From 1a950497f13b5d2b05b57ab48945782899d7f5c8 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 8 Sep 2021 14:38:46 +0200 Subject: [PATCH] 4.19-stable patches added patches: crypto-talitos-reduce-max-key-size-for-sec1.patch ipv4-icmp-l3mdev-perform-icmp-error-route-lookup-on-source-device-routing-table-v2.patch mm-page_alloc-speed-up-the-iteration-of-max_order.patch net-ll_temac-remove-left-over-debug-message.patch powerpc-boot-delete-unneeded-.globl-_zimage_start.patch powerpc-module64-fix-comment-in-r_ppc64_entry-handling.patch sunrpc-nfs-fix-return-value-for-nfs4_callback_compound.patch usb-serial-mos7720-improve-oom-handling-in-read_mos_reg.patch --- ...talitos-reduce-max-key-size-for-sec1.patch | 37 ++++++ ...up-on-source-device-routing-table-v2.patch | 118 ++++++++++++++++++ ...-speed-up-the-iteration-of-max_order.patch | 73 +++++++++++ ...temac-remove-left-over-debug-message.patch | 31 +++++ ...delete-unneeded-.globl-_zimage_start.patch | 38 ++++++ ...ix-comment-in-r_ppc64_entry-handling.patch | 30 +++++ queue-4.19/series | 8 ++ ...urn-value-for-nfs4_callback_compound.patch | 104 +++++++++++++++ ...improve-oom-handling-in-read_mos_reg.patch | 51 ++++++++ 9 files changed, 490 insertions(+) create mode 100644 queue-4.19/crypto-talitos-reduce-max-key-size-for-sec1.patch create mode 100644 queue-4.19/ipv4-icmp-l3mdev-perform-icmp-error-route-lookup-on-source-device-routing-table-v2.patch create mode 100644 queue-4.19/mm-page_alloc-speed-up-the-iteration-of-max_order.patch create mode 100644 queue-4.19/net-ll_temac-remove-left-over-debug-message.patch create mode 100644 queue-4.19/powerpc-boot-delete-unneeded-.globl-_zimage_start.patch create mode 100644 queue-4.19/powerpc-module64-fix-comment-in-r_ppc64_entry-handling.patch create mode 100644 queue-4.19/sunrpc-nfs-fix-return-value-for-nfs4_callback_compound.patch create mode 100644 queue-4.19/usb-serial-mos7720-improve-oom-handling-in-read_mos_reg.patch diff --git a/queue-4.19/crypto-talitos-reduce-max-key-size-for-sec1.patch b/queue-4.19/crypto-talitos-reduce-max-key-size-for-sec1.patch new file mode 100644 index 00000000000..3765591f3e5 --- /dev/null +++ b/queue-4.19/crypto-talitos-reduce-max-key-size-for-sec1.patch @@ -0,0 +1,37 @@ +From b8fbdc2bc4e71b62646031d5df5f08aafe15d5ad Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Tue, 21 May 2019 13:34:09 +0000 +Subject: crypto: talitos - reduce max key size for SEC1 + +From: Christophe Leroy + +commit b8fbdc2bc4e71b62646031d5df5f08aafe15d5ad upstream. + +SEC1 doesn't support SHA384/512, so it doesn't require +longer keys. + +This patch reduces the max key size when the driver +is built for SEC1 only. + +Signed-off-by: Christophe Leroy +Fixes: 03d2c5114c95 ("crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD") +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/talitos.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -853,7 +853,11 @@ static void talitos_unregister_rng(struc + * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP + */ + #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1) ++#ifdef CONFIG_CRYPTO_DEV_TALITOS_SEC2 + #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE) ++#else ++#define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA256_BLOCK_SIZE) ++#endif + #define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */ + + struct talitos_ctx { diff --git a/queue-4.19/ipv4-icmp-l3mdev-perform-icmp-error-route-lookup-on-source-device-routing-table-v2.patch b/queue-4.19/ipv4-icmp-l3mdev-perform-icmp-error-route-lookup-on-source-device-routing-table-v2.patch new file mode 