--- /dev/null
+From 8006aff15516a170640239c5a8e6696c0ba18d8e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <kabel@kernel.org>
+Date: Tue, 22 Apr 2025 11:57:18 +0200
+Subject: crypto: atmel-sha204a - Set hwrng quality to lowest possible
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Marek BehĂșn <kabel@kernel.org>
+
+commit 8006aff15516a170640239c5a8e6696c0ba18d8e upstream.
+
+According to the review by Bill Cox [1], the Atmel SHA204A random number
+generator produces random numbers with very low entropy.
+
+Set the lowest possible entropy for this chip just to be safe.
+
+[1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html
+
+Fixes: da001fb651b00e1d ("crypto: atmel-i2c - add support for SHA204A random number generator")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Marek BehĂșn <kabel@kernel.org>
+Acked-by: Ard Biesheuvel <ardb@kernel.org>
+Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/atmel-sha204a.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/crypto/atmel-sha204a.c
++++ b/drivers/crypto/atmel-sha204a.c
+@@ -109,6 +109,12 @@ static int atmel_sha204a_probe(struct i2
+ i2c_priv->hwrng.read = atmel_sha204a_rng_read;
+ i2c_priv->hwrng.quality = 1024;
+
++ /*
++ * According to review by Bill Cox [1], this HWRNG has very low entropy.
++ * [1] https://www.metzdowd.com/pipermail/cryptography/2014-December/023858.html
++ */
++ i2c_priv->hwrng.quality = 1;
++
+ ret = devm_hwrng_register(&client->dev, &i2c_priv->hwrng);
+ if (ret)
+ dev_warn(&client->dev, "failed to register RNG (%d)\n", ret);
--- /dev/null
+From 7c7f1bfdb2249f854a736d9b79778c7e5a29a150 Mon Sep 17 00:00:00 2001
+From: Haoxiang Li <haoxiang_li2024@163.com>
+Date: Mon, 10 Mar 2025 09:46:57 +0100
+Subject: mcb: fix a double free bug in chameleon_parse_gdd()
+
+From: Haoxiang Li <haoxiang_li2024@163.com>
+
+commit 7c7f1bfdb2249f854a736d9b79778c7e5a29a150 upstream.
+
+In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev'
+would be released in mcb_device_register() via put_device().
+Thus, goto 'err' label and free 'mdev' again causes a double free.
+Just return if mcb_device_register() fails.
+
+Fixes: 3764e82e5150 ("drivers: Introduce MEN Chameleon Bus")
+Cc: stable <stable@kernel.org>
+Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
+Signed-off-by: Johannes Thumshirn <jth@kernel.org>
+Link: https://lore.kernel.org/r/6201d09e2975ae5789879f79a6de4c38de9edd4a.1741596225.git.jth@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mcb/mcb-parse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mcb/mcb-parse.c
++++ b/drivers/mcb/mcb-parse.c
+@@ -101,7 +101,7 @@ static int chameleon_parse_gdd(struct mc
+
+ ret = mcb_device_register(bus, mdev);
+ if (ret < 0)
+- goto err;
++ return ret;
+
+ return 0;
+
tipc-fix-null-pointer-dereference-in-tipc_mon_reinit.patch
net_sched-hfsc-fix-a-uaf-vulnerability-in-class-hand.patch
net_sched-hfsc-fix-a-potential-uaf-in-hfsc_dequeue-t.patch
+virtio_console-fix-missing-byte-order-handling-for-cols-and-rows.patch
+crypto-atmel-sha204a-set-hwrng-quality-to-lowest-possible.patch
+mcb-fix-a-double-free-bug-in-chameleon_parse_gdd.patch
+usb-storage-quirk-for-adata-portable-hdd-ch94.patch
--- /dev/null
+From 9ab75eee1a056f896b87d139044dd103adc532b9 Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oneukum@suse.com>
+Date: Thu, 3 Apr 2025 19:59:45 +0200
+Subject: USB: storage: quirk for ADATA Portable HDD CH94
+
+From: Oliver Neukum <oneukum@suse.com>
+
+commit 9ab75eee1a056f896b87d139044dd103adc532b9 upstream.
