From: Greg Kroah-Hartman Date: Sat, 5 Mar 2022 20:25:39 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v4.9.305~54 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=27e0fededa369c98d83507b3ccca29c3395dc583;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: arm-9182-1-mmu-fix-returns-from-early_param-and-__setup-functions.patch can-gs_usb-change-active_channels-s-type-from-atomic_t-to-u8.patch efivars-respect-block-flag-in-efivar_entry_set_safe.patch mac80211-fix-forwarded-mesh-frames-ac-queue-selection.patch net-arcnet-com20020-fix-null-ptr-deref-in-com20020pci_probe.patch net-stmmac-fix-return-value-of-__setup-handler.patch net-sxgbe-fix-return-value-of-__setup-handler.patch --- diff --git a/queue-4.14/arm-9182-1-mmu-fix-returns-from-early_param-and-__setup-functions.patch b/queue-4.14/arm-9182-1-mmu-fix-returns-from-early_param-and-__setup-functions.patch new file mode 100644 index 00000000000..7ab44a256a8 --- /dev/null +++ b/queue-4.14/arm-9182-1-mmu-fix-returns-from-early_param-and-__setup-functions.patch @@ -0,0 +1,51 @@ +From 7b83299e5b9385943a857d59e15cba270df20d7e Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Wed, 23 Feb 2022 20:46:35 +0100 +Subject: ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Randy Dunlap + +commit 7b83299e5b9385943a857d59e15cba270df20d7e upstream. + +early_param() handlers should return 0 on success. +__setup() handlers should return 1 on success, i.e., the parameter +has been handled. A return of 0 would cause the "option=value" string +to be added to init's environment strings, polluting it. + +../arch/arm/mm/mmu.c: In function 'test_early_cachepolicy': +../arch/arm/mm/mmu.c:215:1: error: no return statement in function returning non-void [-Werror=return-type] +../arch/arm/mm/mmu.c: In function 'test_noalign_setup': +../arch/arm/mm/mmu.c:221:1: error: no return statement in function returning non-void [-Werror=return-type] + +Fixes: b849a60e0903 ("ARM: make cr_alignment read-only #ifndef CONFIG_CPU_CP15") +Signed-off-by: Randy Dunlap +Reported-by: Igor Zhbanov +Cc: Uwe Kleine-König +Cc: linux-arm-kernel@lists.infradead.org +Cc: patches@armlinux.org.uk +Signed-off-by: Russell King (Oracle) +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/mm/mmu.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm/mm/mmu.c ++++ b/arch/arm/mm/mmu.c +@@ -230,12 +230,14 @@ early_param("ecc", early_ecc); + static int __init early_cachepolicy(char *p) + { + pr_warn("cachepolicy kernel parameter not supported without cp15\n"); ++ return 0; + } + early_param("cachepolicy", early_cachepolicy); + + static int __init noalign_setup(char *__unused) + { + pr_warn("noalign kernel parameter not supported without cp15\n"); ++ return 1; + } + __setup("noalign", noalign_setup); + diff --git a/queue-4.14/can-gs_usb-change-active_channels-s-type-from-atomic_t-to-u8.patch b/queue-4.14/can-gs_usb-change-active_channels-s-type-from-atomic_t-to-u8.patch new file mode 100644 index 00000000000..2f561cf9201 --- /dev/null +++ b/queue-4.14/can-gs_usb-change-active_channels-s-type-from-atomic_t-to-u8.patch @@ -0,0 +1,79 @@ +From 035b0fcf02707d3c9c2890dc1484b11aa5335eb1 Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 15 Feb 2022 08:48:14 +0900 +Subject: can: gs_usb: change active_channels's type from atomic_t to u8 + +From: Vincent Mailhol + +commit 035b0fcf02707d3c9c2890dc1484b11aa5335eb1 upstream. + +The driver uses an atomic_t variable: gs_usb:active_channels to keep +track of the number of opened channels in order to only allocate +memory for the URBs when this count changes from zero to one. + +However, the driver does not decrement the counter when an error +occurs in gs_can_open(). This issue is fixed by changing the type from +atomic_t to u8 and by simplifying the logic accordingly. + +It is safe to use an u8 here because the network stack big kernel lock +(a.k.a. rtnl_mutex) is being hold. For details, please refer to [1]. + +[1] https://lore.kernel.org/linux-can/CAMZ6Rq+sHpiw34ijPsmp7vbUpDtJwvVtdV7CvRZJsLixjAFfrg@mail.gmail.com/T/#t + +Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices") +Link: https://lore.kernel.org/all/20220214234814.1321599-1-mailhol.vincent@wanadoo.fr +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/can/usb/gs_usb.