From 42e363529acb4fe115bc53fec5a72c55ce68dbe3 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Wed, 13 Oct 2021 07:36:34 -0400 Subject: [PATCH] Fixes for 4.9 Signed-off-by: Sasha Levin --- ...gical-maximum-and-usage-maximum-of-m.patch | 106 ++++++++++++++++++ ...ames-from-invalid-mac-address-in-ad-.patch | 51 +++++++++ ...bles-zero-initialize-fragment-offset.patch | 38 +++++++ ...estroy-callback-on-event-init-failur.patch | 54 +++++++++ ...igned-comparison-with-less-than-zero.patch | 39 +++++++ ...-fix-spelling-mistake-unsupport-unsu.patch | 45 ++++++++ queue-4.9/series | 6 + 7 files changed, 339 insertions(+) create mode 100644 queue-4.9/hid-apple-fix-logical-maximum-and-usage-maximum-of-m.patch create mode 100644 queue-4.9/mac80211-drop-frames-from-invalid-mac-address-in-ad-.patch create mode 100644 queue-4.9/netfilter-ip6_tables-zero-initialize-fragment-offset.patch create mode 100644 queue-4.9/perf-x86-reset-destroy-callback-on-event-init-failur.patch create mode 100644 queue-4.9/scsi-ses-fix-unsigned-comparison-with-less-than-zero.patch create mode 100644 queue-4.9/scsi-virtio_scsi-fix-spelling-mistake-unsupport-unsu.patch diff --git a/queue-4.9/hid-apple-fix-logical-maximum-and-usage-maximum-of-m.patch b/queue-4.9/hid-apple-fix-logical-maximum-and-usage-maximum-of-m.patch new file mode 100644 index 00000000000..1109ea24bed --- /dev/null +++ b/queue-4.9/hid-apple-fix-logical-maximum-and-usage-maximum-of-m.patch @@ -0,0 +1,106 @@ +From c1a79ca202d711758202af431f63648305d84eb0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Jul 2021 20:03:25 +0900 +Subject: HID: apple: Fix logical maximum and usage maximum of Magic Keyboard + JIS +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Mizuho Mori + +[ Upstream commit 67fd71ba16a37c663d139f5ba5296f344d80d072 ] + +Apple Magic Keyboard(JIS)'s Logical Maximum and Usage Maximum are wrong. + +Below is a report descriptor. + +0x05, 0x01, /* Usage Page (Desktop), */ +0x09, 0x06, /* Usage (Keyboard), */ +0xA1, 0x01, /* Collection (Application), */ +0x85, 0x01, /* Report ID (1), */ +0x05, 0x07, /* Usage Page (Keyboard), */ +0x15, 0x00, /* Logical Minimum (0), */ +0x25, 0x01, /* Logical Maximum (1), */ +0x19, 0xE0, /* Usage Minimum (KB Leftcontrol), */ +0x29, 0xE7, /* Usage Maximum (KB Right GUI), */ +0x75, 0x01, /* Report Size (1), */ +0x95, 0x08, /* Report Count (8), */ +0x81, 0x02, /* Input (Variable), */ +0x95, 0x05, /* Report Count (5), */ +0x75, 0x01, /* Report Size (1), */ +0x05, 0x08, /* Usage Page (LED), */ +0x19, 0x01, /* Usage Minimum (01h), */ +0x29, 0x05, /* Usage Maximum (05h), */ +0x91, 0x02, /* Output (Variable), */ +0x95, 0x01, /* Report Count (1), */ +0x75, 0x03, /* Report Size (3), */ +0x91, 0x03, /* Output (Constant, Variable), */ +0x95, 0x08, /* Report Count (8), */ +0x75, 0x01, /* Report Size (1), */ +0x15, 0x00, /* Logical Minimum (0), */ +0x25, 0x01, /* Logical Maximum (1), */ + +here is a report descriptor which is parsed one in kernel. +see sys/kernel/debug/hid//rdesc + +05 01 09 06 a1 01 85 01 05 07 +15 00 25 01 19 e0 29 e7 75 01 +95 08 81 02 95 05 75 01 05 08 +19 01 29 05 91 02 95 01 75 03 +91 03 95 08 75 01 15 00 25 01 +06 00 ff 09 03 81 03 95 06 75 +08 15 00 25 [65] 05 07 19 00 29 +[65] 81 00 95 01 75 01 15 00 25 +01 05 0c 09 b8 81 02 95 01 75 +01 06 01 ff 09 03 81 02 95 01 +75 06 81 03 06 02 ff 09 55 85 +55 15 00 26 ff 00 75 08 95 40 +b1 a2 c0 06 00 ff 09 14 a1 01 +85 90 05 84 75 01 95 03 15 00 +25 01 09 61 05 85 09 44 09 46 +81 02 95 05 81 01 75 08 95 01 +15 00 26 ff 00 09 65 81 02 c0 +00 + +Position 64(Logical Maximum) and 70(Usage Maximum) are 101. +Both should be 0xE7 to support JIS specific keys(ろ, Eisu, Kana, |) support. +position 117 is also 101 but not related(it is Usage 65h). + +There are no difference of product id between JIS and ANSI. +They are same 0x0267. + +Signed-off-by: Mizuho Mori +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/hid-apple.