100644 index 00000000000..031a32f08cf --- /dev/null +++ b/queue-4.19/ipv4-icmp-l3mdev-perform-icmp-error-route-lookup-on-source-device-routing-table-v2.patch @@ -0,0 +1,118 @@ +From e1e84eb58eb494b77c8389fc6308b5042dcce791 Mon Sep 17 00:00:00 2001 +From: Mathieu Desnoyers +Date: Mon, 12 Oct 2020 10:50:14 -0400 +Subject: ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) + +From: Mathieu Desnoyers + +commit e1e84eb58eb494b77c8389fc6308b5042dcce791 upstream. + +As per RFC792, ICMP errors should be sent to the source host. + +However, in configurations with Virtual Routing and Forwarding tables, +looking up which routing table to use is currently done by using the +destination net_device. + +commit 9d1a6c4ea43e ("net: icmp_route_lookup should use rt dev to +determine L3 domain") changes the interface passed to +l3mdev_master_ifindex() and inet_addr_type_dev_table() from skb_in->dev +to skb_dst(skb_in)->dev. This effectively uses the destination device +rather than the source device for choosing which routing table should be +used to lookup where to send the ICMP error. + +Therefore, if the source and destination interfaces are within separate +VRFs, or one in the global routing table and the other in a VRF, looking +up the source host in the destination interface's routing table will +fail if the destination interface's routing table contains no route to +the source host. + +One observable effect of this issue is that traceroute does not work in +the following cases: + +- Route leaking between global routing table and VRF +- Route leaking between VRFs + +Preferably use the source device routing table when sending ICMP error +messages. If no source device is set, fall-back on the destination +device routing table. Else, use the main routing table (index 0). + +[ It has been pointed out that a similar issue may exist with ICMP + errors triggered when forwarding between network namespaces. It would + be worthwhile to investigate, but is outside of the scope of this + investigation. ] + +[ It has also been pointed out that a similar issue exists with + unreachable / fragmentation needed messages, which can be triggered by + changing the MTU of eth1 in r1 to 1400 and running: + + ip netns exec h1 ping -s 1450 -Mdo -c1 172.16.2.2 + + Some investigation points to raw_icmp_error() and raw_err() as being + involved in this last scenario. The focus of this patch is TTL expired + ICMP messages, which go through icmp_route_lookup. + Investigation of failure modes related to raw_icmp_error() is beyond + this investigation's scope. ] + +Fixes: 9d1a6c4ea43e ("net: icmp_route_lookup should use rt dev to determine L3 domain") +Link: https://tools.ietf.org/html/rfc792 +Signed-off-by: Mathieu Desnoyers +Reviewed-by: David Ahern +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/icmp.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +--- a/net/ipv4/icmp.c ++++ b/net/ipv4/icmp.c +@@ -465,6 +465,23 @@ out_bh_enable: + local_bh_enable(); + } + ++/* ++ * The device used for looking up which routing table to use for sending an ICMP ++ * error is preferably the source whenever it is set, which should ensure the ++ * icmp error can be sent to the source host, else lookup using the routing ++ * table of the destination device, else use the main routing table (index 0). ++ */ ++static struct net_device *icmp_get_route_lookup_dev(struct sk_buff *skb) ++{ ++ struct net_device *route_lookup_dev = NULL; ++ ++ if (skb->dev) ++ route_lookup_dev = skb->dev; ++ else if (skb_dst(skb)) ++ route_lookup_dev = skb_dst(skb)->dev; ++ return