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/net/can/usb/gs_usb.c ++++ b/drivers/net/can/usb/gs_usb.c +@@ -198,8 +198,8 @@ struct gs_can { + struct gs_usb { + struct gs_can *canch[GS_MAX_INTF]; + struct usb_anchor rx_submitted; +- atomic_t active_channels; + struct usb_device *udev; ++ u8 active_channels; + }; + + /* 'allocate' a tx context. +@@ -596,7 +596,7 @@ static int gs_can_open(struct net_device + if (rc) + return rc; + +- if (atomic_add_return(1, &parent->active_channels) == 1) { ++ if (!parent->active_channels) { + for (i = 0; i < GS_MAX_RX_URBS; i++) { + struct urb *urb; + u8 *buf; +@@ -697,6 +697,7 @@ static int gs_can_open(struct net_device + + dev->can.state = CAN_STATE_ERROR_ACTIVE; + ++ parent->active_channels++; + if (!(dev->can.ctrlmode & CAN_CTRLMODE_LISTENONLY)) + netif_start_queue(netdev); + +@@ -712,7 +713,8 @@ static int gs_can_close(struct net_devic + netif_stop_queue(netdev); + + /* Stop polling */ +- if (atomic_dec_and_test(&parent->active_channels)) ++ parent->active_channels--; ++ if (!parent->active_channels) + usb_kill_anchored_urbs(&parent->rx_submitted); + + /* Stop sending URBs */ +@@ -991,8 +993,6 @@ static int gs_usb_probe(struct usb_inter + + init_usb_anchor(&dev->rx_submitted); + +- atomic_set(&dev->active_channels, 0); +- + usb_set_intfdata(intf, dev); + dev->udev = interface_to_usbdev(intf); + diff --git a/queue-4.14/efivars-respect-block-flag-in-efivar_entry_set_safe.patch b/queue-4.14/efivars-respect-block-flag-in-efivar_entry_set_safe.patch new file mode 100644 index 00000000000..f413d887b4b --- /dev/null +++ b/queue-4.14/efivars-respect-block-flag-in-efivar_entry_set_safe.patch @@ -0,0 +1,56 @@ +From 258dd902022cb10c83671176688074879517fd21 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Fri, 18 Feb 2022 19:05:59 +0100 +Subject: efivars: Respect "block" flag in efivar_entry_set_safe() + +From: Jann Horn + +commit 258dd902022cb10c83671176688074879517fd21 upstream. + +When the "block" flag is false, the old code would sometimes still call +check_var_size(), which wrongly tells ->query_variable_store() that it can +block. + +As far as I can tell, this can't really materialize as a bug at the moment, +because ->query_variable_store only does something on X86 with generic EFI, +and in that configuration we always take the efivar_entry_set_nonblocking() +path. + +Fixes: ca0e30dcaa53 ("efi: Add nonblocking option to efi_query_variable_store()") +Signed-off-by: Jann Horn +Signed-off-by: Ard Biesheuvel +Link: https://lore.kernel.org/r/20220218180559.1432559-1-jannh@google.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/vars.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/firmware/efi/vars.c ++++ b/drivers/firmware/efi/vars.c +@@ -763,6 +763,7 @@ int efivar_entry_set_safe(efi_char16_t * + { + const struct efivar_operations *ops; + efi_status_t status; ++ unsigned long varsize; + + if (!__efivars) + return -EINVAL; +@@ -785,15 +786,17 @@ int efivar_entry_set_safe(efi_char16_t * + return efivar_entry_set_nonblocking(name, vendor, attributes, + size, data); + ++ varsize = size + ucs2_strsize(name, 1024); + if (!block) { + if (down_trylock(&efivars_lock)) + return -EBUSY; ++ status = check_var_size_nonblocking(attributes, varsize); + } else { + if (down_interruptible(&efivars_lock)) + return -EINTR; ++ status = check_var_size(attributes, varsize); + } + +- status = check_var_size(attributes, size + ucs2_strsize(name, 1024)); + if (status != EFI_SUCCESS) { + up(&efivars_lock); + return -ENOSPC; diff --git a/queue-4.14/mac80211-fix-forwarded-mesh-frames-ac-queue-selection.patch b/queue-4.14/mac80211-fix-forwarded-mesh-frames-ac-queue-selection.patch new file mode 100644 index 00000000000..469769920f3 --- /dev/null +++ b/queue-4.14/mac80211-fix-forwarded-mesh-frames-ac-queue-selection.patch @@ -0,0 +1,60 @@ +From 859ae7018316daa4adbc496012dcbbb458d7e510 Mon Sep 17 00:00:00 2001 +From: Nicolas Escande +Date: Mon, 14 Feb 2022 18:32:14 +0100 +Subject: mac80211: fix forwarded mesh frames AC & queue selection + +From: Nicolas Escande + +commit 859ae7018316daa4adbc496012dcbbb458d7e510 upstream. + +There