From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 31 Mar 2022 19:02:30 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.14.275~46
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0a1a6094d3ee31766f71c13a623450fc0c8ac4df;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	usb-usb-storage-fix-use-of-bitfields-for-hardware-data-in-ene_ub6250.c.patch
---

diff --git a/queue-4.9/series b/queue-4.9/series
index d3fef9f6518..94f46c954cd 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -6,3 +6,4 @@ ethernet-sun-free-the-coherent-when-failing-in-probi.patch
 af_key-add-__gfp_zero-flag-for-compose_sadb_supporte.patch
 block-add-a-helper-to-validate-the-block-size.patch
 virtio-blk-use-blk_validate_block_size-to-validate-block-size.patch
+usb-usb-storage-fix-use-of-bitfields-for-hardware-data-in-ene_ub6250.c.patch
diff --git a/queue-4.9/usb-usb-storage-fix-use-of-bitfields-for-hardware-data-in-ene_ub6250.c.patch b/queue-4.9/usb-usb-storage-fix-use-of-bitfields-for-hardware-data-in-ene_ub6250.c.patch
new file mode 100644
index 00000000000..4e6bd480ea2
--- /dev/null
+++ b/queue-4.9/usb-usb-storage-fix-use-of-bitfields-for-hardware-data-in-ene_ub6250.c.patch
@@ -0,0 +1,353 @@
+From 1892bf90677abcad7f06e897e308f5c3e3618dd4 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Thu, 17 Mar 2022 16:39:10 -0400
+Subject: USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 1892bf90677abcad7f06e897e308f5c3e3618dd4 upstream.
+
+The kernel test robot found a problem with the ene_ub6250 subdriver in
+usb-storage: It uses structures containing bitfields to represent
+hardware bits in its SD_STATUS, MS_STATUS, and SM_STATUS bytes.  This
+is not safe; it presumes a particular bit ordering and it assumes the
+compiler will not insert padding, neither of which is guaranteed.
+
+This patch fixes the problem by changing the structures to simple u8
+values, with the bitfields replaced by bitmask constants.
+
+CC: <stable@vger.kernel.org>
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Link: https://lore.kernel.org/r/YjOcbuU106UpJ/V8@rowland.harvard.edu
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/storage/ene_ub6250.c |  153 +++++++++++++++++++--------------------
+ 1 file changed, 75 insertions(+), 78 deletions(-)
+
+--- a/drivers/usb/storage/ene_ub6250.c
++++ b/drivers/usb/storage/ene_ub6250.c
+@@ -251,36 +251,33 @@ static struct us_unusual_dev ene_ub6250_
+ #define memstick_logaddr(logadr1, logadr0) ((((u16)(logadr1)) << 8) | (logadr0))
+ 
+ 
+-struct SD_STATUS {
+-	u8    Insert:1;
+-	u8    Ready:1;
+-	u8    MediaChange:1;
+-	u8    IsMMC:1;
+-	u8    HiCapacity:1;
+-	u8    HiSpeed:1;
+-	u8    WtP:1;