route_lookup_dev; ++} ++ + static struct rtable *icmp_route_lookup(struct net *net, + struct flowi4 *fl4, + struct sk_buff *skb_in, +@@ -473,6 +490,7 @@ static struct rtable *icmp_route_lookup( + int type, int code, + struct icmp_bxm *param) + { ++ struct net_device *route_lookup_dev; + struct rtable *rt, *rt2; + struct flowi4 fl4_dec; + int err; +@@ -487,7 +505,8 @@ static struct rtable *icmp_route_lookup( + fl4->flowi4_proto = IPPROTO_ICMP; + fl4->fl4_icmp_type = type; + fl4->fl4_icmp_code = code; +- fl4->flowi4_oif = l3mdev_master_ifindex(skb_dst(skb_in)->dev); ++ route_lookup_dev = icmp_get_route_lookup_dev(skb_in); ++ fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev); + + security_skb_classify_flow(skb_in, flowi4_to_flowi(fl4)); + rt = ip_route_output_key_hash(net, fl4, skb_in); +@@ -511,7 +530,7 @@ static struct rtable *icmp_route_lookup( + if (err) + goto relookup_failed; + +- if (inet_addr_type_dev_table(net, skb_dst(skb_in)->dev, ++ if (inet_addr_type_dev_table(net, route_lookup_dev, + fl4_dec.saddr) == RTN_LOCAL) { + rt2 = __ip_route_output_key(net, &fl4_dec); + if (IS_ERR(rt2)) diff --git a/queue-4.19/mm-page_alloc-speed-up-the-iteration-of-max_order.patch b/queue-4.19/mm-page_alloc-speed-up-the-iteration-of-max_order.patch new file mode 100644 index 00000000000..c2a30454d7c --- /dev/null +++ b/queue-4.19/mm-page_alloc-speed-up-the-iteration-of-max_order.patch @@ -0,0 +1,73 @@ +From 7ad69832f37e3cea8557db6df7c793905f1135e8 Mon Sep 17 00:00:00 2001 +From: Muchun Song +Date: Mon, 14 Dec 2020 19:11:25 -0800 +Subject: mm/page_alloc: speed up the iteration of max_order + +From: Muchun Song + +commit 7ad69832f37e3cea8557db6df7c793905f1135e8 upstream. + +When we free a page whose order is very close to MAX_ORDER and greater +than pageblock_order, it wastes some CPU cycles to increase max_order to +MAX_ORDER one by one and check the pageblock migratetype of that page +repeatedly especially when MAX_ORDER is much larger than pageblock_order. + +We also should not be checking migratetype of buddy when "order == +MAX_ORDER - 1" as the buddy pfn may be invalid, so adjust the condition. +With the new check, we don't need the max_order check anymore, so we +replace it. + +Also adjust max_order initialization so that it's lower by one than +previously, which makes the code hopefully more clear. + +Link: https://lkml.kernel.org/r/20201204155109.55451-1-songmuchun@bytedance.com +Fixes: d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks") +Signed-off-by: Muchun Song +Acked-by: Vlastimil Babka +Reviewed-by: Oscar Salvador +Reviewed-by: David Hildenbrand +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + mm/page_alloc.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -807,7 +807,7 @@ static inline void __free_one_page(struc + struct page *buddy; + unsigned int max_order; + +- max_order = min_t(unsigned int, MAX_ORDER, pageblock_order + 1); ++ max_order = min_t(unsigned int, MAX_ORDER - 1, pageblock_order); + + VM_BUG_ON(!zone_is_initialized(zone)); + VM_BUG_ON_PAGE(page->flags & PAGE_FLAGS_CHECK_AT_PREP, page); +@@ -820,7 +820,7 @@ static inline void __free_one_page(struc + VM_BUG_ON_PAGE(bad_range(zone, page), page); + + continue_merging: +- while (order < max_order - 1) { ++ while (order < max_order) { + buddy_pfn = __find_buddy_pfn(pfn, order); + buddy = page + (buddy_pfn - pfn); + +@@ -844,7 +844,7 @@ continue_merging: + pfn = combined_pfn; + order++; + } +- if (max_order < MAX_ORDER) { ++ if (order < MAX_ORDER - 1) { + /* If we are here, it means order is >= pageblock_order. + * We want to prevent merge between