From: Sasha Levin Date: Mon, 2 Mar 2020 03:23:27 +0000 (-0500) Subject: fixes for 4.4 X-Git-Tag: v4.19.108~78 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f67464d266d590fe61c3cd36f7c69d903d51f294;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 4.4 Signed-off-by: Sasha Levin --- diff --git a/queue-4.4/arm-ftrace-fix-be-text-poking.patch b/queue-4.4/arm-ftrace-fix-be-text-poking.patch new file mode 100644 index 00000000000..c99aa1417be --- /dev/null +++ b/queue-4.4/arm-ftrace-fix-be-text-poking.patch @@ -0,0 +1,46 @@ +From 8c9c4da2c156ee1fed4e685d42609b510019e269 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 7 Feb 2020 12:57:36 +0100 +Subject: arm/ftrace: Fix BE text poking + +From: Peter Zijlstra + +[ Upstream commit be993e44badc448add6a18d6f12b20615692c4c3 ] + +The __patch_text() function already applies __opcode_to_mem_*(), so +when __opcode_to_mem_*() is not the identity (BE*), it is applied +twice, wrecking the instruction. + +Fixes: 42e51f187f86 ("arm/ftrace: Use __patch_text()") +Reported-by: Dmitry Osipenko +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Ingo Molnar +Tested-by: Dmitry Osipenko +Signed-off-by: Sasha Levin +--- + arch/arm/kernel/ftrace.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c +index faa9a905826ee..7982409e5c27f 100644 +--- a/arch/arm/kernel/ftrace.c ++++ b/arch/arm/kernel/ftrace.c +@@ -105,13 +105,10 @@ static int ftrace_modify_code(unsigned long pc, unsigned long old, + { + unsigned long replaced; + +- if (IS_ENABLED(CONFIG_THUMB2_KERNEL)) { ++ if (IS_ENABLED(CONFIG_THUMB2_KERNEL)) + old = __opcode_to_mem_thumb32(old); +- new = __opcode_to_mem_thumb32(new); +- } else { ++ else + old = __opcode_to_mem_arm(old); +- new = __opcode_to_mem_arm(new); +- } + + if (validate) { + if (probe_kernel_read(&replaced, (void *)pc, MCOUNT_INSN_SIZE)) +-- +2.20.1 + diff --git a/queue-4.4/cfg80211-add-missing-policy-for-nl80211_attr_status_.patch b/queue-4.4/cfg80211-add-missing-policy-for-nl80211_attr_status_.patch new file mode 100644 index 00000000000..5eb7001c320 --- /dev/null +++ b/queue-4.4/cfg80211-add-missing-policy-for-nl80211_attr_status_.patch @@ -0,0 +1,36 @@ +From ac0d9266bb7b04c01c9b80f1299aef28fd973d05 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 13 Feb 2020 13:16:16 +0000 +Subject: cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE + +From: Sergey Matyukevich + +[ Upstream commit ea75080110a4c1fa011b0a73cb8f42227143ee3e ] + +The nl80211_policy is missing for NL80211_ATTR_STATUS_CODE attribute. +As a result, for strictly validated commands, it's assumed to not be +supported. + +Signed-off-by: Sergey Matyukevich +Link: https://lore.kernel.org/r/20200213131608.10541-2-sergey.matyukevich.os@quantenna.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/wireless/nl80211.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c +index fd0bf278067ef..4b30e91106d07 100644 +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -330,6 +330,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { + [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, + [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, + [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, ++ [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 }, + [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, + [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, + [NL80211_ATTR_PID] = { .type = NLA_U32 }, +-- +2.20.1 + diff --git a/queue-4.4/cfg80211-check-wiphy-driver-existence-for-drvinfo-re.patch b/queue-4.4/cfg80211-check-wiphy-driver-existence-for-drvinfo-re.patch new file mode 100644 index 00000000000..ec878006902 --- /dev/null +++ b/queue-4.4/cfg80211-check-wiphy-driver-existence-for-drvinfo-re.patch @@ -0,0 +1,44 @@ +From 6bcad942d0427d28f24b7922a6b68adc3395ca77 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 3 Feb 2020 10:56:50 +0000 +Subject: cfg80211: check wiphy driver existence for drvinfo report + +From: Sergey Matyukevich + +[ Upstream commit bfb7bac3a8f47100ebe7961bd14e924c96e21ca7 ] + +When preparing ethtool drvinfo, check if wiphy driver is defined +before dereferencing it. Driver may not exist, e.g. if wiphy is +attached to a virtual platform device. + +Signed-off-by: Sergey Matyukevich +Link: https://lore.kernel.org/r/20200203105644.28875-1-sergey.matyukevich.os@quantenna.