From aec779693eac0998e66c20f363e891ee9ef04d2b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 20 Jun 2022 10:22:42 +0200 Subject: [PATCH] 5.18-stable patches added patches: arm64-mm-don-t-invalidate-from_device-buffers-at-start-of-dma-transfer.patch crypto-memneq-move-into-lib.patch tty-n_gsm-debug-output-allocation-must-use-gfp_atomic.patch usb-cdnsp-fixed-setting-last_trb-incorrectly.patch usb-dwc2-fix-memory-leak-in-dwc2_hcd_init.patch usb-dwc3-gadget-fix-in-endpoint-max-packet-size-allocation.patch usb-dwc3-pci-restore-line-lost-in-merge-conflict-resolution.patch usb-gadget-f_fs-change-ep-ep-safe-in-ffs_epfile_io.patch usb-gadget-f_fs-change-ep-status-safe-in-ffs_epfile_io.patch usb-gadget-lpc32xx_udc-fix-refcount-leak-in-lpc32xx_udc_probe.patch usb-gadget-u_ether-fix-regression-in-setting-fixed-mac-address.patch usb-serial-io_ti-add-agilent-e5805a-support.patch usb-serial-option-add-support-for-cinterion-mv31-with-new-baseline.patch --- ...ice-buffers-at-start-of-dma-transfer.patch | 56 +++ queue-5.18/crypto-memneq-move-into-lib.patch | 458 ++++++++++++++++++ queue-5.18/series | 13 + ...utput-allocation-must-use-gfp_atomic.patch | 40 ++ ...p-fixed-setting-last_trb-incorrectly.patch | 58 +++ ...wc2-fix-memory-leak-in-dwc2_hcd_init.patch | 35 ++ ...-endpoint-max-packet-size-allocation.patch | 79 +++ ...ne-lost-in-merge-conflict-resolution.patch | 41 ++ ...s-change-ep-ep-safe-in-ffs_epfile_io.patch | 50 ++ ...ange-ep-status-safe-in-ffs_epfile_io.patch | 119 +++++ ...x-refcount-leak-in-lpc32xx_udc_probe.patch | 33 ++ ...ression-in-setting-fixed-mac-address.patch | 80 +++ ...ial-io_ti-add-agilent-e5805a-support.patch | 49 ++ ...for-cinterion-mv31-with-new-baseline.patch | 75 +++ 14 files changed, 1186 insertions(+) create mode 100644 queue-5.18/arm64-mm-don-t-invalidate-from_device-buffers-at-start-of-dma-transfer.patch create mode 100644 queue-5.18/crypto-memneq-move-into-lib.patch create mode 100644 queue-5.18/tty-n_gsm-debug-output-allocation-must-use-gfp_atomic.patch create mode 100644 queue-5.18/usb-cdnsp-fixed-setting-last_trb-incorrectly.patch create mode 100644 queue-5.18/usb-dwc2-fix-memory-leak-in-dwc2_hcd_init.patch create mode 100644 queue-5.18/usb-dwc3-gadget-fix-in-endpoint-max-packet-size-allocation.patch create mode 100644 queue-5.18/usb-dwc3-pci-restore-line-lost-in-merge-conflict-resolution.patch create mode 100644 queue-5.18/usb-gadget-f_fs-change-ep-ep-safe-in-ffs_epfile_io.patch create mode 100644 queue-5.18/usb-gadget-f_fs-change-ep-status-safe-in-ffs_epfile_io.patch create mode 100644 queue-5.18/usb-gadget-lpc32xx_udc-fix-refcount-leak-in-lpc32xx_udc_probe.patch create mode 100644 queue-5.18/usb-gadget-u_ether-fix-regression-in-setting-fixed-mac-address.patch create mode 100644 queue-5.18/usb-serial-io_ti-add-agilent-e5805a-support.patch create mode 100644 queue-5.18/usb-serial-option-add-support-for-cinterion-mv31-with-new-baseline.patch diff --git a/queue-5.18/arm64-mm-don-t-invalidate-from_device-buffers-at-start-of-dma-transfer.patch b/queue-5.18/arm64-mm-don-t-invalidate-from_device-buffers-at-start-of-dma-transfer.patch new file mode 100644 index 00000000000..babf85cd22c --- /dev/null +++ b/queue-5.18/arm64-mm-don-t-invalidate-from_device-buffers-at-start-of-dma-transfer.patch @@ -0,0 +1,56 @@ +From c50f11c6196f45c92ca48b16a5071615d4ae0572 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Fri, 10 Jun 2022 16:12:27 +0100 +Subject: arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer + +From: Will Deacon + +commit c50f11c6196f45c92ca48b16a5071615d4ae0572 upstream. + +Invalidating the buffer memory in arch_sync_dma_for_device() for +FROM_DEVICE transfers + +When using the streaming DMA API to map a buffer prior to inbound +non-coherent DMA (i.e. DMA_FROM_DEVICE), we invalidate any dirty CPU +cachelines so that they will not be written back during the transfer and +corrupt the buffer contents written by the DMA. This, however, poses two +potential problems: + + (1) If the DMA transfer does not write to every byte in the buffer, + then the unwritten bytes will contain stale data once the transfer + has completed. + + (2) If the buffer has a virtual alias in userspace, then stale data + may be visible via this alias during the period between performing + the cache invalidation and the DMA writes landing in memory. + +Address both of these issues by cleaning (aka writing-back) the dirty +lines in arch_sync_dma_for_device(DMA_FROM_DEVICE) instead of discarding +them using invalidation. + +Cc: Ard Biesheuvel +Cc: Christoph Hellwig +Cc: Robin Murphy +Cc: Russell King +Cc: +Link: https://lore.kernel.org/r/20220606152150.GA31568@willie-the-truck +Signed-off-by: Will Deacon +Reviewed-by: Ard Biesheuvel +Link: https://lore.kernel.org/r/20220610151228.4562-2-will@kernel.org +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/mm/cache.S | 2 -- + 1 file changed, 2 deletions(-) + +--- a/arch/arm64/mm/cache.S ++++ b/arch/arm64/mm/cache.S +@@ -218,8 +218,6 @@ SYM_FUNC_ALIAS(__dma_flush_area, __pi___ + */ + SYM_FUNC_START(__pi___dma_map_area) + add x1, x0, x1 +- cmp w2, #DMA_FROM_DEVICE +- b.eq __pi_dcache_inval_poc + b __pi_dcache_clean_poc + SYM_FUNC_END(__pi___dma_map_area) + SYM_FUNC_ALIAS(__dma_map_area, __pi___dma_map_area) diff --git a/queue-5.18/crypto-memneq-move-into-lib.patch b/queue-5.18/crypto-memneq-move-into-lib.patch new file mode 100644 index 00000000000..e43b002f560 --- /dev/null +++ b/queue-5.18/crypto-memneq-move-into-lib.patch @@ -0,0 +1,458 @@ +From abfed87e2a12bd246047d78c01d81eb9529f1d06 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Sat, 28 May 2022 12:24:29 +0200 +Subject: crypto: memneq - move into lib/ + +From: Jason A. Donenfeld + +commit abfed87e2a12bd246047d78c01d81eb9529f1d06 upstream. + +This is used by code that doesn't need CONFIG_CRYPTO, so move this into +lib/ with a Kconfig option so that it can be selected by whatever needs +it. + +This fixes a linker error Zheng pointed out when +CRYPTO_MANAGER_DISABLE_TESTS!=y and CRYPTO=m: + + lib/crypto/curve25519-selftest.o: In function `curve25519_selftest': + curve25519-selftest.c:(.init.text+0x60): undefined reference to `__crypto_memneq' + curve25519-selftest.c:(.init.text+0xec): undefined reference to `__crypto_memneq' + curve25519-selftest.c:(.init.text+0x114): undefined reference to `__crypto_memneq' + curve25519-selftest.c:(.init.text+0x154): undefined reference to `__crypto_memneq' + +Reported-by: Zheng Bin +Cc: Eric Biggers +Cc: stable@vger.kernel.org +Fixes: aa127963f1ca ("crypto: lib/curve25519 - re-add selftests") +Signed-off-by: Jason A. Donenfeld +Reviewed-by: Eric Biggers +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +--- + crypto/Kconfig | 1 + + crypto/Makefile | 2 +- + lib/Kconfig | 3 +++ + lib/Makefile | 1 + + lib/crypto/Kconfig | 1 + + {crypto => lib}/memneq.c | 0 + crypto/Kconfig | 1 + crypto/Makefile | 2 + crypto/memneq.c | 176 ----------------------------------------------------- + lib/Kconfig | 3 + lib/Makefile | 1 + lib/crypto/Kconfig | 1 + lib/memneq.c | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 7 files changed, 183 insertions(+), 177 deletions(-) + rename {crypto => lib}/memneq.c (100%) + +--- a/crypto/Kconfig ++++ b/crypto/Kconfig +@@ -15,6 +15,7 @@ source "crypto/async_tx/Kconfig" + # + menuconfig CRYPTO + tristate "Cryptographic API" ++ select LIB_MEMNEQ + help + This option provides the core Cryptographic API. + +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -4,7 +4,7 @@ + # + + obj-$(CONFIG_CRYPTO) += crypto.o +-crypto-y := api.o cipher.o compress.o memneq.o ++crypto-y := api.o cipher.o compress.o + + obj-$(CONFIG_CRYPTO_ENGINE) += crypto_engine.o + obj-$(CONFIG_CRYPTO_FIPS) += fips.o +--- a/crypto/memneq.c ++++ /dev/null +@@ -1,176 +0,0 @@ +-/* +- * Constant-time equality testing of memory regions. +- * +- * Authors: +- * +- * James Yonan +- * Daniel Borkmann +- * +- * This file is provided under a dual BSD/GPLv2 license. When using or +- * redistributing this file, you may do so under either license. +- * +- * GPL LICENSE SUMMARY +- * +- * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved. +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of version 2 of the GNU General Public License as +- * published by the Free Software Foundation. +- * +- * This program is distributed in the hope that it will be useful, but +- * WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- * General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with this program; if not, write to the Free Software +- * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. +- * The full GNU General Public License is included in this distribution +- * in the file called LICENSE.GPL. +- * +- * BSD LICENSE +- * +- * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * * Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * * Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * * Neither the name of OpenVPN Technologies nor the names of its +- * contributors may be used to endorse or promote products derived +- * from this software without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- +-#include +-#include +- +-#ifndef __HAVE_ARCH_CRYPTO_MEMNEQ +- +-/* Generic path for arbitrary size */ +-static inline unsigned long +-__crypto_memneq_generic(const void *a, const void *b, size_t size) +-{ +- unsigned long neq = 0; +- +-#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) +- while (size >= sizeof(unsigned long)) { +- neq |= get_unaligned((unsigned long *)a) ^ +- get_unaligned((unsigned long *)b); +- OPTIMIZER_HIDE_VAR(neq); +- a += sizeof(unsigned long); +- b += sizeof(unsigned long); +- size -= sizeof(unsigned long); +- } +-#endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */ +- while (size > 0) { +- neq |= *(unsigned char *)a ^ *(unsigned char *)b; +- OPTIMIZER_HIDE_VAR(neq); +- a += 1; +- b += 1; +- size -= 1; +- } +- return neq; +-} +- +-/* Loop-free fast-path for frequently used 16-byte size */ +-static inline unsigned long __crypto_memneq_16(const void *a, const void *b) +-{ +- unsigned long neq = 0; +- +-#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS +- if (sizeof(unsigned long) == 8) { +- neq |= get_unaligned((unsigned long *)a) ^ +- get_unaligned((unsigned long *)b); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= get_unaligned((unsigned long *)(a + 8)) ^ +- get_unaligned((unsigned long *)(b + 8)); +- OPTIMIZER_HIDE_VAR(neq); +- } else if (sizeof(unsigned int) == 4) { +- neq |= get_unaligned((unsigned int *)a) ^ +- get_unaligned((unsigned int *)b); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= get_unaligned((unsigned int *)(a + 4)) ^ +- get_unaligned((unsigned int *)(b + 4)); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= get_unaligned((unsigned int *)(a + 8)) ^ +- get_unaligned((unsigned int *)(b + 8)); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= get_unaligned((unsigned int *)(a + 12)) ^ +- get_unaligned((unsigned int *)(b + 12)); +- OPTIMIZER_HIDE_VAR(neq); +- } else +-#endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */ +- { +- neq |= *(unsigned char *)(a) ^ *(unsigned char *)(b); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+1) ^ *(unsigned char *)(b+1); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+2) ^ *(unsigned char *)(b+2); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+3) ^ *(unsigned char *)(b+3); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+4) ^ *(unsigned char *)(b+4); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+5) ^ *(unsigned char *)(b+5); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+6) ^ *(unsigned char *)(b+6); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+7) ^ *(unsigned char *)(b+7); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+8) ^ *(unsigned char *)(b+8); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+9) ^ *(unsigned char *)(b+9); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+10) ^ *(unsigned char *)(b+10); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+11) ^ *(unsigned char *)(b+11); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+12) ^ *(unsigned char *)(b+12); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+13) ^ *(unsigned char *)(b+13); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+14) ^ *(unsigned char *)(b+14); +- OPTIMIZER_HIDE_VAR(neq); +- neq |= *(unsigned char *)(a+15) ^ *(unsigned char *)(b+15); +- OPTIMIZER_HIDE_VAR(neq); +- } +- +- return neq; +-} +- +-/* Compare two areas of memory without leaking timing information, +- * and with special optimizations for common sizes. Users should +- * not call this function directly, but should instead use +- * crypto_memneq defined in crypto/algapi.h. +- */ +-noinline unsigned long __crypto_memneq(const void *a, const void *b, +- size_t size) +-{ +- switch (size) { +- case 16: +- return __crypto_memneq_16(a, b); +- default: +- return __crypto_memneq_generic(a, b, size); +- } +-} +-EXPORT_SYMBOL(__crypto_memneq); +- +-#endif /* __HAVE_ARCH_CRYPTO_MEMNEQ */ +--- a/lib/Kconfig ++++ b/lib/Kconfig +@@ -120,6 +120,9 @@ config INDIRECT_IOMEM_FALLBACK + + source "lib/crypto/Kconfig" + ++config LIB_MEMNEQ ++ bool ++ + config CRC_CCITT + tristate "CRC-CCITT functions" + help +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -251,6 +251,7 @@ obj-$(CONFIG_DIMLIB) += dim/ + obj-$(CONFIG_SIGNATURE) += digsig.o + + lib-$(CONFIG_CLZ_TAB) += clz_tab.o ++lib-$(CONFIG_LIB_MEMNEQ) += memneq.o + + obj-$(CONFIG_GENERIC_STRNCPY_FROM_USER) += strncpy_from_user.o + obj-$(CONFIG_GENERIC_STRNLEN_USER) += strnlen_user.o +--- a/lib/crypto/Kconfig ++++ b/lib/crypto/Kconfig +@@ -71,6 +71,7 @@ config CRYPTO_LIB_CURVE25519 + tristate "Curve25519 scalar multiplication library" + depends on CRYPTO_ARCH_HAVE_LIB_CURVE25519 || !CRYPTO_ARCH_HAVE_LIB_CURVE25519 + select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n ++ select LIB_MEMNEQ + help + Enable the Curve25519 library interface. This interface may be + fulfilled by either the generic implementation or an arch-specific +--- /dev/null ++++ b/lib/memneq.c +@@ -0,0 +1,176 @@ ++/* ++ * Constant-time equality testing of memory regions. ++ * ++ * Authors: ++ * ++ * James Yonan ++ * Daniel Borkmann ++ * ++ * This file is provided under a dual BSD/GPLv2 license. When using or ++ * redistributing this file, you may do so under either license. ++ * ++ * GPL LICENSE SUMMARY ++ * ++ * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved. ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of version 2 of the GNU General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. ++ * The full GNU General Public License is included in this distribution ++ * in the file called LICENSE.GPL. ++ * ++ * BSD LICENSE ++ * ++ * Copyright(c) 2013 OpenVPN Technologies, Inc. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * * Neither the name of OpenVPN Technologies nor the names of its ++ * contributors may be used to endorse or promote products derived ++ * from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++#include ++ ++#ifndef __HAVE_ARCH_CRYPTO_MEMNEQ ++ ++/* Generic path for arbitrary size */ ++static inline unsigned long ++__crypto_memneq_generic(const void *a, const void *b, size_t size) ++{ ++ unsigned long neq = 0; ++ ++#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) ++ while (size >= sizeof(unsigned long)) { ++ neq |= get_unaligned((unsigned long *)a) ^ ++ get_unaligned((unsigned long *)b); ++ OPTIMIZER_HIDE_VAR(neq); ++ a += sizeof(unsigned long); ++ b += sizeof(unsigned long); ++ size -= sizeof(unsigned long); ++ } ++#endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */ ++ while (size > 0) { ++ neq |= *(unsigned char *)a ^ *(unsigned char *)b; ++ OPTIMIZER_HIDE_VAR(neq); ++ a += 1; ++ b += 1; ++ size -= 1; ++ } ++ return neq; ++} ++ ++/* Loop-free fast-path for frequently used 16-byte size */ ++static inline unsigned long __crypto_memneq_16(const void *a, const void *b) ++{ ++ unsigned long neq = 0; ++ ++#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS ++ if (sizeof(unsigned long) == 8) { ++ neq |= get_unaligned((unsigned long *)a) ^ ++ get_unaligned((unsigned long *)b); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= get_unaligned((unsigned long *)(a + 8)) ^ ++ get_unaligned((unsigned long *)(b + 8)); ++ OPTIMIZER_HIDE_VAR(neq); ++ } else if (sizeof(unsigned int) == 4) { ++ neq |= get_unaligned((unsigned int *)a) ^ ++ get_unaligned((unsigned int *)b); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= get_unaligned((unsigned int *)(a + 4)) ^ ++ get_unaligned((unsigned int *)(b + 4)); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= get_unaligned((unsigned int *)(a + 8)) ^ ++ get_unaligned((unsigned int *)(b + 8)); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= get_unaligned((unsigned int *)(a + 12)) ^ ++ get_unaligned((unsigned int *)(b + 12)); ++ OPTIMIZER_HIDE_VAR(neq); ++ } else ++#endif /* CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS */ ++ { ++ neq |= *(unsigned char *)(a) ^ *(unsigned char *)(b); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+1) ^ *(unsigned char *)(b+1); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+2) ^ *(unsigned char *)(b+2); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+3) ^ *(unsigned char *)(b+3); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+4) ^ *(unsigned char *)(b+4); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+5) ^ *(unsigned char *)(b+5); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+6) ^ *(unsigned char *)(b+6); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+7) ^ *(unsigned char *)(b+7); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+8) ^ *(unsigned char *)(b+8); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+9) ^ *(unsigned char *)(b+9); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+10) ^ *(unsigned char *)(b+10); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+11) ^ *(unsigned char *)(b+11); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+12) ^ *(unsigned char *)(b+12); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+13) ^ *(unsigned char *)(b+13); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+14) ^ *(unsigned char *)(b+14); ++ OPTIMIZER_HIDE_VAR(neq); ++ neq |= *(unsigned char *)(a+15) ^ *(unsigned char *)(b+15); ++ OPTIMIZER_HIDE_VAR(neq); ++ } ++ ++ return neq; ++} ++ ++/* Compare two areas of memory without leaking timing information, ++ * and with special optimizations for common sizes. Users should ++ * not call this function directly, but should instead use ++ * crypto_memneq defined in crypto/algapi.h. ++ */ ++noinline unsigned long __crypto_memneq(const void *a, const void *b, ++ size_t size) ++{ ++ switch (size) { ++ case 16: ++ return __crypto_memneq_16(a, b); ++ default: ++ return __crypto_memneq_generic(a, b, size); ++ } ++} ++EXPORT_SYMBOL(__crypto_memneq); ++ ++#endif /* __HAVE_ARCH_CRYPTO_MEMNEQ */ diff --git a/queue-5.18/series b/queue-5.18/series index badc75865e9..38144b21e7f 100644 --- a/queue-5.18/series +++ b/queue-5.18/series @@ -100,3 +100,16 @@ i2c-mediatek-fix-an-error-handling-path-in-mtk_i2c_p.patch mei-hbm-drop-capability-response-on-early-shutdown.patch mei-me-add-raptor-lake-point-s-did.patch comedi-vmk80xx-fix-expression-for-tx-buffer-size.patch +crypto-memneq-move-into-lib.patch +usb-serial-option-add-support-for-cinterion-mv31-with-new-baseline.patch +usb-serial-io_ti-add-agilent-e5805a-support.patch +arm64-mm-don-t-invalidate-from_device-buffers-at-start-of-dma-transfer.patch +usb-dwc2-fix-memory-leak-in-dwc2_hcd_init.patch +usb-cdnsp-fixed-setting-last_trb-incorrectly.patch +usb-dwc3-gadget-fix-in-endpoint-max-packet-size-allocation.patch +usb-dwc3-pci-restore-line-lost-in-merge-conflict-resolution.patch +usb-gadget-u_ether-fix-regression-in-setting-fixed-mac-address.patch +usb-gadget-lpc32xx_udc-fix-refcount-leak-in-lpc32xx_udc_probe.patch +usb-gadget-f_fs-change-ep-status-safe-in-ffs_epfile_io.patch +usb-gadget-f_fs-change-ep-ep-safe-in-ffs_epfile_io.patch +tty-n_gsm-debug-output-allocation-must-use-gfp_atomic.patch diff --git a/queue-5.18/tty-n_gsm-debug-output-allocation-must-use-gfp_atomic.patch b/queue-5.18/tty-n_gsm-debug-output-allocation-must-use-gfp_atomic.patch new file mode 100644 index 00000000000..6e04a981022 --- /dev/null +++ b/queue-5.18/tty-n_gsm-debug-output-allocation-must-use-gfp_atomic.patch @@ -0,0 +1,40 @@ +From e74024b2eccbb784824a0f9feaeaaa3b47514b79 Mon Sep 17 00:00:00 2001 +From: Tony Lindgren +Date: Mon, 23 May 2022 18:50:52 +0300 +Subject: tty: n_gsm: Debug output allocation must use GFP_ATOMIC + +From: Tony Lindgren + +commit e74024b2eccbb784824a0f9feaeaaa3b47514b79 upstream. + +Dan Carpenter reported the following Smatch +warning: + +drivers/tty/n_gsm.c:720 gsm_data_kick() +warn: sleeping in atomic context + +This is because gsm_control_message() is holding a spin lock so +gsm_hex_dump_bytes() needs to use GFP_ATOMIC instead of GFP_KERNEL. + +Fixes: 925ea0fa5277 ("tty: n_gsm: Fix packet data hex dump output") +Cc: stable +Reported-by: Dan Carpenter +Reviewed-by: Gregory CLEMENT +Signed-off-by: Tony Lindgren +Link: https://lore.kernel.org/r/20220523155052.57129-1-tony@atomide.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/n_gsm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/n_gsm.c ++++ b/drivers/tty/n_gsm.c +@@ -455,7 +455,7 @@ static void gsm_hex_dump_bytes(const cha + return; + } + +- prefix = kasprintf(GFP_KERNEL, "%s: ", fname); ++ prefix = kasprintf(GFP_ATOMIC, "%s: ", fname); + if (!prefix) + return; + print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_OFFSET, 16, 1, data, len, diff --git a/queue-5.18/usb-cdnsp-fixed-setting-last_trb-incorrectly.patch b/queue-5.18/usb-cdnsp-fixed-setting-last_trb-incorrectly.patch new file mode 100644 index 00000000000..5ec62979128 --- /dev/null +++ b/queue-5.18/usb-cdnsp-fixed-setting-last_trb-incorrectly.patch @@ -0,0 +1,58 @@ +From 5c7578c39c3fffe85b7d15ca1cf8cf7ac38ec0c1 Mon Sep 17 00:00:00 2001 +From: Jing Leng +Date: Thu, 9 Jun 2022 10:11:34 +0800 +Subject: usb: cdnsp: Fixed setting last_trb incorrectly + +From: Jing Leng + +commit 5c7578c39c3fffe85b7d15ca1cf8cf7ac38ec0c1 upstream. + +When ZLP occurs in bulk transmission, currently cdnsp will set last_trb +for the last two TRBs, it will trigger an error "ERROR Transfer event TRB +DMA ptr not part of current TD ...". + +Fixes: e913aada0683 ("usb: cdnsp: Fixed issue with ZLP") +Cc: stable +Acked-by: Pawel Laszczak +Signed-off-by: Jing Leng +Link: https://lore.kernel.org/r/20220609021134.1606-1-3090101217@zju.edu.cn +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/cdns3/cdnsp-ring.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +--- a/drivers/usb/cdns3/cdnsp-ring.c ++++ b/drivers/usb/cdns3/cdnsp-ring.c +@@ -1941,13 +1941,16 @@ int cdnsp_queue_bulk_tx(struct cdnsp_dev + } + + if (enqd_len + trb_buff_len >= full_len) { +- if (need_zero_pkt) +- zero_len_trb = !zero_len_trb; +- +- field &= ~TRB_CHAIN; +- field |= TRB_IOC; +- more_trbs_coming = false; +- preq->td.last_trb = ring->enqueue; ++ if (need_zero_pkt && !zero_len_trb) { ++ zero_len_trb = true; ++ } else { ++ zero_len_trb = false; ++ field &= ~TRB_CHAIN; ++ field |= TRB_IOC; ++ more_trbs_coming = false; ++ need_zero_pkt = false; ++ preq->td.last_trb = ring->enqueue; ++ } + } + + /* Only set interrupt on short packet for OUT endpoints. */ +@@ -1962,7 +1965,7 @@ int cdnsp_queue_bulk_tx(struct cdnsp_dev + length_field = TRB_LEN(trb_buff_len) | TRB_TD_SIZE(remainder) | + TRB_INTR_TARGET(0); + +- cdnsp_queue_trb(pdev, ring, more_trbs_coming | zero_len_trb, ++ cdnsp_queue_trb(pdev, ring, more_trbs_coming, + lower_32_bits(send_addr), + upper_32_bits(send_addr), + length_field, diff --git a/queue-5.18/usb-dwc2-fix-memory-leak-in-dwc2_hcd_init.patch b/queue-5.18/usb-dwc2-fix-memory-leak-in-dwc2_hcd_init.patch new file mode 100644 index 00000000000..9096e2902e7 --- /dev/null +++ b/queue-5.18/usb-dwc2-fix-memory-leak-in-dwc2_hcd_init.patch @@ -0,0 +1,35 @@ +From 3755278f078460b021cd0384562977bf2039a57a Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Mon, 30 May 2022 12:54:12 +0400 +Subject: usb: dwc2: Fix memory leak in dwc2_hcd_init + +From: Miaoqian Lin + +commit 3755278f078460b021cd0384562977bf2039a57a upstream. + +usb_create_hcd will alloc memory for hcd, and we should +call usb_put_hcd to free it when platform_get_resource() +fails to prevent memory leak. +goto error2 label instead error1 to fix this. + +Fixes: 856e6e8e0f93 ("usb: dwc2: check return value after calling platform_get_resource()") +Cc: stable +Acked-by: Minas Harutyunyan +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220530085413.44068-1-linmq006@gmail.