freepages on isolate + * pageblock and normal pageblock. Without this, pageblock +@@ -865,7 +865,7 @@ continue_merging: + is_migrate_isolate(buddy_mt))) + goto done_merging; + } +- max_order++; ++ max_order = order + 1; + goto continue_merging; + } + diff --git a/queue-4.19/net-ll_temac-remove-left-over-debug-message.patch b/queue-4.19/net-ll_temac-remove-left-over-debug-message.patch new file mode 100644 index 00000000000..decd680319f --- /dev/null +++ b/queue-4.19/net-ll_temac-remove-left-over-debug-message.patch @@ -0,0 +1,31 @@ +From ce03b94ba682a67e8233c9ee3066071656ded58f Mon Sep 17 00:00:00 2001 +From: Esben Haabendal +Date: Mon, 21 Jun 2021 10:20:08 +0200 +Subject: net: ll_temac: Remove left-over debug message + +From: Esben Haabendal + +commit ce03b94ba682a67e8233c9ee3066071656ded58f upstream. + +Fixes: f63963411942 ("net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY") +Signed-off-by: Esben Haabendal +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/xilinx/ll_temac_main.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/drivers/net/ethernet/xilinx/ll_temac_main.c ++++ b/drivers/net/ethernet/xilinx/ll_temac_main.c +@@ -736,10 +736,8 @@ temac_start_xmit(struct sk_buff *skb, st + /* Kick off the transfer */ + lp->dma_out(lp, TX_TAILDESC_PTR, tail_p); /* DMA start */ + +- if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1)) { +- netdev_info(ndev, "%s -> netif_stop_queue\n", __func__); ++ if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1)) + netif_stop_queue(ndev); +- } + + return NETDEV_TX_OK; + } diff --git a/queue-4.19/powerpc-boot-delete-unneeded-.globl-_zimage_start.patch b/queue-4.19/powerpc-boot-delete-unneeded-.globl-_zimage_start.patch new file mode 100644 index 00000000000..f9c26681032 --- /dev/null +++ b/queue-4.19/powerpc-boot-delete-unneeded-.globl-_zimage_start.patch @@ -0,0 +1,38 @@ +From 968339fad422a58312f67718691b717dac45c399 Mon Sep 17 00:00:00 2001 +From: Fangrui Song +Date: Wed, 25 Mar 2020 09:42:57 -0700 +Subject: powerpc/boot: Delete unneeded .globl _zimage_start + +From: Fangrui Song + +commit 968339fad422a58312f67718691b717dac45c399 upstream. + +.globl sets the symbol binding to STB_GLOBAL while .weak sets the +binding to STB_WEAK. GNU as let .weak override .globl since +binutils-gdb 5ca547dc2399a0a5d9f20626d4bf5547c3ccfddd (1996). Clang +integrated assembler let the last win but it may error in the future. + +Since it is a convention that only one binding directive is used, just +delete .globl. + +Fixes: ee9d21b3b358 ("powerpc/boot: Ensure _zimage_start is a weak symbol") +Signed-off-by: Fangrui Song +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200325164257.170229-1-maskray@google.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/boot/crt0.S | 3 --- + 1 file changed, 3 deletions(-) + +--- a/arch/powerpc/boot/crt0.S ++++ b/arch/powerpc/boot/crt0.S +@@ -49,9 +49,6 @@ p_end: .long _end + p_pstack: .long _platform_stack_top + #endif + +- .globl _zimage_start +- /* Clang appears to require the .weak directive to be after the symbol +- * is defined. See https://bugs.llvm.org/show_bug.cgi?id=38921 */ + .weak _zimage_start + _zimage_start: + .globl _zimage_start_lib diff --git a/queue-4.19/powerpc-module64-fix-comment-in-r_ppc64_entry-handling.patch b/queue-4.19/powerpc-module64-fix-comment-in-r_ppc64_entry-handling.patch new file mode 100644 index 00000000000..8a7e1c895bd --- /dev/null +++ b/queue-4.19/powerpc-module64-fix-comment-in-r_ppc64_entry-handling.patch @@ -0,0 +1,30 @@ +From 2fb0a2c989837c976b68233496bbaefb47cd3d6f Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Sat, 