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/wireless/ethtool.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/net/wireless/ethtool.c b/net/wireless/ethtool.c +index e9e91298c70de..3cedf2c2b60bd 100644 +--- a/net/wireless/ethtool.c ++++ b/net/wireless/ethtool.c +@@ -6,9 +6,13 @@ + void cfg80211_get_drvinfo(struct net_device *dev, struct ethtool_drvinfo *info) + { + struct wireless_dev *wdev = dev->ieee80211_ptr; ++ struct device *pdev = wiphy_dev(wdev->wiphy); + +- strlcpy(info->driver, wiphy_dev(wdev->wiphy)->driver->name, +- sizeof(info->driver)); ++ if (pdev->driver) ++ strlcpy(info->driver, pdev->driver->name, ++ sizeof(info->driver)); ++ else ++ strlcpy(info->driver, "N/A", sizeof(info->driver)); + + strlcpy(info->version, init_utsname()->release, sizeof(info->version)); + +-- +2.20.1 + diff --git a/queue-4.4/cifs-fix-mode-output-in-debugging-statements.patch b/queue-4.4/cifs-fix-mode-output-in-debugging-statements.patch new file mode 100644 index 00000000000..fd2bc49a0c5 --- /dev/null +++ b/queue-4.4/cifs-fix-mode-output-in-debugging-statements.patch @@ -0,0 +1,72 @@ +From 3fefd7d804a5327b8b0299ae0df15aea472e5104 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 12 Feb 2020 15:31:48 -0600 +Subject: cifs: Fix mode output in debugging statements + +From: Frank Sorenson + +[ Upstream commit f52aa79df43c4509146140de0241bc21a4a3b4c7 ] + +A number of the debug statements output file or directory mode +in hex. Change these to print using octal. + +Signed-off-by: Frank Sorenson +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/cifsacl.c | 4 ++-- + fs/cifs/connect.c | 2 +- + fs/cifs/inode.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c +index 3f93125916bf0..f5b87a8f75c47 100644 +--- a/fs/cifs/cifsacl.c ++++ b/fs/cifs/cifsacl.c +@@ -480,7 +480,7 @@ static void access_flags_to_mode(__le32 ace_flags, int type, umode_t *pmode, + ((flags & FILE_EXEC_RIGHTS) == FILE_EXEC_RIGHTS)) + *pmode |= (S_IXUGO & (*pbits_to_set)); + +- cifs_dbg(NOISY, "access flags 0x%x mode now 0x%x\n", flags, *pmode); ++ cifs_dbg(NOISY, "access flags 0x%x mode now %04o\n", flags, *pmode); + return; + } + +@@ -509,7 +509,7 @@ static void mode_to_access_flags(umode_t mode, umode_t bits_to_use, + if (mode & S_IXUGO) + *pace_flags |= SET_FILE_EXEC_RIGHTS; + +- cifs_dbg(NOISY, "mode: 0x%x, access flags now 0x%x\n", ++ cifs_dbg(NOISY, "mode: %04o, access flags now 0x%x\n", + mode, *pace_flags); + return; + } +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c +index 4bde8acca455c..cf104bbe30a14 100644 +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -3402,7 +3402,7 @@ void cifs_setup_cifs_sb(struct smb_vol *pvolume_info, + cifs_sb->mnt_gid = pvolume_info->linux_gid; + cifs_sb->mnt_file_mode = pvolume_info->file_mode; + cifs_sb->mnt_dir_mode = pvolume_info->dir_mode; +- cifs_dbg(FYI, "file mode: 0x%hx dir mode: 0x%hx\n", ++ cifs_dbg(FYI, "file mode: %04ho dir mode: %04ho\n", + cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode); + + cifs_sb->actimeo = pvolume_info->actimeo; +diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c +index 0a219545940d9..8827de2ba7bef 100644 +--- a/fs/cifs/inode.c ++++ b/fs/cifs/inode.c +@@ -1540,7 +1540,7 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, umode_t mode) + struct TCP_Server_Info *server; + char *full_path; + +- cifs_dbg(FYI, "In cifs_mkdir, mode = 0x%hx inode = 0x%p\n", ++ cifs_dbg(FYI, "In cifs_mkdir, mode = %04ho inode = 0x%p\n", + mode, inode); + + cifs_sb = CIFS_SB(inode->i_sb); +-- +2.20.1 + diff --git a/queue-4.4/ipmi-ssif-handle-a-possible-null-pointer-reference.patch b/queue-4.4/ipmi-ssif-handle-a-possible-null-pointer-reference.patch new file mode 100644 index 00000000000..761640e7187 --- /dev/null +++ b/queue-4.4/ipmi-ssif-handle-a-possible-null-pointer-reference.patch @@ -0,0 +1,45 @@ +From 39530e5b91d468239893423ba6d97b279dab27a8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Dec 2019 10:42:19 -0600 +Subject: ipmi:ssif: Handle a possible NULL pointer reference + +From: Corey Minyard + +[ Upstream commit 6b8526d3abc02c08a2f888e8c20b7ac9e5776dfe ] + +In error cases a NULL can be passed to memcpy. The length will always +be zero, so it doesn't really matter, but go ahead and check for NULL, +anyway, to be more precise and avoid static analysis errors. + +Reported-by: kbuild test robot +Signed-off-by: Corey Minyard +Signed-off-by: Sasha Levin +--- + drivers/char/ipmi/ipmi_ssif.