From 8f4e3fc017e4471e6773e018e42adfae560839b7 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sat, 17 Apr 2021 19:27:02 -0400 Subject: [PATCH] Fixes for 4.4 Signed-off-by: Sasha Levin --- ...-return-efault-if-copy_to_user-fails.patch | 44 +++++++ ...ng-mmc-devices-with-aliases-for-omap.patch | 55 ++++++++ ...eystone-fix-integer-overflow-warning.patch | 56 ++++++++ ...esai-fix-tdm-slot-setup-for-i2s-mode.patch | 49 +++++++ ...ne-dw-make-it-dependent-to-has_iomem.patch | 46 +++++++ ...pad-enable-interrupts-only-when-open.patch | 121 ++++++++++++++++++ ...r-disregard-dead-dst-in-neigh_update.patch | 51 ++++++++ ...154-forbid-monitor-for-add-llsec-dev.patch | 38 ++++++ ...-forbid-monitor-for-add-llsec-devkey.patch | 38 ++++++ ...orbid-monitor-for-add-llsec-seclevel.patch | 38 ++++++ ...stop-dump-llsec-devkeys-for-monitors.patch | 40 ++++++ ...54-stop-dump-llsec-devs-for-monitors.patch | 40 ++++++ ...54-stop-dump-llsec-keys-for-monitors.patch | 40 ++++++ ...top-dump-llsec-seclevels-for-monitor.patch | 40 ++++++ ...tential-use-after-free-in-rds_send_r.patch | 50 ++++++++ ...x-spelling-errors-in-net-tipc-module.patch | 67 ++++++++++ ...resource_len-to-validate-pci-resourc.patch | 54 ++++++++ queue-4.4/series | 17 +++ 18 files changed, 884 insertions(+) create mode 100644 queue-4.4/arc-kernel-return-efault-if-copy_to_user-fails.patch create mode 100644 queue-4.4/arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch create mode 100644 queue-4.4/arm-keystone-fix-integer-overflow-warning.patch create mode 100644 queue-4.4/asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch create mode 100644 queue-4.4/dmaengine-dw-make-it-dependent-to-has_iomem.patch create mode 100644 queue-4.4/input-nspire-keypad-enable-interrupts-only-when-open.patch create mode 100644 queue-4.4/neighbour-disregard-dead-dst-in-neigh_update.patch create mode 100644 queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-dev.patch create mode 100644 queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch create mode 100644 queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch create mode 100644 queue-4.4/net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch create mode 100644 queue-4.4/net-ieee802154-stop-dump-llsec-devs-for-monitors.patch create mode 100644 queue-4.4/net-ieee802154-stop-dump-llsec-keys-for-monitors.patch create mode 100644 queue-4.4/net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch create mode 100644 queue-4.4/net-rds-avoid-potential-use-after-free-in-rds_send_r.patch create mode 100644 queue-4.4/net-tipc-fix-spelling-errors-in-net-tipc-module.patch create mode 100644 queue-4.4/pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch create mode 100644 queue-4.4/series diff --git a/queue-4.4/arc-kernel-return-efault-if-copy_to_user-fails.patch b/queue-4.4/arc-kernel-return-efault-if-copy_to_user-fails.patch new file mode 100644 index 00000000000..0712b1207d5 --- /dev/null +++ b/queue-4.4/arc-kernel-return-efault-if-copy_to_user-fails.patch @@ -0,0 +1,44 @@ +From 8497368e7708ddb5e7e5e4cde0d231f95d452891 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 Mar 2021 20:05:48 +0800 +Subject: arc: kernel: Return -EFAULT if copy_to_user() fails + +From: Wang Qing + +[ Upstream commit 46e152186cd89d940b26726fff11eb3f4935b45a ] + +The copy_to_user() function returns the number of bytes remaining to be +copied, but we want to return -EFAULT if the copy doesn't complete. + +Signed-off-by: Wang Qing +Signed-off-by: Vineet Gupta +Signed-off-by: Sasha Levin +--- + arch/arc/kernel/signal.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arc/kernel/signal.c b/arch/arc/kernel/signal.c +index 257b8699efde..639f39f39917 100644 +--- a/arch/arc/kernel/signal.c ++++ b/arch/arc/kernel/signal.c +@@ -97,7 +97,7 @@ stash_usr_regs(struct rt_sigframe __user *sf, struct pt_regs *regs, + sizeof(sf->uc.uc_mcontext.regs.scratch)); + err |= __copy_to_user(&sf->uc.uc_sigmask, set, sizeof(sigset_t)); + +- return err; ++ return err ? -EFAULT : 0; + } + + static int restore_usr_regs(struct pt_regs *regs, struct rt_sigframe __user *sf) +@@ -111,7 +111,7 @@ static int restore_usr_regs(struct pt_regs *regs, struct rt_sigframe __user *sf) + &(sf->uc.uc_mcontext.regs.scratch), + sizeof(sf->uc.uc_mcontext.regs.scratch)); + if (err) +- return err; ++ return -EFAULT; + + set_current_blocked(&set); + regs->bta = uregs.scratch.bta; +-- +2.30.2 + diff --git a/queue-4.4/arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch b/queue-4.4/arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch new file mode 100644 index 00000000000..396b6f79b10 --- /dev/null +++ b/queue-4.4/arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch @@ -0,0 +1,55 @@ +From 11b75e2832cf599aac08e88feb34ceeda42e7240 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 11:30:45 +0200 +Subject: ARM: dts: Fix moving mmc devices with aliases for omap4 & 5 + +From: Tony Lindgren + +[ Upstream commit 77335a040178a0456d4eabc8bf17a7ca3ee4a327 ] + +Fix moving mmc devices with dts aliases as discussed on the lists. +Without this we now have internal eMMC mmc1 show up as mmc2 compared +to the earlier order of devices. + +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/omap4.dtsi | 5 +++++ + arch/arm/boot/dts/omap5.dtsi | 5 +++++ + 2 files changed, 10 insertions(+) + +diff --git a/arch/arm/boot/dts/omap4.dtsi b/arch/arm/boot/dts/omap4.dtsi +index 8a5628c4b135..656e35ec037d 100644 +--- a/arch/arm/boot/dts/omap4.dtsi ++++ b/arch/arm/boot/dts/omap4.dtsi +@@ -21,6 +21,11 @@ + i2c1 = &i2c2; + i2c2 = &i2c3; + i2c3 = &i2c4; ++ mmc0 = &mmc1; ++ mmc1 = &mmc2; ++ mmc2 = &mmc3; ++ mmc3 = &mmc4; ++ mmc4 = &mmc5; + serial0 = &uart1; + serial1 = &uart2; + serial2 = &uart3; +diff --git a/arch/arm/boot/dts/omap5.dtsi b/arch/arm/boot/dts/omap5.dtsi +index 4c04389dab32..b61ea6ca59b3 100644 +--- a/arch/arm/boot/dts/omap5.dtsi ++++ b/arch/arm/boot/dts/omap5.dtsi +@@ -26,6 +26,11 @@ + i2c2 = &i2c3; + i2c3 = &i2c4; + i2c4 = &i2c5; ++ mmc0 = &mmc1; ++ mmc1 = &mmc2; ++ mmc2 = &mmc3; ++ mmc3 = &mmc4; ++ mmc4 = &mmc5; + serial0 = &uart1; + serial1 = &uart2; + serial2 = &uart3; +-- +2.30.2 + diff --git a/queue-4.4/arm-keystone-fix-integer-overflow-warning.patch b/queue-4.4/arm-keystone-fix-integer-overflow-warning.patch new file mode 100644 index 00000000000..0445a789e48 --- /dev/null +++ b/queue-4.4/arm-keystone-fix-integer-overflow-warning.patch @@ -0,0 +1,56 @@ +From f40eb32fa213dcdbcdb7823333fca78d46f2a513 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 14:18:05 +0100 +Subject: ARM: keystone: fix integer overflow warning + +From: Arnd Bergmann + +[ Upstream commit 844b85dda2f569943e1e018fdd63b6f7d1d6f08e ] + +clang warns about an impossible condition when building with 32-bit +phys_addr_t: + +arch/arm/mach-keystone/keystone.c:79:16: error: result of comparison of constant 51539607551 with expression of type 'phys_addr_t' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare] + mem_end > KEYSTONE_HIGH_PHYS_END) { + ~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~ +arch/arm/mach-keystone/keystone.c:78:16: error: result of comparison of constant 34359738368 with expression of type 'phys_addr_t' (aka 'unsigned int') is always true [-Werror,-Wtautological-constant-out-of-range-compare] + if (mem_start < KEYSTONE_HIGH_PHYS_START || + ~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~ + +Change the temporary variable to a fixed-size u64 to avoid the warning. + +Signed-off-by: Arnd Bergmann +Reviewed-by: Nathan Chancellor +Acked-by: Santosh Shilimkar +Link: https://lore.kernel.org/r/20210323131814.2751750-1-arnd@kernel.org' +Signed-off-by: Arnd Bergmann +Signed-off-by: Sasha Levin +--- + arch/arm/mach-keystone/keystone.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/mach-keystone/keystone.c b/arch/arm/mach-keystone/keystone.c +index c279293f084c..0f1f5c4141d5 100644 +--- a/arch/arm/mach-keystone/keystone.c ++++ b/arch/arm/mach-keystone/keystone.c +@@ -71,7 +71,7 @@ static phys_addr_t keystone_virt_to_idmap(unsigned long x) + static long long __init keystone_pv_fixup(void) + { + long long offset; +- phys_addr_t mem_start, mem_end; ++ u64 mem_start, mem_end; + + mem_start = memblock_start_of_DRAM(); + mem_end = memblock_end_of_DRAM(); +@@ -84,7 +84,7 @@ static long long __init keystone_pv_fixup(void) + if (mem_start < KEYSTONE_HIGH_PHYS_START || + mem_end > KEYSTONE_HIGH_PHYS_END) { + pr_crit("Invalid address space for memory (%08llx-%08llx)\n", +- (u64)mem_start, (u64)mem_end); ++ mem_start, mem_end); + return 0; + } + +-- +2.30.2 + diff --git a/queue-4.4/asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch b/queue-4.4/asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch new file mode 100644 index 00000000000..8f957382b99 --- /dev/null +++ b/queue-4.4/asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch @@ -0,0 +1,49 @@ +From d4866daf797c1485d571797ef472646bfd040c89 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Apr 2021 11:14:05 +0300 +Subject: ASoC: fsl_esai: Fix TDM slot setup for I2S mode + +From: Alexander Shiyan + +[ Upstream commit e7a48c710defa0e0fef54d42b7d9e4ab596e2761 ] + +When using the driver in I2S TDM mode, the fsl_esai_startup() +function rewrites the number of slots previously set by the +fsl_esai_set_dai_tdm_slot() function to 2. +To fix this, let's use the saved slot count value or, if TDM +is not used and the number of slots is not set, the driver will use +the default value (2), which is set by fsl_esai_probe(). + +Signed-off-by: Alexander Shiyan +Acked-by: Nicolin Chen +Link: https://lore.kernel.org/r/20210402081405.9892-1-shc_work@mail.ru +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/fsl/fsl_esai.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c +index 40075b9afb79..fad711a3f4b4 100644 +--- a/sound/soc/fsl/fsl_esai.c ++++ b/sound/soc/fsl/fsl_esai.c +@@ -488,11 +488,13 @@ static int fsl_esai_startup(struct snd_pcm_substream *substream, + ESAI_SAICR_SYNC, esai_priv->synchronous ? + ESAI_SAICR_SYNC : 0); + +- /* Set a default slot number -- 2 */ ++ /* Set slots count */ + regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR, +- ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(2)); ++ ESAI_xCCR_xDC_MASK, ++ ESAI_xCCR_xDC(esai_priv->slots)); + regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR, +- ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(2)); ++ ESAI_xCCR_xDC_MASK, ++ ESAI_xCCR_xDC(esai_priv->slots)); + } + + return 0; +-- +2.30.2 + diff --git a/queue-4.4/dmaengine-dw-make-it-dependent-to-has_iomem.patch b/queue-4.4/dmaengine-dw-make-it-dependent-to-has_iomem.patch new file mode 100644 index 00000000000..467b03c67be --- /dev/null +++ b/queue-4.4/dmaengine-dw-make-it-dependent-to-has_iomem.patch @@ -0,0 +1,46 @@ +From b6e4cd3c28eebaeb372bcc615aeaa70755ed2a70 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 16:17:57 +0200 +Subject: dmaengine: dw: Make it dependent to HAS_IOMEM + +From: Andy Shevchenko + +[ Upstream commit 88cd1d6191b13689094310c2405394e4ce36d061 ] + +Some architectures do not provide devm_*() APIs. Hence make the driver +dependent on HAVE_IOMEM. + +Fixes: dbde5c2934d1 ("dw_dmac: use devm_* functions to simplify code") +Reported-by: kernel test robot +Signed-off-by: Andy Shevchenko +Acked-by: Viresh Kumar +Link: https://lore.kernel.org/r/20210324141757.24710-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/dw/Kconfig | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/dma/dw/Kconfig b/drivers/dma/dw/Kconfig +index e00c9b022964..6ea3e95c287b 100644 +--- a/drivers/dma/dw/Kconfig ++++ b/drivers/dma/dw/Kconfig +@@ -11,6 +11,7 @@ config DW_DMAC_BIG_ENDIAN_IO + + config DW_DMAC + tristate "Synopsys DesignWare AHB DMA platform driver" ++ depends on HAS_IOMEM + select DW_DMAC_CORE + select DW_DMAC_BIG_ENDIAN_IO if AVR32 + default y if CPU_AT32AP7000 +@@ -21,6 +22,7 @@ config DW_DMAC + config DW_DMAC_PCI + tristate "Synopsys DesignWare AHB DMA PCI driver" + depends on PCI ++ depends on HAS_IOMEM + select DW_DMAC_CORE + help + Support the Synopsys DesignWare AHB DMA controller on the +-- +2.30.2 + diff --git a/queue-4.4/input-nspire-keypad-enable-interrupts-only-when-open.patch b/queue-4.4/input-nspire-keypad-enable-interrupts-only-when-open.patch new file mode 100644 index 00000000000..c0e5d471bd1 --- /dev/null +++ b/queue-4.4/input-nspire-keypad-enable-interrupts-only-when-open.patch @@ -0,0 +1,121 @@ +From 343ccc6eb7b58bec7b9eb5a97a0aa9c5a01f6cbc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 10:45:55 -0700 +Subject: Input: nspire-keypad - enable interrupts only when opened + +From: Fabian Vogt + +[ Upstream commit 69d5ff3e9e51e23d5d81bf48480aa5671be67a71 ] + +The driver