536468dfbe 100644
+--- a/net/wireless/util.c
++++ b/net/wireless/util.c
+@@ -214,11 +214,48 @@ bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher)
+       return false;
+ }
+ 
++static bool
++cfg80211_igtk_cipher_supported(struct cfg80211_registered_device *rdev)
++{
++      struct wiphy *wiphy = &rdev->wiphy;
++      int i;
++
++      for (i = 0; i < wiphy->n_cipher_suites; i++) {
++              switch (wiphy->cipher_suites[i]) {
++              case WLAN_CIPHER_SUITE_AES_CMAC:
++              case WLAN_CIPHER_SUITE_BIP_CMAC_256:
++              case WLAN_CIPHER_SUITE_BIP_GMAC_128:
++              case WLAN_CIPHER_SUITE_BIP_GMAC_256:
++                      return true;
++              }
++      }
++
++      return false;
++}
++
++bool cfg80211_valid_key_idx(struct cfg80211_registered_device *rdev,
++                          int key_idx, bool pairwise)
++{
++      int max_key_idx;
++
++      if (pairwise)
++              max_key_idx = 3;
++      else if (cfg80211_igtk_cipher_supported(rdev))
++              max_key_idx = 5;
++      else
++              max_key_idx = 3;
++
++      if (key_idx < 0 || key_idx > max_key_idx)
++              return false;
++
++      return true;
++}
++
+ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
+                                  struct key_params *params, int key_idx,
+                                  bool pairwise, const u8 *mac_addr)
+ {
+-      if (key_idx < 0 || key_idx > 5)
++      if (!cfg80211_valid_key_idx(rdev, key_idx, pairwise))
+               return -EINVAL;
+ 
+       if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
+-- 
+2.30.2
+

diff --git a/queue-4.19/series b/queue-4.19/series
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..7cb7d00325a6091d2395a278165b382387556ecb 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -0,0 +1,3 @@
+net-usb-cdc_ncm-don-t-spew-notifications.patch
+alsa-usb-update-old-style-static-const-declaration.patch
+nl80211-validate-key-indexes-for-cfg80211_registered.patch