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c +index 959a9e38b4f5..149902619cbc 100644 +--- a/drivers/hid/hid-apple.c ++++ b/drivers/hid/hid-apple.c +@@ -302,12 +302,19 @@ static int apple_event(struct hid_device *hdev, struct hid_field *field, + + /* + * MacBook JIS keyboard has wrong logical maximum ++ * Magic Keyboard JIS has wrong logical maximum + */ + static __u8 *apple_report_fixup(struct hid_device *hdev, __u8 *rdesc, + unsigned int *rsize) + { + struct apple_sc *asc = hid_get_drvdata(hdev); + ++ if(*rsize >=71 && rdesc[70] == 0x65 && rdesc[64] == 0x65) { ++ hid_info(hdev, ++ "fixing up Magic Keyboard JIS report descriptor\n"); ++ rdesc[64] = rdesc[70] = 0xe7; ++ } ++ + if ((asc->quirks & APPLE_RDESC_JIS) && *rsize >= 60 && + rdesc[53] == 0x65 && rdesc[59] == 0x65) { + hid_info(hdev, +-- +2.33.0 + diff --git a/queue-4.9/mac80211-drop-frames-from-invalid-mac-address-in-ad-.patch b/queue-4.9/mac80211-drop-frames-from-invalid-mac-address-in-ad-.patch new file mode 100644 index 00000000000..7b5c8ce4ac1 --- /dev/null +++ b/queue-4.9/mac80211-drop-frames-from-invalid-mac-address-in-ad-.patch @@ -0,0 +1,51 @@ +From 6c314d621d12f98ea0ca46ca3cad75a7221ac54c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Aug 2021 22:42:30 +0800 +Subject: mac80211: Drop frames from invalid MAC address in ad-hoc mode + +From: YueHaibing + +[ Upstream commit a6555f844549cd190eb060daef595f94d3de1582 ] + +WARNING: CPU: 1 PID: 9 at net/mac80211/sta_info.c:554 +sta_info_insert_rcu+0x121/0x12a0 +Modules linked in: +CPU: 1 PID: 9 Comm: kworker/u8:1 Not tainted 5.14.0-rc7+ #253 +Workqueue: phy3 ieee80211_iface_work +RIP: 0010:sta_info_insert_rcu+0x121/0x12a0 +... +Call Trace: + ieee80211_ibss_finish_sta+0xbc/0x170 + ieee80211_ibss_work+0x13f/0x7d0 + ieee80211_iface_work+0x37a/0x500 + process_one_work+0x357/0x850 + worker_thread+0x41/0x4d0 + +If an Ad-Hoc node receives packets with invalid source MAC address, +it hits a WARN_ON in sta_info_insert_check(), this can spam the log. + +Signed-off-by: YueHaibing +Link: https://lore.kernel.org/r/20210827144230.39944-1-yuehaibing@huawei.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/rx.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c +index b40e71a5d795..3dc370ad23bf 100644 +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -3692,7 +3692,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx) + if (!bssid) + return false; + if (ether_addr_equal(sdata->vif.addr, hdr->addr2) || +- ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2)) ++ ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2) || ++ !is_valid_ether_addr(hdr->addr2)) + return false; + if (ieee80211_is_beacon(hdr->frame_control)) + return true; +-- +2.33.0 + diff --git a/queue-4.9/netfilter-ip6_tables-zero-initialize-fragment-offset.patch b/queue-4.9/netfilter-ip6_tables-zero-initialize-fragment-offset.patch new file mode 100644 index 00000000000..a85c28b5acd --- /dev/null +++ b/queue-4.9/netfilter-ip6_tables-zero-initialize-fragment-offset.patch @@ -0,0 +1,38 @@ +From 31fb6efeb3cd516524cf1f5154a24fa2a3312dd8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 12 Sep 2021 22:24:33 +0100 +Subject: netfilter: ip6_tables: zero-initialize fragment offset + +From: Jeremy Sowden + +[ Upstream commit 310e2d43c3ad429c1fba4b175806cf1f55ed73a6 ] + +ip6tables only sets the `IP6T_F_PROTO` flag on a rule if a protocol is +specified (`-p tcp`, for example). However, if the flag is not set, +`ip6_packet_match` doesn't call `ipv6_find_hdr` for the skb, in which +case the fragment offset is left uninitialized and a garbage value is +passed to each matcher. + +Signed-off-by: Jeremy Sowden +Reviewed-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/ipv6/netfilter/ip6_tables.