registers an interrupt handler in _probe, but didn't configure +them until later when the _open function is called. In between, the keypad +can fire an IRQ due to touchpad activity, which the handler ignores. This +causes the kernel to disable the interrupt, blocking the keypad from +working. + +Fix this by disabling interrupts before registering the handler. +Additionally, disable them in _close, so that they're only enabled while +open. + +Fixes: fc4f31461892 ("Input: add TI-Nspire keypad support") +Signed-off-by: Fabian Vogt +Link: https://lore.kernel.org/r/3383725.iizBOSrK1V@linux-e202.suse.de +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/keyboard/nspire-keypad.c | 56 ++++++++++++++------------ + 1 file changed, 31 insertions(+), 25 deletions(-) + +diff --git a/drivers/input/keyboard/nspire-keypad.c b/drivers/input/keyboard/nspire-keypad.c +index 7abfd34eb87e..bcec72367c1d 100644 +--- a/drivers/input/keyboard/nspire-keypad.c ++++ b/drivers/input/keyboard/nspire-keypad.c +@@ -96,9 +96,15 @@ static irqreturn_t nspire_keypad_irq(int irq, void *dev_id) + return IRQ_HANDLED; + } + +-static int nspire_keypad_chip_init(struct nspire_keypad *keypad) ++static int nspire_keypad_open(struct input_dev *input) + { ++ struct nspire_keypad *keypad = input_get_drvdata(input); + unsigned long val = 0, cycles_per_us, delay_cycles, row_delay_cycles; ++ int error; ++ ++ error = clk_prepare_enable(keypad->clk); ++ if (error) ++ return error; + + cycles_per_us = (clk_get_rate(keypad->clk) / 1000000); + if (cycles_per_us == 0) +@@ -124,30 +130,6 @@ static int nspire_keypad_chip_init(struct nspire_keypad *keypad) + keypad->int_mask = 1 << 1; + writel(keypad->int_mask, keypad->reg_base + KEYPAD_INTMSK); + +- /* Disable GPIO interrupts to prevent hanging on touchpad */ +- /* Possibly used to detect touchpad events */ +- writel(0, keypad->reg_base + KEYPAD_UNKNOWN_INT); +- /* Acknowledge existing interrupts */ +- writel(~0, keypad->reg_base + KEYPAD_UNKNOWN_INT_STS); +- +- return 0; +-} +- +-static int nspire_keypad_open(struct input_dev *input) +-{ +- struct nspire_keypad *keypad = input_get_drvdata(input); +- int error; +- +- error = clk_prepare_enable(keypad->clk); +- if (error) +- return error; +- +- error = nspire_keypad_chip_init(keypad); +- if (error) { +- clk_disable_unprepare(keypad->clk); +- return error; +- } +- + return 0; + } + +@@ -155,6 +137,11 @@ static void nspire_keypad_close(struct input_dev *input) + { + struct nspire_keypad *keypad = input_get_drvdata(input); + ++ /* Disable interrupts */ ++ writel(0, keypad->reg_base + KEYPAD_INTMSK); ++ /* Acknowledge existing interrupts */ ++ writel(~0, keypad->reg_base + KEYPAD_INT); ++ + clk_disable_unprepare(keypad->clk); + } + +@@ -215,6 +202,25 @@ static int nspire_keypad_probe(struct platform_device *pdev) + return -ENOMEM; + } + ++ error = clk_prepare_enable(keypad->clk); ++ if (error) { ++ dev_err(&pdev->dev, "failed to enable clock\n"); ++ return error; ++ } ++ ++ /* Disable interrupts */ ++ writel(0, keypad->reg_base + KEYPAD_INTMSK); ++ /* Acknowledge existing interrupts */ ++ writel(~0, keypad->reg_base + KEYPAD_INT); ++ ++ /* Disable GPIO interrupts to prevent hanging on touchpad */ ++ /* Possibly used to detect touchpad events */ ++ writel(0, keypad->reg_base + KEYPAD_UNKNOWN_INT); ++ /* Acknowledge existing GPIO interrupts */ ++ writel(~0, keypad->reg_base + KEYPAD_UNKNOWN_INT_STS); ++ ++ clk_disable_unprepare(keypad->clk); ++ + input_set_drvdata(input, keypad); + + input->id.bustype = BUS_HOST; +-- +2.30.2 + diff --git a/queue-4.4/neighbour-disregard-dead-dst-in-neigh_update.patch b/queue-4.4/neighbour-disregard-dead-dst-in-neigh_update.patch new file mode 100644 index 00000000000..728fe0ede9d --- /dev/null +++ b/queue-4.4/neighbour-disregard-dead-dst-in-neigh_update.patch @@ -0,0 +1,51 @@ +From 1853c5593af858c29b813ea34c1edeae62b63c9c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 14:33:37 -0400 +Subject: neighbour: Disregard DEAD dst in neigh_update + +From: Tong Zhu + +[ Upstream commit d47ec7a0a7271dda08932d6208e4ab65ab0c987c ] + +After a short network outage, the dst_entry is timed out and put +in DST_OBSOLETE_DEAD. We are in this code because arp reply comes +from