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c +index 67d23ed2d1a06..29082d99264e8 100644 +--- a/drivers/char/ipmi/ipmi_ssif.c ++++ b/drivers/char/ipmi/ipmi_ssif.c +@@ -742,10 +742,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result, + flags = ipmi_ssif_lock_cond(ssif_info, &oflags); + msg = ssif_info->curr_msg; + if (msg) { ++ if (data) { ++ if (len > IPMI_MAX_MSG_LENGTH) ++ len = IPMI_MAX_MSG_LENGTH; ++ memcpy(msg->rsp, data, len); ++ } else { ++ len = 0; ++ } + msg->rsp_size = len; +- if (msg->rsp_size > IPMI_MAX_MSG_LENGTH) +- msg->rsp_size = IPMI_MAX_MSG_LENGTH; +- memcpy(msg->rsp, data, msg->rsp_size); + ssif_info->curr_msg = NULL; + } + +-- +2.20.1 + diff --git a/queue-4.4/mac80211-consider-more-elements-in-parsing-crc.patch b/queue-4.4/mac80211-consider-more-elements-in-parsing-crc.patch new file mode 100644 index 00000000000..43e2263439d --- /dev/null +++ b/queue-4.4/mac80211-consider-more-elements-in-parsing-crc.patch @@ -0,0 +1,68 @@ +From f98322101518dc96d7d05e7bda16f10e2ea77863 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 31 Jan 2020 13:12:58 +0200 +Subject: mac80211: consider more elements in parsing CRC + +From: Johannes Berg + +[ Upstream commit a04564c99bb4a92f805a58e56b2d22cc4978f152 ] + +We only use the parsing CRC for checking if a beacon changed, +and elements with an ID > 63 cannot be represented in the +filter. Thus, like we did before with WMM and Cisco vendor +elements, just statically add these forgotten items to the +CRC: + - WLAN_EID_VHT_OPERATION + - WLAN_EID_OPMODE_NOTIF + +I guess that in most cases when VHT/HE operation change, the HT +operation also changed, and so the change was picked up, but we +did notice that pure operating mode notification changes were +ignored. + +Signed-off-by: Johannes Berg +Signed-off-by: Luca Coelho +Link: https://lore.kernel.org/r/20200131111300.891737-22-luca@coelho.fi +[restrict to VHT for the mac80211 branch] +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/util.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/net/mac80211/util.c b/net/mac80211/util.c +index 2214c77d41721..4301a92fc160f 100644 +--- a/net/mac80211/util.c ++++ b/net/mac80211/util.c +@@ -939,16 +939,22 @@ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, + elem_parse_failed = true; + break; + case WLAN_EID_VHT_OPERATION: +- if (elen >= sizeof(struct ieee80211_vht_operation)) ++ if (elen >= sizeof(struct ieee80211_vht_operation)) { + elems->vht_operation = (void *)pos; +- else +- elem_parse_failed = true; ++ if (calc_crc) ++ crc = crc32_be(crc, pos - 2, elen + 2); ++ break; ++ } ++ elem_parse_failed = true; + break; + case WLAN_EID_OPMODE_NOTIF: +- if (elen > 0) ++ if (elen > 0) { + elems->opmode_notif = pos; +- else +- elem_parse_failed = true; ++ if (calc_crc) ++ crc = crc32_be(crc, pos - 2, elen + 2); ++ break; ++ } ++ elem_parse_failed = true; + break; + case WLAN_EID_MESH_ID: + elems->mesh_id = pos; +-- +2.20.1 + diff --git a/queue-4.4/series b/queue-4.4/series index 96da4ba73f7..ebb0929581f 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -2,3 +2,9 @@ iwlwifi-pcie-fix-rb_allocator-workqueue-allocation.patch ext4-fix-potential-race-between-online-resizing-and-.patch ext4-fix-potential-race-between-s_flex_groups-online.patch ext4-fix-potential-race-between-s_group_info-online-.patch +ipmi-ssif-handle-a-possible-null-pointer-reference.patch +mac80211-consider-more-elements-in-parsing-crc.patch +cfg80211-check-wiphy-driver-existence-for-drvinfo-re.patch +arm-ftrace-fix-be-text-poking.patch +cifs-fix-mode-output-in-debugging-statements.patch +cfg80211-add-missing-policy-for-nl80211_attr_status_.patch