From: Greg Kroah-Hartman Date: Sun, 4 Dec 2016 11:44:34 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.8.13~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=54afe964ba8dd1cc07b235c5354c1e9ebba17c87;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: mwifiex-printk-overflow-with-32-byte-ssids.patch pci-set-read-completion-boundary-to-128-iff-root-port-supports-it-_hpx.patch --- diff --git a/queue-4.4/mwifiex-printk-overflow-with-32-byte-ssids.patch b/queue-4.4/mwifiex-printk-overflow-with-32-byte-ssids.patch new file mode 100644 index 00000000000..2f69ac6a75a --- /dev/null +++ b/queue-4.4/mwifiex-printk-overflow-with-32-byte-ssids.patch @@ -0,0 +1,65 @@ +From fcd2042e8d36cf644bd2d69c26378d17158b17df Mon Sep 17 00:00:00 2001 +From: Brian Norris +Date: Tue, 8 Nov 2016 18:28:24 -0800 +Subject: mwifiex: printk() overflow with 32-byte SSIDs + +From: Brian Norris + +commit fcd2042e8d36cf644bd2d69c26378d17158b17df upstream. + +SSIDs aren't guaranteed to be 0-terminated. Let's cap the max length +when we print them out. + +This can be easily noticed by connecting to a network with a 32-octet +SSID: + +[ 3903.502925] mwifiex_pcie 0000:01:00.0: info: trying to associate to +'0123456789abcdef0123456789abcdef ' bssid +xx:xx:xx:xx:xx:xx + +Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver") +Signed-off-by: Brian Norris +Acked-by: Amitkumar Karwar +Signed-off-by: Kalle Valo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/mwifiex/cfg80211.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +--- a/drivers/net/wireless/mwifiex/cfg80211.c ++++ b/drivers/net/wireless/mwifiex/cfg80211.c +@@ -2144,8 +2144,9 @@ done: + is_scanning_required = 1; + } else { + mwifiex_dbg(priv->adapter, MSG, +- "info: trying to associate to '%s' bssid %pM\n", +- (char *)req_ssid.ssid, bss->bssid); ++ "info: trying to associate to '%.*s' bssid %pM\n", ++ req_ssid.ssid_len, (char *)req_ssid.ssid, ++ bss->bssid); + memcpy(&priv->cfg_bssid, bss->bssid, ETH_ALEN); + break; + } +@@ -2202,8 +2203,8 @@ mwifiex_cfg80211_connect(struct wiphy *w + } + + mwifiex_dbg(adapter, INFO, +- "info: Trying to associate to %s and bssid %pM\n", +- (char *)sme->ssid, sme->bssid); ++ "info: Trying to associate to %.*s and bssid %pM\n", ++ (int)sme->ssid_len, (char *)sme->ssid, sme->bssid); + + ret = mwifiex_cfg80211_assoc(priv, sme->ssid_len, sme->ssid, sme->bssid, + priv->bss_mode, sme->channel, sme, 0); +@@ -2333,8 +2334,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy + } + + mwifiex_dbg(priv->adapter, MSG, +- "info: trying to join to %s and bssid %pM\n", +- (char *)params->ssid, params->bssid); ++ "info: trying to join to %.*s and bssid %pM\n", ++ params->ssid_len, (char *)params->ssid, params->bssid); + + mwifiex_set_ibss_params(priv, params); + diff --git a/queue-4.4/pci-set-read-completion-boundary-to-128-iff-root-port-supports-it-_hpx.patch b/queue-4.4/pci-set-read-completion-boundary-to-128-iff-root-port-supports-it-_hpx.patch new file mode 100644 index 00000000000..8e07c695197 --- /dev/null +++ b/queue-4.4/pci-set-read-completion-boundary-to-128-iff-root-port-supports-it-_hpx.patch @@ -0,0 +1,120 @@ +From e42010d8207f9d15a605ceb8e321bcd9648071b0 Mon Sep 17 00:00:00 2001 +From: Johannes Thumshirn +Date: Wed, 23 Nov 2016 10:56:28 -0600 +Subject: PCI: Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Johannes Thumshirn + +commit e42010d8207f9d15a605ceb8e321bcd9648071b0 upstream. + +Per PCIe spec r3.0, sec 2.3.1.1, the Read Completion Boundary (RCB) +determines the naturally aligned address boundaries on which a Read Request +may be serviced with multiple Completions: + + - For a Root Complex, RCB is 64 bytes or 128 bytes + This value is reported in the Link Control Register + + Note: Bridges and Endpoints may implement a corresponding command bit + which may be set by system software to indicate the RCB value for the + Root Complex, allowing the Bridge/Endpoint to optimize its behavior + when the Root Complex’s RCB is 128 bytes. + + - For all other system elements, RCB is 