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/dwc2/hcd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/dwc2/hcd.c ++++ b/drivers/usb/dwc2/hcd.c +@@ -5190,7 +5190,7 @@ int dwc2_hcd_init(struct dwc2_hsotg *hso + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); + if (!res) { + retval = -EINVAL; +- goto error1; ++ goto error2; + } + hcd->rsrc_start = res->start; + hcd->rsrc_len = resource_size(res); diff --git a/queue-5.18/usb-dwc3-gadget-fix-in-endpoint-max-packet-size-allocation.patch b/queue-5.18/usb-dwc3-gadget-fix-in-endpoint-max-packet-size-allocation.patch new file mode 100644 index 00000000000..33722a28195 --- /dev/null +++ b/queue-5.18/usb-dwc3-gadget-fix-in-endpoint-max-packet-size-allocation.patch @@ -0,0 +1,79 @@ +From 9c1e916960c1192e746bf615e4dae25423473a64 Mon Sep 17 00:00:00 2001 +From: Wesley Cheng +Date: Mon, 23 May 2022 14:39:48 -0700 +Subject: usb: dwc3: gadget: Fix IN endpoint max packet size allocation + +From: Wesley Cheng + +commit 9c1e916960c1192e746bf615e4dae25423473a64 upstream. + +The current logic to assign the max packet limit for IN endpoints attempts +to take the default HW value and apply the optimal endpoint settings based +on it. However, if the default value reports a TxFIFO size large enough +for only one max packet, it will divide the value and assign a smaller ep +max packet limit. + +For example, if the default TxFIFO size fits 1024B, current logic will +assign 1024/3 = 341B to ep max packet size. If function drivers attempt to +request for an endpoint with a wMaxPacketSize of 1024B (SS BULK max packet +size) then it will fail, as the gadget is unable to find an endpoint which +can fit the requested size. + +Functionally, if the TxFIFO has enough space to fit one max packet, it will +be sufficient, at least when initializing the endpoints. + +Fixes: d94ea5319813 ("usb: dwc3: gadget: Properly set maxpacket limit") +Cc: stable +Signed-off-by: Wesley Cheng +Link: https://lore.kernel.org/r/20220523213948.22142-1-quic_wcheng@quicinc.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/dwc3/gadget.c | 26 +++++++++++++++----------- + 1 file changed, 15 insertions(+), 11 deletions(-) + +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -2984,6 +2984,7 @@ static int dwc3_gadget_init_in_endpoint( + struct dwc3 *dwc = dep->dwc; + u32 mdwidth; + int size; ++ int maxpacket; + + mdwidth = dwc3_mdwidth(dwc); + +@@ -2996,21 +2997,24 @@ static int dwc3_gadget_init_in_endpoint( + else + size = DWC31_GTXFIFOSIZ_TXFDEP(size); + +- /* FIFO Depth is in MDWDITH bytes. Multiply */ +- size *= mdwidth; +- + /* +- * To meet performance requirement, a minimum TxFIFO size of 3x +- * MaxPacketSize is recommended for endpoints that support burst and a +- * minimum TxFIFO size of 2x MaxPacketSize for endpoints that don't +- * support burst. Use those numbers and we can calculate the max packet +- * limit as below. ++ * maxpacket size is determined as part of the following, after assuming ++ * a mult value of one maxpacket: ++ * DWC3 revision 280A and prior: ++ * fifo_size = mult * (max_packet / mdwidth) + 1; ++ * maxpacket = mdwidth * (fifo_size - 1); ++ * ++ * DWC3 revision 290A and onwards: ++ * fifo_size = mult * ((max_packet + mdwidth)/mdwidth + 1) + 1 ++ * maxpacket = mdwidth * ((fifo_size - 1) - 1) - mdwidth; + */ +- if (dwc->maximum_speed >= USB_SPEED_SUPER) +- size /= 3; ++ if (DWC3_VER_IS_PRIOR(DWC3, 290A)) ++ maxpacket = mdwidth * (size - 1); + else +- size /= 2; ++ maxpacket = mdwidth * ((size - 1) - 1) - mdwidth; + ++ /* Functionally, space for one max packet is sufficient */ ++ size = min_t(int, maxpacket, 1024); + usb_ep_set_maxpacket_limit(&dep->endpoint, size); + + dep->endpoint.max_streams = 16; diff --git a/queue-5.18/usb-dwc3-pci-restore-line-lost-in-merge-conflict-resolution.patch b/queue-5.18/usb-dwc3-pci-restore-line-lost-in-merge-conflict-resolution.patch new file mode 100644 index 00000000000..073571ca1b8 --- /dev/null +++ b/queue-5.18/usb-dwc3-pci-restore-line-lost-in-merge-conflict-resolution.patch @@ -0,0 +1,41 @@ +From 7ddda2614d62ef7fdef7fd85f5151cdf665b22d8 Mon Sep 17 00:00:00 2001 +From: Stephan Gerhold +Date: Sat, 28 May 2022 19:09:13 +0200 +Subject: usb: dwc3: pci: Restore line lost in merge conflict resolution + +From: Stephan Gerhold + +commit 7ddda2614d62ef7fdef7fd85f5151cdf665b22d8 upstream. + +Commit 582ab24e096f ("usb: dwc3: pci: Set "linux,phy_charger_detect" +property on some Bay Trail boards") added a new swnode similar to the +existing ones for boards where the PHY handles charger detection. + +Unfortunately, the "linux,sysdev_is_parent" property got lost in the +merge conflict resolution of commit ca9400ef7f67 ("Merge 5.17-rc6 into +usb-next"). Now dwc3_pci_intel_phy_charger_detect_properties is the +only swnode in dwc3-pci that is missing "linux,sysdev_is_parent". + +It does not seem to cause any obvious functional issues, but it's +certainly unintended so restore the line to make the properties +consistent again. + +Fixes: ca9400ef7f67 ("Merge 5.17-rc6 into usb-next") +Cc: stable@vger.kernel.org +Signed-off-by: Stephan Gerhold +Link: https://lore.kernel.org/r/20220528170913.9240-1-stephan@gerhold.net +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/dwc3/dwc3-pci.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/dwc3/dwc3-pci.c ++++ b/drivers/usb/dwc3/dwc3-pci.c +@@ -127,6 +127,7 @@ static const struct property_entry dwc3_ + PROPERTY_ENTRY_STRING("dr_mode", "peripheral"), + PROPERTY_ENTRY_BOOL("snps,dis_u2_susphy_quirk"), + PROPERTY_ENTRY_BOOL("linux,phy_charger_detect"), ++ PROPERTY_ENTRY_BOOL("linux,sysdev_is_parent"), + {} + }; + diff --git a/queue-5.18/usb-gadget-f_fs-change-ep-ep-safe-in-ffs_epfile_io.patch b/queue-5.18/usb-gadget-f_fs-change-ep-ep-safe-in-ffs_epfile_io.patch new file mode 100644 index 00000000000..fead1e3c295 --- /dev/null +++ b/queue-5.18/usb-gadget-f_fs-change-ep-ep-safe-in-ffs_epfile_io.patch @@ -0,0 +1,50 @@ +From 0698f0209d8032e8869525aeb68f65ee7fde12ad Mon Sep 17 00:00:00 2001 +From: Linyu Yuan +Date: Fri, 10 Jun 2022 20:17:58 +0800 +Subject: usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() + +From: Linyu Yuan + +commit 0698f0209d8032e8869525aeb68f65ee7fde12ad upstream. + +In ffs_epfile_io(), when read/write data in blocking mode, it will wait +the completion in interruptible mode, if task receive a signal, it will +terminate the wait, at same time, if function unbind occurs, +ffs_func_unbind() will kfree all eps, ffs_epfile_io() still try to +dequeue request by dereferencing ep which may become invalid. + +Fix it by add ep spinlock and will not dereference ep if it is not valid. + +Cc: # 5.15 +Reported-by: Michael Wu +Tested-by: Michael Wu +Reviewed-by: John Keeping +Signed-off-by: Linyu Yuan +Link: https://lore.kernel.org/r/1654863478-26228-3-git-send-email-quic_linyyuan@quicinc.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/gadget/function/f_fs.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/usb/gadget/function/f_fs.c ++++ b/drivers/usb/gadget/function/f_fs.c +@@ -1080,6 +1080,11 @@ static ssize_t ffs_epfile_io(struct file + spin_unlock_irq(&epfile->ffs->eps_lock); + + if (wait_for_completion_interruptible(&io_data->done)) { ++ spin_lock_irq(&epfile->ffs->eps_lock); ++ if (epfile->ep != ep) { ++ ret = -ESHUTDOWN; ++ goto error_lock; ++ } + /* + * To avoid race condition with ffs_epfile_io_complete, + * dequeue the request first then check +@@ -1087,6 +1092,7 @@ static ssize_t ffs_epfile_io(struct file + * condition with req->complete callback. + */ + usb_ep_dequeue(ep->ep, req); ++ spin_unlock_irq(&epfile->ffs->eps_lock); + wait_for_completion(&io_data->done); + interrupted = io_data->status < 0; + } diff --git a/queue-5.18/usb-gadget-f_fs-change-ep-status-safe-in-ffs_epfile_io.patch b/queue-5.18/usb-gadget-f_fs-change-ep-status-safe-in-ffs_epfile_io.patch new file mode 100644 index 00000000000..2ef3aedd2b0 --- /dev/null +++ b/queue-5.18/usb-gadget-f_fs-change-ep-status-safe-in-ffs_epfile_io.patch @@ -0,0 +1,119 @@ +From fb1f16d74e263baa4ad11e31e28b68f144aa55ed Mon Sep 17 00:00:00 2001 +From: Linyu Yuan +Date: Fri, 10 Jun 2022 20:17:57 +0800 +Subject: usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() + +From: Linyu Yuan + +commit fb1f16d74e263baa4ad11e31e28b68f144aa55ed upstream. + +If a task read/write data in blocking mode, it will wait the completion +in ffs_epfile_io(), if function unbind occurs, ffs_func_unbind() will +kfree ffs ep, once the task wake up, it still dereference the ffs ep to +obtain the request status. + +Fix it by moving the request status to io_data which is stack-safe. + +Cc: # 5.15 +Reported-by: Michael Wu +Tested-by: Michael Wu +Reviewed-by: John Keeping +Signed-off-by: Linyu Yuan +Link: https://lore.kernel.org/r/1654863478-26228-2-git-send-email-quic_linyyuan@quicinc.