this neighbour after network recovers. There is a potential +race condition that dst_entry is still in DST_OBSOLETE_DEAD. +With that, another neighbour lookup causes more harm than good. + +In best case all packets in arp_queue are lost. This is +counterproductive to the original goal of finding a better path +for those packets. + +I observed a worst case with 4.x kernel where a dst_entry in +DST_OBSOLETE_DEAD state is associated with loopback net_device. +It leads to an ethernet header with all zero addresses. +A packet with all zero source MAC address is quite deadly with +mac80211, ath9k and 802.11 block ack. It fails +ieee80211_find_sta_by_ifaddr in ath9k (xmit.c). Ath9k flushes tx +queue (ath_tx_complete_aggr). BAW (block ack window) is not +updated. BAW logic is damaged and ath9k transmission is disabled. + +Signed-off-by: Tong Zhu +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/core/neighbour.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/core/neighbour.c b/net/core/neighbour.c +index 40d33431bc58..17997902d316 100644 +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -1234,7 +1234,7 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, + * we can reinject the packet there. + */ + n2 = NULL; +- if (dst) { ++ if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { + n2 = dst_neigh_lookup_skb(dst, skb); + if (n2) + n1 = n2; +-- +2.30.2 + diff --git a/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-dev.patch b/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-dev.patch new file mode 100644 index 00000000000..4a8ed8c36f3 --- /dev/null +++ b/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-dev.patch @@ -0,0 +1,38 @@ +From 13750595c719df56472b069688dfee2912c83007 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:46 -0400 +Subject: net: ieee802154: forbid monitor for add llsec dev + +From: Alexander Aring + +[ Upstream commit 5303f956b05a2886ff42890908156afaec0f95ac ] + +This patch forbids to add llsec dev for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-8-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index e4ba6764c4a3..a602fd45e384 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1750,6 +1750,9 @@ static int nl802154_add_llsec_dev(struct sk_buff *skb, struct genl_info *info) + struct wpan_dev *wpan_dev = dev->ieee802154_ptr; + struct ieee802154_llsec_device dev_desc; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (ieee802154_llsec_parse_device(info->attrs[NL802154_ATTR_SEC_DEVICE], + &dev_desc) < 0) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch b/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch new file mode 100644 index 00000000000..18c43a288d9 --- /dev/null +++ b/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch @@ -0,0 +1,38 @@ +From f6ba36440753d3f4d8577e23c4e542445a11f7e3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:49 -0400 +Subject: net: ieee802154: forbid monitor for add llsec devkey + +From: Alexander Aring + +[ Upstream commit a347b3b394868fef15b16f143719df56184be81d ] + +This patch forbids to add llsec devkey for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-11-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 19d0d22ff625..4ee080f3a41d 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1901,6 +1901,9 @@ static int nl802154_add_llsec_devkey(struct sk_buff *skb, struct genl_info *info + struct ieee802154_llsec_device_key key; + __le64 extended_addr; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] || + nla_parse_nested(attrs, NL802154_DEVKEY_ATTR_MAX, + info->attrs[NL802154_ATTR_SEC_DEVKEY], +-- +2.30.2 + diff --git a/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch b/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch new file mode 100644 index 00000000000..8d5125ec911 --- /dev/null +++ b/queue-4.4/net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch @@ -0,0 +1,38 @@ +From da1a833fd87c4d3badc800717146b2c4d4ae72fc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:52 -0400 +Subject: net: ieee802154: forbid monitor for add llsec seclevel + +From: Alexander Aring + +[ Upstream commit 9ec87e322428d4734ac647d1a8e507434086993d ] + +This patch forbids to add llsec seclevel