+
+Version 1.60 specifically needs this quirk.
+Version 2.00 is known good.
+
+Cc: stable <stable@kernel.org>
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+Link: https://lore.kernel.org/r/20250403180004.343133-1-oneukum@suse.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/storage/unusual_uas.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/usb/storage/unusual_uas.h
++++ b/drivers/usb/storage/unusual_uas.h
+@@ -83,6 +83,13 @@ UNUSUAL_DEV(0x0bc2, 0x331a, 0x0000, 0x99
+ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+ US_FL_NO_REPORT_LUNS),
+
++/* Reported-by: Oliver Neukum <oneukum@suse.com> */
++UNUSUAL_DEV(0x125f, 0xa94a, 0x0160, 0x0160,
++ "ADATA",
++ "Portable HDD CH94",
++ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
++ US_FL_NO_ATA_1X),
++
+ /* Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> */
+ UNUSUAL_DEV(0x13fd, 0x3940, 0x0000, 0x9999,
+ "Initio Corporation",
--- /dev/null
+From fbd3039a64b01b769040677c4fc68badeca8e3b2 Mon Sep 17 00:00:00 2001
+From: Halil Pasic <pasic@linux.ibm.com>
+Date: Sat, 22 Mar 2025 01:29:54 +0100
+Subject: virtio_console: fix missing byte order handling for cols and rows
+
+From: Halil Pasic <pasic@linux.ibm.com>
+
+commit fbd3039a64b01b769040677c4fc68badeca8e3b2 upstream.
+
+As per virtio spec the fields cols and rows are specified as little
+endian. Although there is no legacy interface requirement that would
+state that cols and rows need to be handled as native endian when legacy
+interface is used, unlike for the fields of the adjacent struct
+virtio_console_control, I decided to err on the side of caution based
+on some non-conclusive virtio spec repo archaeology and opt for using
+virtio16_to_cpu() much like for virtio_console_control.event. Strictly
+by the letter of the spec virtio_le_to_cpu() would have been sufficient.
+But when the legacy interface is not used, it boils down to the same.
+
+And when using the legacy interface, the device formatting these as
+little endian when the guest is big endian would surprise me more than
+it using guest native byte order (which would make it compatible with
+the current implementation). Nevertheless somebody trying to implement
+the spec following it to the letter could end up forcing little endian
+byte order when the legacy interface is in use. So IMHO this ultimately
+needs a judgement call by the maintainers.
+
+Fixes: 8345adbf96fc1 ("virtio: console: Accept console size along with resize control message")
+Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
+Cc: stable@vger.kernel.org # v2.6.35+
+Message-Id: <20250322002954.3129282-1-pasic@linux.ibm.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/char/virtio_console.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/drivers/char/virtio_console.c
++++ b/drivers/char/virtio_console.c
+@@ -1619,8 +1619,8 @@ static void handle_control_message(struc
+ break;
+ case VIRTIO_CONSOLE_RESIZE: {
+ struct {
+- __u16 rows;
+- __u16 cols;
++ __virtio16 rows;
++ __virtio16 cols;
+ } size;
+
+ if (!is_console_port(port))
+@@ -1628,7 +1628,8 @@ static void handle_control_message(struc
+
+ memcpy(&size, buf->buf + buf->offset + sizeof(*cpkt),
+ sizeof(size));
+- set_console_size(port, size.rows, size.cols);
++ set_console_size(port, virtio16_to_cpu(vdev, size.rows),
++ virtio16_to_cpu(vdev, size.cols));
+
+ port->cons.hvc->irq_requested = 1;
+ resize_console(port);
projects / thirdparty / kernel / stable-queue.git / commitdiff
