From: Greg Kroah-Hartman Date: Tue, 26 Nov 2019 10:46:11 +0000 (+0100) Subject: 5.3-stable patches X-Git-Tag: v4.4.204~66 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=85f567993d1710c9b0509ec716eb28456a01e000;p=thirdparty%2Fkernel%2Fstable-queue.git 5.3-stable patches added patches: md-raid10-prevent-access-of-uninitialized-resync_pages-offset.patch revert-bluetooth-hci_ll-set-operational-frequency-earlier.patch revert-dm-crypt-use-wq_highpri-for-the-io-and-crypt-workqueues.patch --- diff --git a/queue-5.3/md-raid10-prevent-access-of-uninitialized-resync_pages-offset.patch b/queue-5.3/md-raid10-prevent-access-of-uninitialized-resync_pages-offset.patch new file mode 100644 index 00000000000..41fc6aa5f16 --- /dev/null +++ b/queue-5.3/md-raid10-prevent-access-of-uninitialized-resync_pages-offset.patch @@ -0,0 +1,40 @@ +From 45422b704db392a6d79d07ee3e3670b11048bd53 Mon Sep 17 00:00:00 2001 +From: John Pittman +Date: Mon, 11 Nov 2019 16:43:20 -0800 +Subject: md/raid10: prevent access of uninitialized resync_pages offset + +From: John Pittman + +commit 45422b704db392a6d79d07ee3e3670b11048bd53 upstream. + +Due to unneeded multiplication in the out_free_pages portion of +r10buf_pool_alloc(), when using a 3-copy raid10 layout, it is +possible to access a resync_pages offset that has not been +initialized. This access translates into a crash of the system +within resync_free_pages() while passing a bad pointer to +put_page(). Remove the multiplication, preventing access to the +uninitialized area. + +Fixes: f0250618361db ("md: raid10: don't use bio's vec table to manage resync pages") +Cc: stable@vger.kernel.org # 4.12+ +Signed-off-by: John Pittman +Suggested-by: David Jeffery +Reviewed-by: Laurence Oberman +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/raid10.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/raid10.c ++++ b/drivers/md/raid10.c +@@ -191,7 +191,7 @@ static void * r10buf_pool_alloc(gfp_t gf + + out_free_pages: + while (--j >= 0) +- resync_free_pages(&rps[j * 2]); ++ resync_free_pages(&rps[j]); + + j = 0; + out_free_bio: diff --git a/queue-5.3/revert-bluetooth-hci_ll-set-operational-frequency-earlier.patch b/queue-5.3/revert-bluetooth-hci_ll-set-operational-frequency-earlier.patch new file mode 100644 index 00000000000..37e987cb30b --- /dev/null +++ b/queue-5.3/revert-bluetooth-hci_ll-set-operational-frequency-earlier.patch @@ -0,0 +1,89 @@ +From cef456cd354ef485f12d57000c455e83e416a2b6 Mon Sep 17 00:00:00 2001 +From: Adam Ford +Date: Wed, 2 Oct 2019 06:46:26 -0500 +Subject: Revert "Bluetooth: hci_ll: set operational frequency earlier" + +From: Adam Ford + +commit cef456cd354ef485f12d57000c455e83e416a2b6 upstream. + +As nice as it would be to update firmware faster, that patch broke +at least two different boards, an OMAP4+WL1285 based Motorola Droid +4, as reported by Sebasian Reichel and the Logic PD i.MX6Q + +WL1837MOD. + +This reverts commit a2e02f38eff84f199c8e32359eb213f81f270047. + +Signed-off-by: Adam Ford +Acked-by: Sebastian Reichel +Cc: stable@vger.kernel.org +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/bluetooth/hci_ll.c | 39 ++++++++++++++++++--------------------- + 1 file changed, 18 insertions(+), 21 deletions(-) + +--- a/drivers/bluetooth/hci_ll.c ++++ b/drivers/bluetooth/hci_ll.c +@@ -621,13 +621,6 @@ static int ll_setup(struct hci_uart *hu) + + serdev_device_set_flow_control(serdev, true); + +- if (hu->oper_speed) +- speed = hu->oper_speed; +- else if (hu->proto->oper_speed) +- speed = hu->proto->oper_speed; +- else +- speed = 0; +- + do { + /* Reset the Bluetooth device */ + gpiod_set_value_cansleep(lldev->enable_gpio, 0); +@@ -639,20 +632,6 @@ static int ll_setup(struct hci_uart *hu) + return err; + } + +- if (speed) { +- __le32 speed_le = cpu_to_le32(speed); +- struct sk_buff *skb; +- +- skb = __hci_cmd_sync(hu->hdev, +- HCI_VS_UPDATE_UART_HCI_BAUDRATE, +- sizeof(speed_le), &speed_le, +- HCI_INIT_TIMEOUT); +- if (!IS_ERR(skb)) { +- kfree_skb(skb); +- serdev_device_set_baudrate(serdev, speed); +- } +- } +- + err = download_firmware(lldev); + if (!err) + break; +@@ -677,7 +656,25 @@ static int ll_setup(struct hci_uart *hu) + } + + /* Operational speed if any */ ++ if (hu->oper_speed) ++ speed = hu->oper_speed; ++ else if (hu->proto->oper_speed) ++ speed = hu->proto->oper_speed; ++ else ++ speed = 0; + ++ if (speed) { ++ __le32 speed_le = cpu_to_le32(speed); ++ struct sk_buff *skb; ++ ++ skb = __hci_cmd_sync(hu->hdev, HCI_VS_UPDATE_UART_HCI_BAUDRATE, ++ sizeof(speed_le), &speed_le, ++ HCI_INIT_TIMEOUT); ++ if (!IS_ERR(skb)) { ++ kfree_skb(skb); ++ serdev_device_set_baudrate(serdev, speed); ++ } ++ } + + return 0; + } diff --git a/queue-5.3/revert-dm-crypt-use-wq_highpri-for-the-io-and-crypt-workqueues.patch b/queue-5.3/revert-dm-crypt-use-wq_highpri-for-the-io-and-crypt-workqueues.patch new file mode 100644 index 00000000000..efd9a81012d --- /dev/null +++ b/queue-5.3/revert-dm-crypt-use-wq_highpri-for-the-io-and-crypt-workqueues.patch @@ -0,0 +1,52 @@ +From f612b2132db529feac4f965f28a1b9258ea7c22b Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Wed, 20 Nov 2019 17:27:39 -0500 +Subject: Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" + +From: Mike Snitzer + +commit f612b2132db529feac4f965f28a1b9258ea7c22b upstream. + +This reverts commit a1b89132dc4f61071bdeaab92ea958e0953380a1. + +Revert required hand-patching due to subsequent changes that were +applied since commit a1b89132dc4f61071bdeaab92ea958e0953380a1. + +Requires: ed0302e83098d ("dm crypt: make workqueue names device-specific") +Cc: stable@vger.kernel.org +Bug: https://bugzilla.kernel.org/show_bug.cgi?id=199857 +Reported-by: Vito Caputo +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-crypt.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -2911,21 +2911,18 @@ static int crypt_ctr(struct dm_target *t + } + + ret = -ENOMEM; +- cc->io_queue = alloc_workqueue("kcryptd_io/%s", +- WQ_HIGHPRI | WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM, +- 1, devname); ++ cc->io_queue = alloc_workqueue("kcryptd_io/%s", WQ_MEM_RECLAIM, 1, devname); + if (!cc->io_queue) { + ti->error = "Couldn't create kcryptd io queue"; + goto bad; + } + + if (test_bit(DM_CRYPT_SAME_CPU, &cc->flags)) +- cc->crypt_queue = alloc_workqueue("kcryptd/%s", +- WQ_HIGHPRI | WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM, ++ cc->crypt_queue = alloc_workqueue("kcryptd/%s", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM, + 1, devname); + else + cc->crypt_queue = alloc_workqueue("kcryptd/%s", +- WQ_HIGHPRI | WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND, ++ WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND, + num_online_cpus(), devname); + if (!cc->crypt_queue) { + ti->error = "Couldn't create kcryptd queue"; diff --git a/queue-5.3/series b/queue-5.3/series index 9c136ee87bf..93c69524d0e 100644 --- a/queue-5.3/series +++ b/queue-5.3/series @@ -39,3 +39,6 @@ ath10k-restore-qca9880-ar1a-v1-detection.patch ath10k-fix-host-capability-qmi-incompatibility.patch ath10k-fix-a-null-ptr-deref-bug-in-ath10k_usb_alloc_urb_from_pipe.patch ath9k_hw-fix-uninitialized-variable-data.patch +revert-bluetooth-hci_ll-set-operational-frequency-earlier.patch +revert-dm-crypt-use-wq_highpri-for-the-io-and-crypt-workqueues.patch +md-raid10-prevent-access-of-uninitialized-resync_pages-offset.patch