for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-14-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index f07a3027d66c..b2ff2f7329c3 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -2103,6 +2103,9 @@ static int nl802154_add_llsec_seclevel(struct sk_buff *skb, + struct wpan_dev *wpan_dev = dev->ieee802154_ptr; + struct ieee802154_llsec_seclevel sl; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL], + &sl) < 0) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-4.4/net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch b/queue-4.4/net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch new file mode 100644 index 00000000000..8a1542dfcb8 --- /dev/null +++ b/queue-4.4/net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch @@ -0,0 +1,40 @@ +From 21ff226ecc077bb5d7d62e2f8fdb91d9e291e9d7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:48 -0400 +Subject: net: ieee802154: stop dump llsec devkeys for monitors + +From: Alexander Aring + +[ Upstream commit 080d1a57a94d93e70f84b7a360baa351388c574f ] + +This patch stops dumping llsec devkeys for monitors which we don't support +yet. Otherwise we will access llsec mib which isn't initialized for +monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-10-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index a602fd45e384..19d0d22ff625 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1839,6 +1839,11 @@ nl802154_dump_llsec_devkey(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) { ++ err = skb->len; ++ goto out_err; ++ } ++ + if (!wpan_dev->netdev) { + err = -EINVAL; + goto out_err; +-- +2.30.2 + diff --git a/queue-4.4/net-ieee802154-stop-dump-llsec-devs-for-monitors.patch b/queue-4.4/net-ieee802154-stop-dump-llsec-devs-for-monitors.patch new file mode 100644 index 00000000000..6188268b6ea --- /dev/null +++ b/queue-4.4/net-ieee802154-stop-dump-llsec-devs-for-monitors.patch @@ -0,0 +1,40 @@ +From f205d12dde659e3cbe216c535dfbcdce920b7bb3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:45 -0400 +Subject: net: ieee802154: stop dump llsec devs for monitors + +From: Alexander Aring + +[ Upstream commit 5582d641e6740839c9b83efd1fbf9bcd00b6f5fc ] + +This patch stops dumping llsec devs for monitors which we don't support +yet. Otherwise we will access llsec mib which isn't initialized for +monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-7-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 78a0edf26854..e4ba6764c4a3 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1658,6 +1658,11 @@ nl802154_dump_llsec_dev(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) { ++ err = skb->len; ++ goto out_err; ++ } ++ + if (!wpan_dev->netdev) { + err = -EINVAL; + goto out_err; +-- +2.30.2 + diff --git a/queue-4.4/net-ieee802154-stop-dump-llsec-keys-for-monitors.patch b/queue-4.4/net-ieee802154-stop-dump-llsec-keys-for-monitors.patch new file mode 100644 index 00000000000..4011e46447f --- /dev/null +++ b/queue-4.4/net-ieee802154-stop-dump-llsec-keys-for-monitors.patch @@ -0,0 +1,40 @@ +From 2f107049ba4c8b68995964fb85a2744759de5648 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:42 -0400 +Subject: net: ieee802154: stop dump llsec keys for monitors + +From: Alexander Aring + +[ Upstream commit fb3c5cdf88cd504ef11d59e8d656f4bc896c6922 ] + +This patch stops dumping llsec keys for monitors which we don't support +yet. Otherwise we will access llsec mib which isn't initialized for +monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-4-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index c23c08f49c3c..78a0edf26854 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1481,6 +1481,11 @@ nl802154_dump_llsec_key(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) { ++ err = skb->len; ++ goto out_err; ++ } ++ + if (!wpan_dev->netdev) { + err = -EINVAL; + goto out_err; +-- +2.30.2 + diff --git a/queue-4.4/net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch b/queue-4.4/net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch new file mode 100644 index 00000000000..26ec3e43f30 --- /dev/null +++ b/queue-4.4/net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch @@ -0,0 +1,40 @@ +From b8354dd7123b1a76d50ba03f78791fa0bdb59b74 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:51 -0400 +Subject: net: ieee802154: stop dump llsec seclevels for monitors + +From: Alexander Aring + +[ Upstream commit 4c9b4f55ad1f5a4b6206ac4ea58f273126d21925 ] + +This patch stops dumping llsec seclevels for monitors which we don't +support yet. Otherwise we will access llsec mib which isn't initialized +for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-13-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 4ee080f3a41d..f07a3027d66c 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -2013,6 +2013,11 @@ nl802154_dump_llsec_seclevel(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) { ++ err = skb->len; ++ goto out_err; ++ } ++ + if (!wpan_dev->netdev) { + err = -EINVAL; + goto out_err; +-- +2.30.2 + diff --git a/queue-4.4/net-rds-avoid-potential-use-after-free-in-rds_send_r.patch b/queue-4.4/net-rds-avoid-potential-use-after-free-in-rds_send_r.patch new file mode 100644 index 00000000000..13b5798605b --- /dev/null +++ b/queue-4.4/net-rds-avoid-potential-use-after-free-in-rds_send_r.patch @@ -0,0 +1,50 @@ +From c04acb504c005d8ac0ae208870b806ee877dbae0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Apr 2021 19:09:12 -0500 +Subject: net/rds: Avoid potential use after free in rds_send_remove_from_sock + +From: Aditya Pakki + +[ Upstream commit 0c85a7e87465f2d4cbc768e245f4f45b2f299b05 ] + +In case of rs failure in rds_send_remove_from_sock(), the 'rm' resource +is freed and later under spinlock, causing potential use-after-free. +Set the free pointer to NULL to avoid undefined behavior. + +Signed-off-by: Aditya Pakki +Acked-by: Santosh Shilimkar +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/rds/message.c | 1 + + net/rds/send.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/rds/message.c b/net/rds/message.c +index 756c73729126..decf2ee33c23 100644 +--- a/net/rds/message.c ++++ b/net/rds/message.c +@@ -89,6 +89,7 @@ void rds_message_put(struct rds_message *rm) + rds_message_purge(rm); + + kfree(rm); ++ rm = NULL; + } + } + EXPORT_SYMBOL_GPL(rds_message_put); +diff --git a/net/rds/send.c b/net/rds/send.c +index 1a3c6acdd3f8..1415a296f7b2 100644 +--- a/net/rds/send.c ++++ b/net/rds/send.c +@@ -668,7 +668,7 @@ static void rds_send_remove_from_sock(struct list_head *messages, int status) + unlock_and_drop: + spin_unlock_irqrestore(&rm->m_rs_lock, flags); + rds_message_put(rm); +- if (was_on_sock) ++ if (was_on_sock && rm) + rds_message_put(rm); + } + +-- +2.30.2 + diff --git a/queue-4.4/net-tipc-fix-spelling-errors-in-net-tipc-module.patch b/queue-4.4/net-tipc-fix-spelling-errors-in-net-tipc-module.patch new file mode 100644 index 00000000000..99850ef1001 --- /dev/null +++ b/queue-4.4/net-tipc-fix-spelling-errors-in-net-tipc-module.patch @@ -0,0 +1,67 @@ +From 5387243a93b508719b81724cd629638d16deb811 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Apr 2021 09:59:45 +0800 +Subject: net: tipc: Fix spelling errors in net/tipc module + +From: Zheng Yongjun + +[ Upstream commit a79ace4b312953c5835fafb12adc3cb6878b26bd ] + +These patches fix a series of spelling errors in net/tipc module. + +Reported-by: Hulk Robot +Signed-off-by: Zheng Yongjun +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/tipc/bearer.h | 6 +++--- + net/tipc/net.c | 2 +- + net/tipc/node.c | 2 +- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/net/tipc/bearer.h b/net/tipc/bearer.h +index 5f11e18b1fa1..1e180d512ef2 100644 +--- a/net/tipc/bearer.h ++++ b/net/tipc/bearer.h +@@ -153,9 +153,9 @@ struct tipc_media { + * care of initializing all other fields. + */ + struct tipc_bearer { +- void __rcu *media_ptr; /* initalized by media */ +- u32 mtu; /* initalized by media */ +- struct tipc_media_addr addr; /* initalized by media */ ++ void __rcu *media_ptr; /* initialized by media */ ++ u32 mtu; /* initialized by media */ ++ struct tipc_media_addr addr; /* initialized by media */ + char name[TIPC_MAX_BEARER_NAME]; + struct tipc_media *media; + struct tipc_media_addr bcast_addr; +diff --git a/net/tipc/net.c b/net/tipc/net.c +index 2763bd369b79..f874f95b6b93 100644 +--- a/net/tipc/net.c ++++ b/net/tipc/net.c +@@ -93,7 +93,7 @@ static const struct nla_policy tipc_nl_net_policy[TIPC_NLA_NET_MAX + 1] = { + * - A spin lock to protect the registry