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c +index 579fda1bc45d..ce54e66b47a0 100644 +--- a/net/ipv6/netfilter/ip6_tables.c ++++ b/net/ipv6/netfilter/ip6_tables.c +@@ -290,6 +290,7 @@ ip6t_do_table(struct sk_buff *skb, + * things we don't know, ie. tcp syn flag or ports). If the + * rule is also a fragment-specific rule, non-fragments won't + * match it. */ ++ acpar.fragoff = 0; + acpar.hotdrop = false; + acpar.net = state->net; + acpar.in = state->in; +-- +2.33.0 + diff --git a/queue-4.9/perf-x86-reset-destroy-callback-on-event-init-failur.patch b/queue-4.9/perf-x86-reset-destroy-callback-on-event-init-failur.patch new file mode 100644 index 00000000000..510270923d2 --- /dev/null +++ b/queue-4.9/perf-x86-reset-destroy-callback-on-event-init-failur.patch @@ -0,0 +1,54 @@ +From de9dc4077167fa8e0b1b846ee4139a1d4149d5f1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 Sep 2021 17:04:21 +1000 +Subject: perf/x86: Reset destroy callback on event init failure + +From: Anand K Mistry + +[ Upstream commit 02d029a41dc986e2d5a77ecca45803857b346829 ] + +perf_init_event tries multiple init callbacks and does not reset the +event state between tries. When x86_pmu_event_init runs, it +unconditionally sets the destroy callback to hw_perf_event_destroy. On +the next init attempt after x86_pmu_event_init, in perf_try_init_event, +if the pmu's capabilities includes PERF_PMU_CAP_NO_EXCLUDE, the destroy +callback will be run. However, if the next init didn't set the destroy +callback, hw_perf_event_destroy will be run (since the callback wasn't +reset). + +Looking at other pmu init functions, the common pattern is to only set +the destroy callback on a successful init. Resetting the callback on +failure tries to replicate that pattern. + +This was discovered after commit f11dd0d80555 ("perf/x86/amd/ibs: Extend +PERF_PMU_CAP_NO_EXCLUDE to IBS Op") when the second (and only second) +run of the perf tool after a reboot results in 0 samples being +generated. The extra run of hw_perf_event_destroy results in +active_events having an extra decrement on each perf run. The second run +has active_events == 0 and every subsequent run has active_events < 0. +When active_events == 0, the NMI handler will early-out and not record +any samples. + +Signed-off-by: Anand K Mistry +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/20210929170405.1.I078b98ee7727f9ae9d6df8262bad7e325e40faf0@changeid +Signed-off-by: Sasha Levin +--- + arch/x86/events/core.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c +index c26cca506f64..c20df6a3540c 100644 +--- a/arch/x86/events/core.c ++++ b/arch/x86/events/core.c +@@ -2075,6 +2075,7 @@ static int x86_pmu_event_init(struct perf_event *event) + if (err) { + if (event->destroy) + event->destroy(event); ++ event->destroy = NULL; + } + + if (ACCESS_ONCE(x86_pmu.attr_rdpmc)) +-- +2.33.0 + diff --git a/queue-4.9/scsi-ses-fix-unsigned-comparison-with-less-than-zero.patch b/queue-4.9/scsi-ses-fix-unsigned-comparison-with-less-than-zero.patch new file mode 100644 