From: Greg Kroah-Hartman Date: Mon, 16 Mar 2020 14:05:55 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v4.19.111~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=35344216002d5e096fe10d79b1ba1b1373c3de1e;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: batman-adv-don-t-schedule-ogm-for-disabled-interface.patch netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch nl80211-add-missing-attribute-validation-for-channel-switch.patch nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch --- diff --git a/queue-4.14/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch b/queue-4.14/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch new file mode 100644 index 00000000000..927603c5a39 --- /dev/null +++ b/queue-4.14/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch @@ -0,0 +1,43 @@ +From 8e8ce08198de193e3d21d42e96945216e3d9ac7f Mon Sep 17 00:00:00 2001 +From: Sven Eckelmann +Date: Sun, 16 Feb 2020 13:02:06 +0100 +Subject: batman-adv: Don't schedule OGM for disabled interface + +From: Sven Eckelmann + +commit 8e8ce08198de193e3d21d42e96945216e3d9ac7f upstream. + +A transmission scheduling for an interface which is currently dropped by +batadv_iv_ogm_iface_disable could still be in progress. The B.A.T.M.A.N. V +is simply cancelling the workqueue item in an synchronous way but this is +not possible with B.A.T.M.A.N. IV because the OGM submissions are +intertwined. + +Instead it has to stop submitting the OGM when it detect that the buffer +pointer is set to NULL. + +Reported-by: syzbot+a98f2016f40b9cd3818a@syzkaller.appspotmail.com +Reported-by: syzbot+ac36b6a33c28a491e929@syzkaller.appspotmail.com +Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") +Signed-off-by: Sven Eckelmann +Cc: Hillf Danton +Signed-off-by: Simon Wunderlich +Signed-off-by: Greg Kroah-Hartman + +--- + net/batman-adv/bat_iv_ogm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/batman-adv/bat_iv_ogm.c ++++ b/net/batman-adv/bat_iv_ogm.c +@@ -926,6 +926,10 @@ static void batadv_iv_ogm_schedule(struc + (hard_iface->if_status == BATADV_IF_TO_BE_REMOVED)) + return; + ++ /* interface already disabled by batadv_iv_ogm_iface_disable */ ++ if (!*ogm_buff) ++ return; ++ + /* the interface gets activated here to avoid race conditions between + * the moment of activating the interface in + * hardif_activate_interface() where the originator mac is set and diff --git a/queue-4.14/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch b/queue-4.14/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch new file mode 100644 index 00000000000..9d42e2698c4 --- /dev/null +++ b/queue-4.14/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch @@ -0,0 +1,32 @@ +From c049b3450072b8e3998053490e025839fecfef31 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:08:31 -0800 +Subject: netfilter: cthelper: add missing attribute validation for cthelper + +From: Jakub Kicinski + +commit c049b3450072b8e3998053490e025839fecfef31 upstream. + +Add missing attribute validation for cthelper +to the netlink policy. + +Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure") +Signed-off-by: Jakub Kicinski +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_cthelper.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/netfilter/nfnetlink_cthelper.c ++++ b/net/netfilter/nfnetlink_cthelper.c +@@ -733,6 +733,8 @@ static const struct nla_policy nfnl_cthe + [NFCTH_NAME] = { .type = NLA_NUL_STRING, + .len = NF_CT_HELPER_NAME_LEN-1 }, + [NFCTH_QUEUE_NUM] = { .type = NLA_U32, }, ++ [NFCTH_PRIV_DATA_LEN] = { .type = NLA_U32, }, ++ [NFCTH_STATUS] = { .type = NLA_U32, }, + }; + + static const struct nfnl_callback nfnl_cthelper_cb[NFNL_MSG_CTHELPER_MAX] = { diff --git a/queue-4.14/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch b/queue-4.14/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch new file mode 100644 index 00000000000..add2698bce2 --- /dev/null +++ b/queue-4.14/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch @@ -0,0 +1,33 @@ +From 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:57 -0800 +Subject: nl80211: add missing attribute validation for beacon report scanning + +From: Jakub Kicinski + +commit 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d upstream. + +Add missing attribute validation for beacon report scanning +to the netlink policy. + +Fixes: 1d76250bd34a ("nl80211: support beacon report scanning") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-3-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -347,6 +347,8 @@ static const struct nla_policy nl80211_p + [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, + [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, + [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, ++ [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 }, ++ [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG }, + [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, + [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, + [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, diff --git a/queue-4.14/nl80211-add-missing-attribute-validation-for-channel-switch.patch b/queue-4.14/nl80211-add-missing-attribute-validation-for-channel-switch.patch new file mode 100644 index 00000000000..2a89b17a636 --- /dev/null +++ b/queue-4.14/nl80211-add-missing-attribute-validation-for-channel-switch.patch @@ -0,0 +1,32 @@ +From 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:58 -0800 +Subject: nl80211: add missing attribute validation for channel switch + +From: Jakub Kicinski + +commit 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 upstream. + +Add missing attribute validation for NL80211_ATTR_OPER_CLASS +to the netlink policy. + +Fixes: 1057d35ede5d ("cfg80211: introduce TDLS channel switch commands") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-4-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -424,6 +424,7 @@ static const struct nla_policy nl80211_p + [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 }, + [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 }, + [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 }, ++ [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 }, + [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN }, + [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG }, + [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 }, diff --git a/queue-4.14/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch b/queue-4.14/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch new file mode 100644 index 00000000000..398f7e44bcc --- /dev/null +++ b/queue-4.14/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch @@ -0,0 +1,33 @@ +From 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:56 -0800 +Subject: nl80211: add missing attribute validation for critical protocol indication + +From: Jakub Kicinski + +commit 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 upstream. + +Add missing attribute validation for critical protocol fields +to the netlink policy. + +Fixes: 5de17984898c ("cfg80211: introduce critical protocol indication from user-space") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-2-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -395,6 +395,8 @@ static const struct nla_policy nl80211_p + [NL80211_ATTR_MDID] = { .type = NLA_U16 }, + [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, + .len = IEEE80211_MAX_DATA_LEN }, ++ [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 }, ++ [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 }, + [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 }, + [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, + [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG }, diff --git a/queue-4.14/pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch b/queue-4.14/pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch new file mode 100644 index 00000000000..7703c16efbb --- /dev/null +++ b/queue-4.14/pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch @@ -0,0 +1,34 @@ +From aafd56fc79041bf36f97712d4b35208cbe07db90 Mon Sep 17 00:00:00 2001 +From: Charles Keepax +Date: Fri, 28 Feb 2020 15:41:42 +0000 +Subject: pinctrl: core: Remove extra kref_get which blocks hogs being freed + +From: Charles Keepax + +commit aafd56fc79041bf36f97712d4b35208cbe07db90 upstream. + +kref_init starts with the reference count at 1, which will be balanced +by the pinctrl_put in pinctrl_unregister. The additional kref_get in +pinctrl_claim_hogs will increase this count to 2 and cause the hogs to +not get freed when pinctrl_unregister is called. + +Fixes: 6118714275f0 ("pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable()") +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20200228154142.13860-1-ckeepax@opensource.cirrus.com +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/core.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/pinctrl/core.c ++++ b/drivers/pinctrl/core.c +@@ -2031,7 +2031,6 @@ static int pinctrl_claim_hogs(struct pin + return PTR_ERR(pctldev->p); + } + +- kref_get(&pctldev->p->users); + pctldev->hog_default = + pinctrl_lookup_state(pctldev->p, PINCTRL_STATE_DEFAULT); + if (IS_ERR(pctldev->hog_default)) { diff --git a/queue-4.14/pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch b/queue-4.14/pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch new file mode 100644 index 00000000000..197c36a473a --- /dev/null +++ b/queue-4.14/pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch @@ -0,0 +1,37 @@ +From dc7a06b0dbbafac8623c2b7657e61362f2f479a7 Mon Sep 17 00:00:00 2001 +From: Nicolas Belin +Date: Thu, 20 Feb 2020 14:15:12 +0100 +Subject: pinctrl: meson-gxl: fix GPIOX sdio pins + +From: Nicolas Belin + +commit dc7a06b0dbbafac8623c2b7657e61362f2f479a7 upstream. + +In the gxl driver, the sdio cmd and clk pins are inverted. It has not caused +any issue so far because devices using these pins always take both pins +so the resulting configuration is OK. + +Fixes: 0f15f500ff2c ("pinctrl: meson: Add GXL pinctrl definitions") +Reviewed-by: Jerome Brunet +Signed-off-by: Nicolas Belin +Link: https://lore.kernel.org/r/1582204512-7582-1-git-send-email-nbelin@baylibre.com +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/meson/pinctrl-meson-gxl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/pinctrl/meson/pinctrl-meson-gxl.c ++++ b/drivers/pinctrl/meson/pinctrl-meson-gxl.c +@@ -158,8 +158,8 @@ static const unsigned int sdio_d0_pins[] + static const unsigned int sdio_d1_pins[] = { PIN(GPIOX_1, EE_OFF) }; + static const unsigned int sdio_d2_pins[] = { PIN(GPIOX_2, EE_OFF) }; + static const unsigned int sdio_d3_pins[] = { PIN(GPIOX_3, EE_OFF) }; +-static const unsigned int sdio_cmd_pins[] = { PIN(GPIOX_4, EE_OFF) }; +-static const unsigned int sdio_clk_pins[] = { PIN(GPIOX_5, EE_OFF) }; ++static const unsigned int sdio_clk_pins[] = { PIN(GPIOX_4, EE_OFF) }; ++static const unsigned int sdio_cmd_pins[] = { PIN(GPIOX_5, EE_OFF) }; + static const unsigned int sdio_irq_pins[] = { PIN(GPIOX_7, EE_OFF) }; + + static const unsigned int nand_ce0_pins[] = { PIN(BOOT_8, EE_OFF) }; diff --git a/queue-4.14/series b/queue-4.14/series index ed93d4286e1..4b458fd1afc 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -51,3 +51,10 @@ x86-mce-fix-logic-and-comments-around-msr_ppin_ctl.patch iommu-dma-fix-msi-reservation-allocation.patch iommu-vt-d-dmar-replace-warn_taint-with-pr_warn-add_taint.patch iommu-vt-d-fix-a-bug-in-intel_iommu_iova_to_phys-for-huge-page.patch +batman-adv-don-t-schedule-ogm-for-disabled-interface.patch +pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch +pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch +nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch +nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch +nl80211-add-missing-attribute-validation-for-channel-switch.patch +netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch