From: Greg Kroah-Hartman Date: Wed, 8 May 2019 14:14:05 +0000 (+0200) Subject: 5.0-stable patches X-Git-Tag: v4.9.175~38 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e328853a035cf7d1e6f7b014e0963b7ca220152e;p=thirdparty%2Fkernel%2Fstable-queue.git 5.0-stable patches added patches: staging-greybus-power_supply-fix-prop-descriptor-request-size.patch staging-most-cdev-fix-chrdev_region-leak-in-mod_exit.patch staging-most-sound-pass-correct-device-when-creating-a-sound-card.patch staging-wilc1000-avoid-gfp_kernel-allocation-from-atomic-context.patch ubsan-fix-nasty-wbuiltin-declaration-mismatch-gcc-9-warnings.patch --- diff --git a/queue-5.0/series b/queue-5.0/series index 9c201bcfa3c..d9e8fd541db 100644 --- a/queue-5.0/series +++ b/queue-5.0/series @@ -1,2 +1,7 @@ net-stmmac-use-bfsize1-in-ndesc_init_rx_desc.patch drivers-hv-vmbus-remove-the-undesired-put_cpu_ptr-in-hv_synic_cleanup.patch +ubsan-fix-nasty-wbuiltin-declaration-mismatch-gcc-9-warnings.patch +staging-greybus-power_supply-fix-prop-descriptor-request-size.patch +staging-wilc1000-avoid-gfp_kernel-allocation-from-atomic-context.patch +staging-most-cdev-fix-chrdev_region-leak-in-mod_exit.patch +staging-most-sound-pass-correct-device-when-creating-a-sound-card.patch diff --git a/queue-5.0/staging-greybus-power_supply-fix-prop-descriptor-request-size.patch b/queue-5.0/staging-greybus-power_supply-fix-prop-descriptor-request-size.patch new file mode 100644 index 00000000000..d6ef6b637e6 --- /dev/null +++ b/queue-5.0/staging-greybus-power_supply-fix-prop-descriptor-request-size.patch @@ -0,0 +1,40 @@ +From 47830c1127ef166af787caf2f871f23089610a7f Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 4 Apr 2019 08:53:30 +0200 +Subject: staging: greybus: power_supply: fix prop-descriptor request size + +From: Johan Hovold + +commit 47830c1127ef166af787caf2f871f23089610a7f upstream. + +Since moving the message buffers off the stack, the dynamically +allocated get-prop-descriptor request buffer is incorrectly sized due to +using the pointer rather than request-struct size when creating the +operation. + +Fortunately, the pointer size is always larger than this one-byte +request, but this could still cause trouble on the remote end due to the +unexpected message size. + +Fixes: 9d15134d067e ("greybus: power_supply: rework get descriptors") +Cc: stable # 4.9 +Cc: Rui Miguel Silva +Signed-off-by: Johan Hovold +Reviewed-by: Rui Miguel Silva +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/greybus/power_supply.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/greybus/power_supply.c ++++ b/drivers/staging/greybus/power_supply.c +@@ -520,7 +520,7 @@ static int gb_power_supply_prop_descript + + op = gb_operation_create(connection, + GB_POWER_SUPPLY_TYPE_GET_PROP_DESCRIPTORS, +- sizeof(req), sizeof(*resp) + props_count * ++ sizeof(*req), sizeof(*resp) + props_count * + sizeof(struct gb_power_supply_props_desc), + GFP_KERNEL); + if (!op) diff --git a/queue-5.0/staging-most-cdev-fix-chrdev_region-leak-in-mod_exit.patch b/queue-5.0/staging-most-cdev-fix-chrdev_region-leak-in-mod_exit.patch new file mode 100644 index 00000000000..af39b841b29 --- /dev/null +++ b/queue-5.0/staging-most-cdev-fix-chrdev_region-leak-in-mod_exit.patch @@ -0,0 +1,40 @@ +From af708900e9a48c0aa46070c8a8cdf0608a1d2025 Mon Sep 17 00:00:00 2001 +From: Suresh Udipi +Date: Wed, 24 Apr 2019 21:23:43 +0200 +Subject: staging: most: cdev: fix chrdev_region leak in mod_exit + +From: Suresh Udipi + +commit af708900e9a48c0aa46070c8a8cdf0608a1d2025 upstream. + +It looks like v4.18-rc1 commit [0] which upstreams mld-1.8.0 +commit [1] missed to fix the memory leak in mod_exit function. + +Do it now. + +[0] aba258b7310167 ("staging: most: cdev: fix chrdev_region leak") +[1] https://github.com/microchip-ais/linux/commit/a2d8f7ae7ea381 + ("staging: most: cdev: fix leak for chrdev_region") + +Signed-off-by: Suresh Udipi +Signed-off-by: Eugeniu Rosca +Acked-by: Christian Gromm +Fixes: aba258b73101 ("staging: most: cdev: fix chrdev_region leak") +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/most/cdev/cdev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/most/cdev/cdev.c ++++ b/drivers/staging/most/cdev/cdev.c +@@ -546,7 +546,7 @@ static void __exit mod_exit(void) + destroy_cdev(c); + destroy_channel(c); + } +- unregister_chrdev_region(comp.devno, 1); ++ unregister_chrdev_region(comp.devno, CHRDEV_REGION_SIZE); + ida_destroy(&comp.minor_id); + class_destroy(comp.class); + } diff --git a/queue-5.0/staging-most-sound-pass-correct-device-when-creating-a-sound-card.patch b/queue-5.0/staging-most-sound-pass-correct-device-when-creating-a-sound-card.patch new file mode 100644 index 00000000000..8c012bd76c2 --- /dev/null +++ b/queue-5.0/staging-most-sound-pass-correct-device-when-creating-a-sound-card.patch @@ -0,0 +1,33 @@ +From 98592c1faca82a9024a64e4ecead68b19f81c299 Mon Sep 17 00:00:00 2001 +From: Christian Gromm +Date: Tue, 30 Apr 2019 14:07:48 +0200 +Subject: staging: most: sound: pass correct device when creating a sound card + +From: Christian Gromm + +commit 98592c1faca82a9024a64e4ecead68b19f81c299 upstream. + +This patch fixes the usage of the wrong struct device when calling +function snd_card_new. + +Reported-by: Eugeniu Rosca +Signed-off-by: Christian Gromm +Fixes: 69c90cf1b2fa ("staging: most: sound: call snd_card_new with struct device") +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/most/sound/sound.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/most/sound/sound.c ++++ b/drivers/staging/most/sound/sound.c +@@ -622,7 +622,7 @@ static int audio_probe_channel(struct mo + INIT_LIST_HEAD(&adpt->dev_list); + iface->priv = adpt; + list_add_tail(&adpt->list, &adpt_list); +- ret = snd_card_new(&iface->dev, -1, "INIC", THIS_MODULE, ++ ret = snd_card_new(iface->driver_dev, -1, "INIC", THIS_MODULE, + sizeof(*channel), &adpt->card); + if (ret < 0) + goto err_free_adpt; diff --git a/queue-5.0/staging-wilc1000-avoid-gfp_kernel-allocation-from-atomic-context.patch b/queue-5.0/staging-wilc1000-avoid-gfp_kernel-allocation-from-atomic-context.patch new file mode 100644 index 00000000000..ffcbdf68c0b --- /dev/null +++ b/queue-5.0/staging-wilc1000-avoid-gfp_kernel-allocation-from-atomic-context.patch @@ -0,0 +1,34 @@ +From ae26aa844679cdf660e12c7055f958cb90889eb6 Mon Sep 17 00:00:00 2001 +From: Tetsuo Handa +Date: Sun, 7 Apr 2019 21:58:43 +0900 +Subject: staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context. + +From: Tetsuo Handa + +commit ae26aa844679cdf660e12c7055f958cb90889eb6 upstream. + +Since wilc_set_multicast_list() is called with dev->addr_list_lock +spinlock held, we can't use GFP_KERNEL memory allocation. + +Signed-off-by: Tetsuo Handa +Fixes: e624c58cf8eb ("staging: wilc1000: refactor code to avoid use of wilc_set_multicast_list global") +Cc: Ajay Singh +Reviewed-by: Adham Abozaeid +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/wilc1000/linux_wlan.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/wilc1000/linux_wlan.c ++++ b/drivers/staging/wilc1000/linux_wlan.c +@@ -816,7 +816,7 @@ static void wilc_set_multicast_list(stru + return; + } + +- mc_list = kmalloc_array(dev->mc.count, ETH_ALEN, GFP_KERNEL); ++ mc_list = kmalloc_array(dev->mc.count, ETH_ALEN, GFP_ATOMIC); + if (!mc_list) + return; + diff --git a/queue-5.0/ubsan-fix-nasty-wbuiltin-declaration-mismatch-gcc-9-warnings.patch b/queue-5.0/ubsan-fix-nasty-wbuiltin-declaration-mismatch-gcc-9-warnings.patch new file mode 100644 index 00000000000..18b83553eac --- /dev/null +++ b/queue-5.0/ubsan-fix-nasty-wbuiltin-declaration-mismatch-gcc-9-warnings.patch @@ -0,0 +1,206 @@ +From f0996bc2978e02d2ea898101462b960f6119b18f Mon Sep 17 00:00:00 2001 +From: Andrey Ryabinin +Date: Mon, 6 May 2019 13:45:26 +0300 +Subject: ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Andrey Ryabinin + +commit f0996bc2978e02d2ea898101462b960f6119b18f upstream. + +Building lib/ubsan.c with gcc-9 results in a ton of nasty warnings like +this one: + + lib/ubsan.c warning: conflicting types for built-in function + ‘__ubsan_handle_negate_overflow’; expected ‘void(void *, void *)’ [-Wbuiltin-declaration-mismatch] + +The kernel's declarations of __ubsan_handle_*() often uses 'unsigned +long' types in parameters while GCC these parameters as 'void *' types, +hence the mismatch. + +Fix this by using 'void *' to match GCC's declarations. + +Reported-by: Linus Torvalds +Signed-off-by: Andrey Ryabinin +Fixes: c6d308534aef ("UBSAN: run-time undefined behavior sanity checker") +Cc: +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + lib/ubsan.c | 49 +++++++++++++++++++++++-------------------------- + 1 file changed, 23 insertions(+), 26 deletions(-) + +--- a/lib/ubsan.c ++++ b/lib/ubsan.c +@@ -86,11 +86,13 @@ static bool is_inline_int(struct type_de + return bits <= inline_bits; + } + +-static s_max get_signed_val(struct type_descriptor *type, unsigned long val) ++static s_max get_signed_val(struct type_descriptor *type, void *val) + { + if (is_inline_int(type)) { + unsigned extra_bits = sizeof(s_max)*8 - type_bit_width(type); +- return ((s_max)val) << extra_bits >> extra_bits; ++ unsigned long ulong_val = (unsigned long)val; ++ ++ return ((s_max)ulong_val) << extra_bits >> extra_bits; + } + + if (type_bit_width(type) == 64) +@@ -99,15 +101,15 @@ static s_max get_signed_val(struct type_ + return *(s_max *)val; + } + +-static bool val_is_negative(struct type_descriptor *type, unsigned long val) ++static bool val_is_negative(struct type_descriptor *type, void *val) + { + return type_is_signed(type) && get_signed_val(type, val) < 0; + } + +-static u_max get_unsigned_val(struct type_descriptor *type, unsigned long val) ++static u_max get_unsigned_val(struct type_descriptor *type, void *val) + { + if (is_inline_int(type)) +- return val; ++ return (unsigned long)val; + + if (type_bit_width(type) == 64) + return *(u64 *)val; +@@ -116,7 +118,7 @@ static u_max get_unsigned_val(struct typ + } + + static void val_to_string(char *str, size_t size, struct type_descriptor *type, +- unsigned long value) ++ void *value) + { + if (type_is_int(type)) { + if (type_bit_width(type) == 128) { +@@ -163,8 +165,8 @@ static void ubsan_epilogue(unsigned long + current->in_ubsan--; + } + +-static void handle_overflow(struct overflow_data *data, unsigned long lhs, +- unsigned long rhs, char op) ++static void handle_overflow(struct overflow_data *data, void *lhs, ++ void *rhs, char op) + { + + struct type_descriptor *type = data->type; +@@ -191,8 +193,7 @@ static void handle_overflow(struct overf + } + + void __ubsan_handle_add_overflow(struct overflow_data *data, +- unsigned long lhs, +- unsigned long rhs) ++ void *lhs, void *rhs) + { + + handle_overflow(data, lhs, rhs, '+'); +@@ -200,23 +201,21 @@ void __ubsan_handle_add_overflow(struct + EXPORT_SYMBOL(__ubsan_handle_add_overflow); + + void __ubsan_handle_sub_overflow(struct overflow_data *data, +- unsigned long lhs, +- unsigned long rhs) ++ void *lhs, void *rhs) + { + handle_overflow(data, lhs, rhs, '-'); + } + EXPORT_SYMBOL(__ubsan_handle_sub_overflow); + + void __ubsan_handle_mul_overflow(struct overflow_data *data, +- unsigned long lhs, +- unsigned long rhs) ++ void *lhs, void *rhs) + { + handle_overflow(data, lhs, rhs, '*'); + } + EXPORT_SYMBOL(__ubsan_handle_mul_overflow); + + void __ubsan_handle_negate_overflow(struct overflow_data *data, +- unsigned long old_val) ++ void *old_val) + { + unsigned long flags; + char old_val_str[VALUE_LENGTH]; +@@ -237,8 +236,7 @@ EXPORT_SYMBOL(__ubsan_handle_negate_over + + + void __ubsan_handle_divrem_overflow(struct overflow_data *data, +- unsigned long lhs, +- unsigned long rhs) ++ void *lhs, void *rhs) + { + unsigned long flags; + char rhs_val_str[VALUE_LENGTH]; +@@ -323,7 +321,7 @@ static void ubsan_type_mismatch_common(s + } + + void __ubsan_handle_type_mismatch(struct type_mismatch_data *data, +- unsigned long ptr) ++ void *ptr) + { + struct type_mismatch_data_common common_data = { + .location = &data->location, +@@ -332,12 +330,12 @@ void __ubsan_handle_type_mismatch(struct + .type_check_kind = data->type_check_kind + }; + +- ubsan_type_mismatch_common(&common_data, ptr); ++ ubsan_type_mismatch_common(&common_data, (unsigned long)ptr); + } + EXPORT_SYMBOL(__ubsan_handle_type_mismatch); + + void __ubsan_handle_type_mismatch_v1(struct type_mismatch_data_v1 *data, +- unsigned long ptr) ++ void *ptr) + { + + struct type_mismatch_data_common common_data = { +@@ -347,12 +345,12 @@ void __ubsan_handle_type_mismatch_v1(str + .type_check_kind = data->type_check_kind + }; + +- ubsan_type_mismatch_common(&common_data, ptr); ++ ubsan_type_mismatch_common(&common_data, (unsigned long)ptr); + } + EXPORT_SYMBOL(__ubsan_handle_type_mismatch_v1); + + void __ubsan_handle_vla_bound_not_positive(struct vla_bound_data *data, +- unsigned long bound) ++ void *bound) + { + unsigned long flags; + char bound_str[VALUE_LENGTH]; +@@ -369,8 +367,7 @@ void __ubsan_handle_vla_bound_not_positi + } + EXPORT_SYMBOL(__ubsan_handle_vla_bound_not_positive); + +-void __ubsan_handle_out_of_bounds(struct out_of_bounds_data *data, +- unsigned long index) ++void __ubsan_handle_out_of_bounds(struct out_of_bounds_data *data, void *index) + { + unsigned long flags; + char index_str[VALUE_LENGTH]; +@@ -388,7 +385,7 @@ void __ubsan_handle_out_of_bounds(struct + EXPORT_SYMBOL(__ubsan_handle_out_of_bounds); + + void __ubsan_handle_shift_out_of_bounds(struct shift_out_of_bounds_data *data, +- unsigned long lhs, unsigned long rhs) ++ void *lhs, void *rhs) + { + unsigned long flags; + struct type_descriptor *rhs_type = data->rhs_type; +@@ -439,7 +436,7 @@ void __ubsan_handle_builtin_unreachable( + EXPORT_SYMBOL(__ubsan_handle_builtin_unreachable); + + void __ubsan_handle_load_invalid_value(struct invalid_value_data *data, +- unsigned long val) ++ void *val) + { + unsigned long flags; + char val_str[VALUE_LENGTH];