+-	u8    Reserved:1;
+-};
+-
+-struct MS_STATUS {
+-	u8    Insert:1;
+-	u8    Ready:1;
+-	u8    MediaChange:1;
+-	u8    IsMSPro:1;
+-	u8    IsMSPHG:1;
+-	u8    Reserved1:1;
+-	u8    WtP:1;
+-	u8    Reserved2:1;
+-};
+-
+-struct SM_STATUS {
+-	u8    Insert:1;
+-	u8    Ready:1;
+-	u8    MediaChange:1;
+-	u8    Reserved:3;
+-	u8    WtP:1;
+-	u8    IsMS:1;
+-};
++/* SD_STATUS bits */
++#define SD_Insert	BIT(0)
++#define SD_Ready	BIT(1)
++#define SD_MediaChange	BIT(2)
++#define SD_IsMMC	BIT(3)
++#define SD_HiCapacity	BIT(4)
++#define SD_HiSpeed	BIT(5)
++#define SD_WtP		BIT(6)
++			/* Bit 7 reserved */
++
++/* MS_STATUS bits */
++#define MS_Insert	BIT(0)
++#define MS_Ready	BIT(1)
++#define MS_MediaChange	BIT(2)
++#define MS_IsMSPro	BIT(3)
++#define MS_IsMSPHG	BIT(4)
++			/* Bit 5 reserved */
++#define MS_WtP		BIT(6)
++			/* Bit 7 reserved */
++
++/* SM_STATUS bits */
++#define SM_Insert	BIT(0)
++#define SM_Ready	BIT(1)
++#define SM_MediaChange	BIT(2)
++			/* Bits 3-5 reserved */
++#define SM_WtP		BIT(6)
++#define SM_IsMS		BIT(7)
+ 
+ struct ms_bootblock_cis {
+ 	u8 bCistplDEVICE[6];    /* 0 */
+@@ -451,9 +448,9 @@ struct ene_ub6250_info {
+ 	u8		*bbuf;
+ 
+ 	/* for 6250 code */
+-	struct SD_STATUS	SD_Status;
+-	struct MS_STATUS	MS_Status;
+-	struct SM_STATUS	SM_Status;
++	u8		SD_Status;
++	u8		MS_Status;
++	u8		SM_Status;
+ 
+ 	/* ----- SD Control Data ---------------- */
+ 	/*SD_REGISTER SD_Regs; */
+@@ -588,7 +585,7 @@ static int sd_scsi_test_unit_ready(struc
+ {
+ 	struct ene_ub6250_info *info = (struct ene_ub6250_info *) us->extra;
+ 
+-	if (info->SD_Status.Insert && info->SD_Status.Ready)
++	if ((info->SD_Status & SD_Insert) && (info->SD_Status & SD_Ready))
+ 		return USB_STOR_TRANSPORT_GOOD;
+ 	else {
+ 		ene_sd_init(us);
+@@ -620,7 +617,7 @@ static int sd_scsi_mode_sense(struct us_
+ 		0x0b, 0x00, 0x80, 0x08, 0x00, 0x00,
+ 		0x71, 0xc0, 0x00, 0x00, 0x02, 0x00 };
+ 
+-	if (info->SD_Status.WtP)
++	if (info->SD_Status & SD_WtP)
+ 		usb_stor_set_xfer_buf(mediaWP, 12, srb);
+ 	else
+ 		usb_stor_set_xfer_buf(mediaNoWP, 12, srb);
+@@ -639,9 +636,9 @@ static int sd_scsi_read_capacity(struct
+ 	struct ene_ub6250_info *info = (struct ene_ub6250_info *) us->extra;
+ 
+ 	usb_stor_dbg(us, "sd_scsi_read_capacity\n");
+-	if (info->SD_Status.HiCapacity) {
++	if (info->SD_Status & SD_HiCapacity) {
+ 		bl_len = 0x200;
+-		if (info->SD_Status.IsMMC)
++		if (info->SD_Status & SD_IsMMC)
+ 			bl_num = info->HC_C_SIZE-1;
+ 		else
+ 			bl_num = (info->HC_C_SIZE + 1) * 1024 - 1;
+@@ -691,7 +688,7 @@ static int sd_scsi_read(struct us_data *
+ 		return USB_STOR_TRANSPORT_ERROR;
+ 	}
+ 
+-	if (info->SD_Status.HiCapacity)