6 Jul 2019 00:18:53 +1000 +Subject: powerpc/module64: Fix comment in R_PPC64_ENTRY handling + +From: Michael Ellerman + +commit 2fb0a2c989837c976b68233496bbaefb47cd3d6f upstream. + +The comment here is wrong, the addi reads from r2 not r12. The code is +correct, 0x38420000 = addi r2,r2,0. + +Fixes: a61674bdfc7c ("powerpc/module: Handle R_PPC64_ENTRY relocations") +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/module_64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/module_64.c ++++ b/arch/powerpc/kernel/module_64.c +@@ -719,7 +719,7 @@ int apply_relocate_add(Elf64_Shdr *sechd + /* + * If found, replace it with: + * addis r2, r12, (.TOC.-func)@ha +- * addi r2, r12, (.TOC.-func)@l ++ * addi r2, r2, (.TOC.-func)@l + */ + ((uint32_t *)location)[0] = 0x3c4c0000 + PPC_HA(value); + ((uint32_t *)location)[1] = 0x38420000 + PPC_LO(value); diff --git a/queue-4.19/series b/queue-4.19/series index fa4251bdfc7..3f5fc31c1ca 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -14,3 +14,11 @@ media-stkwebcam-fix-memory-leak-in-stk_camera_probe.patch arm-imx-add-missing-clk_disable_unprepare.patch arm-imx-fix-missing-3rd-argument-in-macro-imx_mmdc_perf_init.patch igmp-add-ip_mc_list-lock-in-ip_check_mc_rcu.patch +usb-serial-mos7720-improve-oom-handling-in-read_mos_reg.patch +ipv4-icmp-l3mdev-perform-icmp-error-route-lookup-on-source-device-routing-table-v2.patch +sunrpc-nfs-fix-return-value-for-nfs4_callback_compound.patch +crypto-talitos-reduce-max-key-size-for-sec1.patch +powerpc-module64-fix-comment-in-r_ppc64_entry-handling.patch +powerpc-boot-delete-unneeded-.globl-_zimage_start.patch +net-ll_temac-remove-left-over-debug-message.patch +mm-page_alloc-speed-up-the-iteration-of-max_order.patch diff --git a/queue-4.19/sunrpc-nfs-fix-return-value-for-nfs4_callback_compound.patch b/queue-4.19/sunrpc-nfs-fix-return-value-for-nfs4_callback_compound.patch new file mode 100644 index 00000000000..37e6a6a0b3f --- /dev/null +++ b/queue-4.19/sunrpc-nfs-fix-return-value-for-nfs4_callback_compound.patch @@ -0,0 +1,104 @@ +From 83dd59a0b9afc3b1a2642fb5c9b0585b1c08768f Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 9 Apr 2019 11:46:14 -0400 +Subject: SUNRPC/nfs: Fix return value for nfs4_callback_compound() + +From: Trond Myklebust + +commit 83dd59a0b9afc3b1a2642fb5c9b0585b1c08768f upstream. + +RPC server procedures are normally expected to return a __be32 encoded +status value of type 'enum rpc_accept_stat', however at least one function +wants to return an authentication status of type 'enum rpc_auth_stat' +in the case where authentication fails. +This patch adds functionality to allow this. + +Fixes: a4e187d83d88 ("NFS: Don't drop CB requests with invalid principals") +Signed-off-by: Trond Myklebust +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfs/callback_xdr.c | 2 +- + include/linux/sunrpc/svc.h | 2 ++ + net/sunrpc/svc.c | 27 ++++++++++++++++++++++----- + 3 files changed, 25 insertions(+), 6 deletions(-) + +--- a/fs/nfs/callback_xdr.c ++++ b/fs/nfs/callback_xdr.c +@@ -991,7 +991,7 @@ static __be32 nfs4_callback_compound(str + + out_invalidcred: + pr_warn_ratelimited("NFS: NFSv4 callback contains invalid cred\n"); +- return rpc_autherr_badcred; ++ return svc_return_autherr(rqstp, rpc_autherr_badcred); + } + + /* +--- a/include/linux/sunrpc/svc.h ++++ b/include/linux/sunrpc/svc.h +@@ -271,6 +271,7 @@ struct svc_rqst { + #define RQ_VICTIM (5) /* about to be shut down */ + #define RQ_BUSY (6) /* request is busy */ + #define RQ_DATA (7) /* request has data */ ++#define RQ_AUTHERR (8) /* Request