index 00000000000..c1ee67f6251 --- /dev/null +++ b/queue-4.9/scsi-ses-fix-unsigned-comparison-with-less-than-zero.patch @@ -0,0 +1,39 @@ +From 1f958b0fea54ca4a347a69b45e57f859f2c8fd12 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 24 Sep 2021 17:51:53 +0800 +Subject: scsi: ses: Fix unsigned comparison with less than zero + +From: Jiapeng Chong + +[ Upstream commit dd689ed5aa905daf4ba4c99319a52aad6ea0a796 ] + +Fix the following coccicheck warning: + +./drivers/scsi/ses.c:137:10-16: WARNING: Unsigned expression compared +with zero: result > 0. + +Link: https://lore.kernel.org/r/1632477113-90378-1-git-send-email-jiapeng.chong@linux.alibaba.com +Reported-by: Abaci Robot +Signed-off-by: Jiapeng Chong +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/ses.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c +index 69046d342bc5..39396548f9b5 100644 +--- a/drivers/scsi/ses.c ++++ b/drivers/scsi/ses.c +@@ -120,7 +120,7 @@ static int ses_recv_diag(struct scsi_device *sdev, int page_code, + static int ses_send_diag(struct scsi_device *sdev, int page_code, + void *buf, int bufflen) + { +- u32 result; ++ int result; + + unsigned char cmd[] = { + SEND_DIAGNOSTIC, +-- +2.33.0 + diff --git a/queue-4.9/scsi-virtio_scsi-fix-spelling-mistake-unsupport-unsu.patch b/queue-4.9/scsi-virtio_scsi-fix-spelling-mistake-unsupport-unsu.patch new file mode 100644 index 00000000000..825d2de2087 --- /dev/null +++ b/queue-4.9/scsi-virtio_scsi-fix-spelling-mistake-unsupport-unsu.patch @@ -0,0 +1,45 @@ +From 12ccbc0ecec33f62b60edfa71a7e4618c02aebf5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 25 Sep 2021 00:03:30 +0100 +Subject: scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" + +From: Colin Ian King + +[ Upstream commit cced4c0ec7c06f5230a2958907a409c849762293 ] + +There are a couple of spelling mistakes in pr_info and pr_err messages. +Fix them. + +Link: https://lore.kernel.org/r/20210924230330.143785-1-colin.king@canonical.com +Signed-off-by: Colin Ian King +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/virtio_scsi.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c +index 7ba0031d3a73..d5575869a25c 100644 +--- a/drivers/scsi/virtio_scsi.c ++++ b/drivers/scsi/virtio_scsi.c +@@ -343,7 +343,7 @@ static void virtscsi_handle_transport_reset(struct virtio_scsi *vscsi, + } + break; + default: +- pr_info("Unsupport virtio scsi event reason %x\n", event->reason); ++ pr_info("Unsupported virtio scsi event reason %x\n", event->reason); + } + } + +@@ -396,7 +396,7 @@ static void virtscsi_handle_event(struct work_struct *work) + virtscsi_handle_param_change(vscsi, event); + break; + default: +- pr_err("Unsupport virtio scsi event %x\n", event->event); ++ pr_err("Unsupported virtio scsi event %x\n", event->event); + } + virtscsi_kick_event(vscsi, event_node); + } +-- +2.33.0 + diff --git a/queue-4.9/series b/queue-4.9/series index e10457f4011..7d731dc57fe 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -17,3 +17,9 @@ drm-nouveau-debugfs-fix-file-release-memory-leak.patch rtnetlink-fix-if_nlmsg_stats_size-under-estimation.patch i40e-fix-endless-loop-under-rtnl.patch gup-document-and-work-around-cow-can-break-either-way-issue.patch +hid-apple-fix-logical-maximum-and-usage-maximum-of-m.patch +netfilter-ip6_tables-zero-initialize-fragment-offset.patch +mac80211-drop-frames-from-invalid-mac-address-in-ad-.patch +scsi-ses-fix-unsigned-comparison-with-less-than-zero.patch +scsi-virtio_scsi-fix-spelling-mistake-unsupport-unsu.patch +perf-x86-reset-destroy-callback-on-event-init-failur.patch -- 2.47.3