++	if (info->SD_Status & SD_HiCapacity)
+ 		bnByte = bn;
+ 
+ 	/* set up the command wrapper */
+@@ -731,7 +728,7 @@ static int sd_scsi_write(struct us_data
+ 		return USB_STOR_TRANSPORT_ERROR;
+ 	}
+ 
+-	if (info->SD_Status.HiCapacity)
++	if (info->SD_Status & SD_HiCapacity)
+ 		bnByte = bn;
+ 
+ 	/* set up the command wrapper */
+@@ -1447,7 +1444,7 @@ static int ms_scsi_test_unit_ready(struc
+ 	struct ene_ub6250_info *info = (struct ene_ub6250_info *)(us->extra);
+ 
+ 	/* pr_info("MS_SCSI_Test_Unit_Ready\n"); */
+-	if (info->MS_Status.Insert && info->MS_Status.Ready) {
++	if ((info->MS_Status & MS_Insert) && (info->MS_Status & MS_Ready)) {
+ 		return USB_STOR_TRANSPORT_GOOD;
+ 	} else {
+ 		ene_ms_init(us);
+@@ -1480,7 +1477,7 @@ static int ms_scsi_mode_sense(struct us_
+ 		0x0b, 0x00, 0x80, 0x08, 0x00, 0x00,
+ 		0x71, 0xc0, 0x00, 0x00, 0x02, 0x00 };
+ 
+-	if (info->MS_Status.WtP)
++	if (info->MS_Status & MS_WtP)
+ 		usb_stor_set_xfer_buf(mediaWP, 12, srb);
+ 	else
+ 		usb_stor_set_xfer_buf(mediaNoWP, 12, srb);
+@@ -1499,7 +1496,7 @@ static int ms_scsi_read_capacity(struct
+ 
+ 	usb_stor_dbg(us, "ms_scsi_read_capacity\n");
+ 	bl_len = 0x200;
+-	if (info->MS_Status.IsMSPro)
++	if (info->MS_Status & MS_IsMSPro)
+ 		bl_num = info->MSP_TotalBlock - 1;
+ 	else
+ 		bl_num = info->MS_Lib.NumberOfLogBlock * info->MS_Lib.blockSize * 2 - 1;
+@@ -1654,7 +1651,7 @@ static int ms_scsi_read(struct us_data *
+ 	if (bn > info->bl_num)
+ 		return USB_STOR_TRANSPORT_ERROR;
+ 
+-	if (info->MS_Status.IsMSPro) {
++	if (info->MS_Status & MS_IsMSPro) {
+ 		result = ene_load_bincode(us, MSP_RW_PATTERN);
+ 		if (result != USB_STOR_XFER_GOOD) {
+ 			usb_stor_dbg(us, "Load MPS RW pattern Fail !!\n");
+@@ -1755,7 +1752,7 @@ static int ms_scsi_write(struct us_data
+ 	if (bn > info->bl_num)
+ 		return USB_STOR_TRANSPORT_ERROR;
+ 
+-	if (info->MS_Status.IsMSPro) {
++	if (info->MS_Status & MS_IsMSPro) {
+ 		result = ene_load_bincode(us, MSP_RW_PATTERN);
+ 		if (result != USB_STOR_XFER_GOOD) {
+ 			pr_info("Load MSP RW pattern Fail !!\n");
+@@ -1863,12 +1860,12 @@ static int ene_get_card_status(struct us
+ 
+ 	tmpreg = (u16) reg4b;
+ 	reg4b = *(u32 *)(&buf[0x14]);
+-	if (info->SD_Status.HiCapacity && !info->SD_Status.IsMMC)
++	if ((info->SD_Status & SD_HiCapacity) && !(info->SD_Status & SD_IsMMC))
+ 		info->HC_C_SIZE = (reg4b >> 8) & 0x3fffff;
+ 
+ 	info->SD_C_SIZE = ((tmpreg & 0x03) << 10) | (u16)(reg4b >> 22);
+ 	info->SD_C_SIZE_MULT = (u8)(reg4b >> 7)  & 0x07;
+-	if (info->SD_Status.HiCapacity && info->SD_Status.IsMMC)
++	if ((info->SD_Status & SD_HiCapacity) && (info->SD_Status & SD_IsMMC))
+ 		info->HC_C_SIZE = *(u32 *)(&buf[0x100]);