128 bytes + +Per sec 7.8.7, if a Root Port only supports a 64-byte RCB, the RCB of all +downstream devices must be clear, indicating an RCB of 64 bytes. If the +Root Port supports a 128-byte RCB, we may optionally set the RCB of +downstream devices so they know they can generate larger Completions. + +Some BIOSes supply an _HPX that tells us to set RCB, even though the Root +Port doesn't have RCB set, which may lead to Malformed TLP errors if the +Endpoint generates completions larger than the Root Port can handle. + +The IBM x3850 X6 with BIOS version -[A8E120CUS-1.30]- 08/22/2016 supplies +such an _HPX and a Mellanox MT27500 ConnectX-3 device fails to initialize: + + mlx4_core 0000:41:00.0: command 0xfff timed out (go bit not cleared) + mlx4_core 0000:41:00.0: device is going to be reset + mlx4_core 0000:41:00.0: Failed to obtain HW semaphore, aborting + mlx4_core 0000:41:00.0: Fail to reset HCA + ------------[ cut here ]------------ + kernel BUG at drivers/net/ethernet/mellanox/mlx4/catas.c:193! + +After 6cd33649fa83 ("PCI: Add pci_configure_device() during enumeration") +and 7a1562d4f2d0 ("PCI: Apply _HPX Link Control settings to all devices +with a link"), we apply _HPX settings to *all* devices, not just those +hot-added after boot. + +Before 7a1562d4f2d0, we didn't touch the Mellanox RCB, and the device +worked. After 7a1562d4f2d0, we set its RCB to 128, and it failed. + +Set the RCB to 128 iff the Root Port supports a 128-byte RCB. Otherwise, +set RCB to 64 bytes. This effectively ignores what _HPX tells us about +RCB. + +Note that this change only affects _HPX handling. If we have no _HPX, this +does nothing with RCB. + +[bhelgaas: changelog, clear RCB if not set for Root Port] +Fixes: 6cd33649fa83 ("PCI: Add pci_configure_device() during enumeration") +Fixes: 7a1562d4f2d0 ("PCI: Apply _HPX Link Control settings to all devices with a link") +Link: https://bugzilla.kernel.org/show_bug.cgi?id=187781 +Tested-by: Frank Danapfel +Signed-off-by: Johannes Thumshirn +Signed-off-by: Bjorn Helgaas +Acked-by: Myron Stowe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/probe.c | 28 +++++++++++++++++++++++++++- + 1 file changed, 27 insertions(+), 1 deletion(-) + +--- a/drivers/pci/probe.c ++++ b/drivers/pci/probe.c +@@ -1415,6 +1415,21 @@ static void program_hpp_type1(struct pci + dev_warn(&dev->dev, "PCI-X settings not supported\n"); + } + ++static bool pcie_root_rcb_set(struct pci_dev *dev) ++{ ++ struct pci_dev *rp = pcie_find_root_port(dev); ++ u16 lnkctl; ++ ++ if (!rp) ++ return false; ++ ++ pcie_capability_read_word(rp, PCI_EXP_LNKCTL, &lnkctl); ++ if (lnkctl & PCI_EXP_LNKCTL_RCB) ++ return true; ++ ++ return false; ++} ++ + static void program_hpp_type2(struct pci_dev *dev, struct hpp_type2 *hpp) + { + int pos; +@@ -1444,9 +1459,20 @@ static void program_hpp_type2(struct pci + ~hpp->pci_exp_devctl_and, hpp->pci_exp_devctl_or); + + /* Initialize Link Control Register */ +- if (pcie_cap_has_lnkctl(dev)) ++ if (pcie_cap_has_lnkctl(dev)) { ++ ++ /* ++ * If the Root Port supports Read Completion Boundary of ++ * 128, set RCB to 128. Otherwise, clear it. ++ */ ++ hpp->pci_exp_lnkctl_and |= PCI_EXP_LNKCTL_RCB; ++ hpp->pci_exp_lnkctl_or &= ~PCI_EXP_LNKCTL_RCB; ++ if (pcie_root_rcb_set(dev)) ++ hpp->pci_exp_lnkctl_or |= PCI_EXP_LNKCTL_RCB; ++ + pcie_capability_clear_and_set_word(dev, PCI_EXP_LNKCTL, + ~hpp->pci_exp_lnkctl_and, hpp->pci_exp_lnkctl_or); ++ } + + /* Find Advanced Error Reporting Enhanced Capability */ + pos = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ERR); diff --git a/queue-4.4/series b/queue-4.4/series index 9fe39b20d9d..89252c5eaaa 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -4,3 +4,5 @@ kasan-update-kasan_global-for-gcc-7.patch x86-traps-ignore-high-word-of-regs-cs-in-early_fixup_exception.patch alsa-pcm-call-kill_fasync-in-stream-lock.patch rcu-fix-soft-lockup-for-rcu_nocb_kthread.patch +pci-set-read-completion-boundary-to-128-iff-root-port-supports-it-_hpx.patch +mwifiex-printk-overflow-with-32-byte-ssids.patch