are two problems with the current code that have been highlighted +with the AQL feature that is now enbaled by default. + +First problem is in ieee80211_rx_h_mesh_fwding(), +ieee80211_select_queue_80211() is used on received packets to choose +the sending AC queue of the forwarding packet although this function +should only be called on TX packet (it uses ieee80211_tx_info). +This ends with forwarded mesh packets been sent on unrelated random AC +queue. To fix that, AC queue can directly be infered from skb->priority +which has been extracted from QOS info (see ieee80211_parse_qos()). + +Second problem is the value of queue_mapping set on forwarded mesh +frames via skb_set_queue_mapping() is not the AC of the packet but a +hardware queue index. This may or may not work depending on AC to HW +queue mapping which is driver specific. + +Both of these issues lead to improper AC selection while forwarding +mesh packets but more importantly due to improper airtime accounting +(which is done on a per STA, per AC basis) caused traffic stall with +the introduction of AQL. + +Fixes: cf44012810cc ("mac80211: fix unnecessary frame drops in mesh fwding") +Fixes: d3c1597b8d1b ("mac80211: fix forwarded mesh frame queue mapping") +Co-developed-by: Remi Pommarel +Signed-off-by: Remi Pommarel +Signed-off-by: Nicolas Escande +Link: https://lore.kernel.org/r/20220214173214.368862-1-nico.escande@gmail.com +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + net/mac80211/rx.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -2631,13 +2631,13 @@ ieee80211_rx_h_mesh_fwding(struct ieee80 + ether_addr_equal(sdata->vif.addr, hdr->addr3)) + return RX_CONTINUE; + +- ac = ieee80211_select_queue_80211(sdata, skb, hdr); ++ ac = ieee802_1d_to_ac[skb->priority]; + q = sdata->vif.hw_queue[ac]; + if (ieee80211_queue_stopped(&local->hw, q)) { + IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_congestion); + return RX_DROP_MONITOR; + } +- skb_set_queue_mapping(skb, q); ++ skb_set_queue_mapping(skb, ac); + + if (!--mesh_hdr->ttl) { + if (!is_multicast_ether_addr(hdr->addr1)) diff --git a/queue-4.14/net-arcnet-com20020-fix-null-ptr-deref-in-com20020pci_probe.patch b/queue-4.14/net-arcnet-com20020-fix-null-ptr-deref-in-com20020pci_probe.patch new file mode 100644 index 00000000000..63bfc4bcfde --- /dev/null +++ b/queue-4.14/net-arcnet-com20020-fix-null-ptr-deref-in-com20020pci_probe.patch @@ -0,0 +1,49 @@ +From bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d Mon Sep 17 00:00:00 2001 +From: Zheyu Ma +Date: Wed, 2 Mar 2022 20:24:23 +0800 +Subject: net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() + +From: Zheyu Ma + +commit bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d upstream. + +During driver initialization, the pointer of card info, i.e. the +variable 'ci' is required. However, the definition of +'com20020pci_id_table' reveals that this field is empty for some +devices, which will cause null pointer dereference when initializing +these devices. + +The following log reveals it: + +[ 3.973806] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] +[ 3.973819] RIP: 0010:com20020pci_probe+0x18d/0x13e0 [com20020_pci] +[ 3.975181] Call Trace: +[ 3.976208] local_pci_probe+0x13f/0x210 +[ 3.977248] pci_device_probe+0x34c/0x6d0 +[ 3.977255] ? pci_uevent+0x470/0x470 +[ 3.978265] really_probe+0x24c/0x8d0 +[ 3.978273] __driver_probe_device+0x1b3/0x280 +[ 3.979288] driver_probe_device+0x50/0x370 + +Fix this by checking whether the 'ci' is a null pointer first. + +Fixes: 8c14f9c70327 ("ARCNET: add com20020 PCI IDs with metadata") +Signed-off-by: Zheyu Ma +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/arcnet/com20020-pci.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/arcnet/com20020-pci.c ++++ b/drivers/net/arcnet/com20020-pci.c +@@ -136,6 +136,9 @@ static int com20020pci_probe(struct pci_ + return -ENOMEM; + + ci = (struct com20020_pci_card_info *)id->driver_data; ++ if (!ci) ++ return -EINVAL; ++ + priv->ci = ci; + mm = &ci->misc_map; + diff --git a/queue-4.14/net-stmmac-fix-return-value-of-__setup-handler.patch b/queue-4.14/net-stmmac-fix-return-value-of-__setup-handler.patch new file mode 100644 index 00000000000..75e739c9c55 --- /dev/null +++ b/queue-4.14/net-stmmac-fix-return-value-of-__setup-handler.patch @@ -0,0 +1,53 @@ +From e01b042e580f1fbf4fd8da467442451da00c7a90 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Wed, 23 Feb 2022 19:35:36 -0800 +Subject: net: stmmac: fix return value of __setup handler + +From: Randy Dunlap + +commit e01b042e580f1fbf4fd8da467442451da00c7a90 upstream. + +__setup() handlers should return 1 on success, i.e., the parameter +has been handled. A return of 0 causes the "option=value" string to be +added to init's environment strings, polluting it. + +Fixes: 47dd7a540b8a ("net: add support for STMicroelectronics Ethernet controllers.") +Fixes: f3240e2811f0 ("stmmac: remove warning when compile as built-in (V2)") +Signed-off-by: Randy Dunlap +Reported-by: Igor Zhbanov +Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru +Cc: Giuseppe Cavallaro +Cc: Alexandre Torgue +Cc: Jose Abreu +Link: https://lore.kernel.org/r/20220224033536.25056-1-rdunlap@infradead.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -4550,7 +4550,7 @@ static int __init stmmac_cmdline_opt(cha + char *opt; + + if (!str || !*str) +- return -EINVAL; ++ return 1; + while ((opt = strsep(&str, ",")) != NULL) { + if (!strncmp(opt, "debug:", 6)) { + if (kstrtoint(opt + 6, 0, &debug)) +@@ -4581,11 +4581,11 @@ static int __init stmmac_cmdline_opt(cha + goto err; + } + } +- return 0; ++ return 1; + + err: + pr_err("%s: ERROR broken module parameter conversion", __func__); +- return -EINVAL; ++ return 1; + } + + __setup("stmmaceth=", stmmac_cmdline_opt); diff --git a/queue-4.14/net-sxgbe-fix-return-value-of-__setup-handler.patch b/queue-4.14/net-sxgbe-fix-return-value-of-__setup-handler.patch new file mode 100644 index 00000000000..1af393d6e47 --- /dev/null +++ b/queue-4.14/net-sxgbe-fix-return-value-of-__setup-handler.patch @@ -0,0 +1,52 @@ +From 50e06ddceeea263f57fe92baa677c638ecd65bb6 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Wed, 23 Feb 2022 19:35:28 -0800 +Subject: net: sxgbe: fix return value of __setup handler + +From: Randy Dunlap + +commit 50e06ddceeea263f57fe92baa677c638ecd65bb6 upstream. + +__setup() handlers should return 1 on success, i.e., the parameter +has been handled. A return of 0 causes the "option=value" string to be +added to init's environment strings, polluting it. + +Fixes: acc18c147b22 ("net: sxgbe: add EEE(Energy Efficient Ethernet) for Samsung sxgbe") +Fixes: 1edb9ca69e8a ("net: sxgbe: add basic framework for Samsung 10Gb ethernet driver") +Signed-off-by: Randy Dunlap +Reported-by: Igor Zhbanov +Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru +Cc: Siva Reddy +Cc: Girish K S +Cc: Byungho An +Link: https://lore.kernel.org/r/20220224033528.24640-1-rdunlap@infradead.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c ++++ b/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c +@@ -2282,18 +2282,18 @@ static int __init sxgbe_cmdline_opt(char + char *opt; + + if (!str || !*str) +- return -EINVAL; ++ return 1; + while ((opt = strsep(&str, ",")) != NULL) { + if (!strncmp(opt, "eee_timer:", 10)) { + if (kstrtoint(opt + 10, 0, &eee_timer)) + goto err; + } + } +- return 0; ++ return 1; + + err: + pr_err("%s: ERROR broken module parameter conversion\n", __func__); +- return -EINVAL; ++ return 1; + } + + __setup("sxgbeeth=", sxgbe_cmdline_opt); diff --git a/queue-4.14/series b/queue-4.14/series index e1108b6fc83..3ab81ce4dac 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -25,3 +25,10 @@ net-smc-fix-unexpected-smc_clc_decl_err_regrmb-error-generated-by-client.patch net-smc-fix-unexpected-smc_clc_decl_err_regrmb-error-cause-by-server.patch firmware-fix-a-reference-count-leak.patch firmware-qemu_fw_cfg-fix-kobject-leak-in-probe-error-path.patch +mac80211-fix-forwarded-mesh-frames-ac-queue-selection.patch +net-stmmac-fix-return-value-of-__setup-handler.patch +net-sxgbe-fix-return-value-of-__setup-handler.patch +net-arcnet-com20020-fix-null-ptr-deref-in-com20020pci_probe.patch +efivars-respect-block-flag-in-efivar_entry_set_safe.patch +can-gs_usb-change-active_channels-s-type-from-atomic_t-to-u8.patch +arm-9182-1-mmu-fix-returns-from-early_param-and-__setup-functions.patch