+ 
+ 	if (info->SD_READ_BL_LEN > SD_BLOCK_LEN) {
+@@ -2080,6 +2077,7 @@ static int ene_ms_init(struct us_data *u
+ 	u16 MSP_BlockSize, MSP_UserAreaBlocks;
+ 	struct ene_ub6250_info *info = (struct ene_ub6250_info *) us->extra;
+ 	u8 *bbuf = info->bbuf;
++	unsigned int s;
+ 
+ 	printk(KERN_INFO "transport --- ENE_MSInit\n");
+ 
+@@ -2104,15 +2102,16 @@ static int ene_ms_init(struct us_data *u
+ 		return USB_STOR_TRANSPORT_ERROR;
+ 	}
+ 	/* the same part to test ENE */
+-	info->MS_Status = *(struct MS_STATUS *) bbuf;
++	info->MS_Status = bbuf[0];
+ 
+-	if (info->MS_Status.Insert && info->MS_Status.Ready) {
+-		printk(KERN_INFO "Insert     = %x\n", info->MS_Status.Insert);
+-		printk(KERN_INFO "Ready      = %x\n", info->MS_Status.Ready);
+-		printk(KERN_INFO "IsMSPro    = %x\n", info->MS_Status.IsMSPro);
+-		printk(KERN_INFO "IsMSPHG    = %x\n", info->MS_Status.IsMSPHG);
+-		printk(KERN_INFO "WtP= %x\n", info->MS_Status.WtP);
+-		if (info->MS_Status.IsMSPro) {
++	s = info->MS_Status;
++	if ((s & MS_Insert) && (s & MS_Ready)) {
++		printk(KERN_INFO "Insert     = %x\n", !!(s & MS_Insert));
++		printk(KERN_INFO "Ready      = %x\n", !!(s & MS_Ready));
++		printk(KERN_INFO "IsMSPro    = %x\n", !!(s & MS_IsMSPro));
++		printk(KERN_INFO "IsMSPHG    = %x\n", !!(s & MS_IsMSPHG));
++		printk(KERN_INFO "WtP= %x\n", !!(s & MS_WtP));
++		if (s & MS_IsMSPro) {
+ 			MSP_BlockSize      = (bbuf[6] << 8) | bbuf[7];
+ 			MSP_UserAreaBlocks = (bbuf[10] << 8) | bbuf[11];
+ 			info->MSP_TotalBlock = MSP_BlockSize * MSP_UserAreaBlocks;
+@@ -2173,17 +2172,17 @@ static int ene_sd_init(struct us_data *u
+ 		return USB_STOR_TRANSPORT_ERROR;
+ 	}
+ 
+-	info->SD_Status =  *(struct SD_STATUS *) bbuf;
+-	if (info->SD_Status.Insert && info->SD_Status.Ready) {
+-		struct SD_STATUS *s = &info->SD_Status;
++	info->SD_Status = bbuf[0];
++	if ((info->SD_Status & SD_Insert) && (info->SD_Status & SD_Ready)) {
++		unsigned int s = info->SD_Status;
+ 
+ 		ene_get_card_status(us, bbuf);
+-		usb_stor_dbg(us, "Insert     = %x\n", s->Insert);
+-		usb_stor_dbg(us, "Ready      = %x\n", s->Ready);
+-		usb_stor_dbg(us, "IsMMC      = %x\n", s->IsMMC);
+-		usb_stor_dbg(us, "HiCapacity = %x\n", s->HiCapacity);
+-		usb_stor_dbg(us, "HiSpeed    = %x\n", s->HiSpeed);
+-		usb_stor_dbg(us, "WtP        = %x\n", s->WtP);
++		usb_stor_dbg(us, "Insert     = %x\n", !!(s & SD_Insert));
++		usb_stor_dbg(us, "Ready      = %x\n", !!(s & SD_Ready));
++		usb_stor_dbg(us, "IsMMC      = %x\n", !!(s & SD_IsMMC));
++		usb_stor_dbg(us, "HiCapacity = %x\n", !!(s & SD_HiCapacity));
++		usb_stor_dbg(us, "HiSpeed    = %x\n", !!(s & SD_HiSpeed));
++		usb_stor_dbg(us, "WtP        = %x\n", !!(s & SD_WtP));