status is auth error */ + unsigned long rq_flags; /* flags field */ + ktime_t rq_qtime; /* enqueue time */ + +@@ -504,6 +505,7 @@ unsigned int svc_fill_write_vector(st + char *svc_fill_symlink_pathname(struct svc_rqst *rqstp, + struct kvec *first, void *p, + size_t total); ++__be32 svc_return_autherr(struct svc_rqst *rqstp, __be32 auth_err); + + #define RPC_MAX_ADDRBUFLEN (63U) + +--- a/net/sunrpc/svc.c ++++ b/net/sunrpc/svc.c +@@ -1146,6 +1146,22 @@ static __printf(2,3) void svc_printk(str + + extern void svc_tcp_prep_reply_hdr(struct svc_rqst *); + ++__be32 ++svc_return_autherr(struct svc_rqst *rqstp, __be32 auth_err) ++{ ++ set_bit(RQ_AUTHERR, &rqstp->rq_flags); ++ return auth_err; ++} ++EXPORT_SYMBOL_GPL(svc_return_autherr); ++ ++static __be32 ++svc_get_autherr(struct svc_rqst *rqstp, __be32 *statp) ++{ ++ if (test_and_clear_bit(RQ_AUTHERR, &rqstp->rq_flags)) ++ return *statp; ++ return rpc_auth_ok; ++} ++ + /* + * Common routine for processing the RPC request. + */ +@@ -1296,11 +1312,9 @@ svc_process_common(struct svc_rqst *rqst + procp->pc_release(rqstp); + goto dropit; + } +- if (*statp == rpc_autherr_badcred) { +- if (procp->pc_release) +- procp->pc_release(rqstp); +- goto err_bad_auth; +- } ++ auth_stat = svc_get_autherr(rqstp, statp); ++ if (auth_stat != rpc_auth_ok) ++ goto err_release_bad_auth; + if (*statp == rpc_success && procp->pc_encode && + !procp->pc_encode(rqstp, resv->iov_base + resv->iov_len)) { + dprintk("svc: failed to encode reply\n"); +@@ -1359,6 +1373,9 @@ err_bad_rpc: + svc_putnl(resv, 2); + goto sendit; + ++err_release_bad_auth: ++ if (procp->pc_release) ++ procp->pc_release(rqstp); + err_bad_auth: + dprintk("svc: authentication failed (%d)\n", ntohl(auth_stat)); + serv->sv_stats->rpcbadauth++; diff --git a/queue-4.19/usb-serial-mos7720-improve-oom-handling-in-read_mos_reg.patch b/queue-4.19/usb-serial-mos7720-improve-oom-handling-in-read_mos_reg.patch new file mode 100644 index 00000000000..68f10782614 --- /dev/null +++ b/queue-4.19/usb-serial-mos7720-improve-oom-handling-in-read_mos_reg.patch @@ -0,0 +1,51 @@ +From 161a582bd1d8681095f158d11bc679a58f1d026b Mon Sep 17 00:00:00 2001 +From: Tom Rix +Date: Mon, 11 Jan 2021 14:09:04 -0800 +Subject: USB: serial: mos7720: improve OOM-handling in read_mos_reg() + +From: Tom Rix + +commit 161a582bd1d8681095f158d11bc679a58f1d026b upstream. + +clang static analysis reports this problem + +mos7720.c:352:2: warning: Undefined or garbage value returned to caller + return d; + ^~~~~~~~ + +In the parport_mos7715_read_data()'s call to read_mos_reg(), 'd' is +only set after the alloc block. + + buf = kmalloc(1, GFP_KERNEL); + if (!buf) + return -ENOMEM; + +Although the problem is reported in parport_most7715_read_data(), +none of the callee's of read_mos_reg() check the return status. + +Make sure to clear the return-value buffer also on allocation failures. + +Fixes: 0d130367abf5 ("USB: serial: mos7720: fix control-message error handling") +Signed-off-by: Tom Rix +Link: https://lore.kernel.org/r/20210111220904.1035957-1-trix@redhat.com +[ johan: only clear the buffer on errors, amend commit message ] +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/mos7720.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/usb/serial/mos7720.c ++++ b/drivers/usb/serial/mos7720.c +@@ -226,8 +226,10 @@ static int read_mos_reg(struct usb_seria + int status; + + buf = kmalloc(1, GFP_KERNEL); +- if (!buf) ++ if (!buf) { ++ *data = 0; + return -ENOMEM; ++ } + + status = usb_control_msg(usbdev, pipe, request, requesttype, value, + index, buf, 1, MOS_WDR_TIMEOUT); -- 2.47.3