of kernel/driver users (reg.c) + * - A global spin_lock (tipc_port_lock), which only task is to ensure + * consistency where more than one port is involved in an operation, +- * i.e., whe a port is part of a linked list of ports. ++ * i.e., when a port is part of a linked list of ports. + * There are two such lists; 'port_list', which is used for management, + * and 'wait_list', which is used to queue ports during congestion. + * +diff --git a/net/tipc/node.c b/net/tipc/node.c +index 2df0b98d4a32..772794e5dd02 100644 +--- a/net/tipc/node.c ++++ b/net/tipc/node.c +@@ -1052,7 +1052,7 @@ int tipc_node_xmit(struct net *net, struct sk_buff_head *list, + } + + /* tipc_node_xmit_skb(): send single buffer to destination +- * Buffers sent via this functon are generally TIPC_SYSTEM_IMPORTANCE ++ * Buffers sent via this function are generally TIPC_SYSTEM_IMPORTANCE + * messages, which will not be rejected + * The only exception is datagram messages rerouted after secondary + * lookup, which are rare and safe to dispose of anyway. +-- +2.30.2 + diff --git a/queue-4.4/pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch b/queue-4.4/pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch new file mode 100644 index 00000000000..c2f1829c800 --- /dev/null +++ b/queue-4.4/pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch @@ -0,0 +1,54 @@ +From 36f880469ab04916d78361ccf7b3a0ffa67869c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 5 Apr 2021 21:29:22 -0700 +Subject: pcnet32: Use pci_resource_len to validate PCI resource + +From: Guenter Roeck + +[ Upstream commit 66c3f05ddc538ee796321210c906b6ae6fc0792a ] + +pci_resource_start() is not a good indicator to determine if a PCI +resource exists or not, since the resource may start at address 0. +This is seen when trying to instantiate the driver in qemu for riscv32 +or riscv64. + +pci 0000:00:01.0: reg 0x10: [io 0x0000-0x001f] +pci 0000:00:01.0: reg 0x14: [mem 0x00000000-0x0000001f] +... +pcnet32: card has no PCI IO resources, aborting + +Use pci_resouce_len() instead. + +Signed-off-by: Guenter Roeck +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/amd/pcnet32.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/amd/pcnet32.c b/drivers/net/ethernet/amd/pcnet32.c +index 7ccebae9cb48..b305903c91c4 100644 +--- a/drivers/net/ethernet/amd/pcnet32.c ++++ b/drivers/net/ethernet/amd/pcnet32.c +@@ -1493,8 +1493,7 @@ pcnet32_probe_pci(struct pci_dev *pdev, const struct pci_device_id *ent) + } + pci_set_master(pdev); + +- ioaddr = pci_resource_start(pdev, 0); +- if (!ioaddr) { ++ if (!pci_resource_len(pdev, 0)) { + if (pcnet32_debug & NETIF_MSG_PROBE) + pr_err("card has no PCI IO resources, aborting\n"); + return -ENODEV; +@@ -1506,6 +1505,8 @@ pcnet32_probe_pci(struct pci_dev *pdev, const struct pci_device_id *ent) + pr_err("architecture does not support 32bit PCI busmaster DMA\n"); + return err; + } ++ ++ ioaddr = pci_resource_start(pdev, 0); + if (!request_region(ioaddr, PCNET32_TOTAL_SIZE, "pcnet32_probe_pci")) { + if (pcnet32_debug & NETIF_MSG_PROBE) + pr_err("io address range already allocated\n"); +-- +2.30.2 + diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..18f236ea7c3 --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1,17 @@ +input-nspire-keypad-enable-interrupts-only-when-open.patch +dmaengine-dw-make-it-dependent-to-has_iomem.patch +arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch +arc-kernel-return-efault-if-copy_to_user-fails.patch +neighbour-disregard-dead-dst-in-neigh_update.patch +arm-keystone-fix-integer-overflow-warning.patch +asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch +net-ieee802154-stop-dump-llsec-keys-for-monitors.patch +net-ieee802154-stop-dump-llsec-devs-for-monitors.patch +net-ieee802154-forbid-monitor-for-add-llsec-dev.patch +net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch +net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch +net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch +net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch +pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch +net-rds-avoid-potential-use-after-free-in-rds_send_r.patch +net-tipc-fix-spelling-errors-in-net-tipc-module.patch -- 2.47.3