+ 	} else {
+ 		usb_stor_dbg(us, "SD Card Not Ready --- %x\n", bbuf[0]);
+ 		return USB_STOR_TRANSPORT_ERROR;
+@@ -2205,14 +2204,14 @@ static int ene_init(struct us_data *us)
+ 
+ 	misc_reg03 = bbuf[0];
+ 	if (misc_reg03 & 0x01) {
+-		if (!info->SD_Status.Ready) {
++		if (!(info->SD_Status & SD_Ready)) {
+ 			result = ene_sd_init(us);
+ 			if (result != USB_STOR_XFER_GOOD)
+ 				return USB_STOR_TRANSPORT_ERROR;
+ 		}
+ 	}
+ 	if (misc_reg03 & 0x02) {
+-		if (!info->MS_Status.Ready) {
++		if (!(info->MS_Status & MS_Ready)) {
+ 			result = ene_ms_init(us);
+ 			if (result != USB_STOR_XFER_GOOD)
+ 				return USB_STOR_TRANSPORT_ERROR;
+@@ -2302,14 +2301,14 @@ static int ene_transport(struct scsi_cmn
+ 
+ 	/*US_DEBUG(usb_stor_show_command(us, srb)); */
+ 	scsi_set_resid(srb, 0);
+-	if (unlikely(!(info->SD_Status.Ready || info->MS_Status.Ready)))
++	if (unlikely(!(info->SD_Status & SD_Ready) || (info->MS_Status & MS_Ready)))
+ 		result = ene_init(us);
+ 	if (result == USB_STOR_XFER_GOOD) {
+ 		result = USB_STOR_TRANSPORT_ERROR;
+-		if (info->SD_Status.Ready)
++		if (info->SD_Status & SD_Ready)
+ 			result = sd_scsi_irp(us, srb);
+ 
+-		if (info->MS_Status.Ready)
++		if (info->MS_Status & MS_Ready)
+ 			result = ms_scsi_irp(us, srb);
+ 	}
+ 	return result;
+@@ -2373,7 +2372,6 @@ static int ene_ub6250_probe(struct usb_i
+ 
+ static int ene_ub6250_resume(struct usb_interface *iface)
+ {
+-	u8 tmp = 0;
+ 	struct us_data *us = usb_get_intfdata(iface);
+ 	struct ene_ub6250_info *info = (struct ene_ub6250_info *)(us->extra);
+ 
+@@ -2385,17 +2383,16 @@ static int ene_ub6250_resume(struct usb_
+ 	mutex_unlock(&us->dev_mutex);
+ 
+ 	info->Power_IsResum = true;
+-	/*info->SD_Status.Ready = 0; */
+-	info->SD_Status = *(struct SD_STATUS *)&tmp;
+-	info->MS_Status = *(struct MS_STATUS *)&tmp;
+-	info->SM_Status = *(struct SM_STATUS *)&tmp;
++	/* info->SD_Status &= ~SD_Ready; */
++	info->SD_Status = 0;
++	info->MS_Status = 0;
++	info->SM_Status = 0;
+ 
+ 	return 0;
+ }
+ 
+ static int ene_ub6250_reset_resume(struct usb_interface *iface)
+ {
+-	u8 tmp = 0;
+ 	struct us_data *us = usb_get_intfdata(iface);
+ 	struct ene_ub6250_info *info = (struct ene_ub6250_info *)(us->extra);
+ 
+@@ -2407,10 +2404,10 @@ static int ene_ub6250_reset_resume(struc
+ 	 * the device
+ 	 */
+ 	info->Power_IsResum = true;
+-	/*info->SD_Status.Ready = 0; */
+-	info->SD_Status = *(struct SD_STATUS *)&tmp;
+-	info->MS_Status = *(struct MS_STATUS *)&tmp;
+-	info->SM_Status = *(struct SM_STATUS *)&tmp;
++	/* info->SD_Status &= ~SD_Ready; */
++	info->SD_Status = 0;
++	info->MS_Status = 0;
++	info->SM_Status = 0;
+ 
+ 	return 0;
+ }