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/gadget/function/f_fs.c | 34 +++++++++++++++++++--------------- + 1 file changed, 19 insertions(+), 15 deletions(-) + +--- a/drivers/usb/gadget/function/f_fs.c ++++ b/drivers/usb/gadget/function/f_fs.c +@@ -122,8 +122,6 @@ struct ffs_ep { + struct usb_endpoint_descriptor *descs[3]; + + u8 num; +- +- int status; /* P: epfile->mutex */ + }; + + struct ffs_epfile { +@@ -227,6 +225,9 @@ struct ffs_io_data { + bool use_sg; + + struct ffs_data *ffs; ++ ++ int status; ++ struct completion done; + }; + + struct ffs_desc_helper { +@@ -707,12 +708,15 @@ static const struct file_operations ffs_ + + static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req) + { ++ struct ffs_io_data *io_data = req->context; ++ + ENTER(); +- if (req->context) { +- struct ffs_ep *ep = _ep->driver_data; +- ep->status = req->status ? req->status : req->actual; +- complete(req->context); +- } ++ if (req->status) ++ io_data->status = req->status; ++ else ++ io_data->status = req->actual; ++ ++ complete(&io_data->done); + } + + static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter) +@@ -1050,7 +1054,6 @@ static ssize_t ffs_epfile_io(struct file + WARN(1, "%s: data_len == -EINVAL\n", __func__); + ret = -EINVAL; + } else if (!io_data->aio) { +- DECLARE_COMPLETION_ONSTACK(done); + bool interrupted = false; + + req = ep->req; +@@ -1066,7 +1069,8 @@ static ssize_t ffs_epfile_io(struct file + + io_data->buf = data; + +- req->context = &done; ++ init_completion(&io_data->done); ++ req->context = io_data; + req->complete = ffs_epfile_io_complete; + + ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC); +@@ -1075,7 +1079,7 @@ static ssize_t ffs_epfile_io(struct file + + spin_unlock_irq(&epfile->ffs->eps_lock); + +- if (wait_for_completion_interruptible(&done)) { ++ if (wait_for_completion_interruptible(&io_data->done)) { + /* + * To avoid race condition with ffs_epfile_io_complete, + * dequeue the request first then check +@@ -1083,17 +1087,17 @@ static ssize_t ffs_epfile_io(struct file + * condition with req->complete callback. + */ + usb_ep_dequeue(ep->ep, req); +- wait_for_completion(&done); +- interrupted = ep->status < 0; ++ wait_for_completion(&io_data->done); ++ interrupted = io_data->status < 0; + } + + if (interrupted) + ret = -EINTR; +- else if (io_data->read && ep->status > 0) +- ret = __ffs_epfile_read_data(epfile, data, ep->status, ++ else if (io_data->read && io_data->status > 0) ++ ret = __ffs_epfile_read_data(epfile, data, io_data->status, + &io_data->data); + else +- ret = ep->status; ++ ret = io_data->status; + goto error_mutex; + } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) { + ret = -ENOMEM; diff --git a/queue-5.18/usb-gadget-lpc32xx_udc-fix-refcount-leak-in-lpc32xx_udc_probe.patch b/queue-5.18/usb-gadget-lpc32xx_udc-fix-refcount-leak-in-lpc32xx_udc_probe.patch new file mode 100644 index 00000000000..6f22e3ba61a --- /dev/null +++ b/queue-5.18/usb-gadget-lpc32xx_udc-fix-refcount-leak-in-lpc32xx_udc_probe.patch @@ -0,0 +1,33 @@ +From 4757c9ade34178b351580133771f510b5ffcf9c8 Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Fri, 3 Jun 2022 18:02:44 +0400 +Subject: usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe + +From: Miaoqian Lin + +commit 4757c9ade34178b351580133771f510b5ffcf9c8 upstream. + +of_parse_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. +of_node_put() will check NULL pointer. + +Fixes: 24a28e428351 ("USB: gadget driver for LPC32xx") +Cc: stable +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220603140246.64529-1-linmq006@gmail.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/gadget/udc/lpc32xx_udc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/gadget/udc/lpc32xx_udc.c ++++ b/drivers/usb/gadget/udc/lpc32xx_udc.c +@@ -3016,6 +3016,7 @@ static int lpc32xx_udc_probe(struct plat + } + + udc->isp1301_i2c_client = isp1301_get_client(isp1301_node); ++ of_node_put(isp1301_node); + if (!udc->isp1301_i2c_client) { + return -EPROBE_DEFER; + } diff --git a/queue-5.18/usb-gadget-u_ether-fix-regression-in-setting-fixed-mac-address.patch b/queue-5.18/usb-gadget-u_ether-fix-regression-in-setting-fixed-mac-address.patch new file mode 100644 index 00000000000..984c193fa9f --- /dev/null +++ b/queue-5.18/usb-gadget-u_ether-fix-regression-in-setting-fixed-mac-address.patch @@ -0,0 +1,80 @@ +From b337af3a4d6147000b7ca6b3438bf5c820849b37 Mon Sep 17 00:00:00 2001 +From: Marian Postevca +Date: Fri, 3 Jun 2022 18:34:59 +0300 +Subject: usb: gadget: u_ether: fix regression in setting fixed MAC address + +From: Marian Postevca + +commit b337af3a4d6147000b7ca6b3438bf5c820849b37 upstream. + +In systemd systems setting a fixed MAC address through +the "dev_addr" module argument fails systematically. +When checking the MAC address after the interface is created +it always has the same but different MAC address to the one +supplied as argument. + +This is partially caused by systemd which by default will +set an internally generated permanent MAC address for interfaces +that are marked as having a randomly generated address. + +Commit 890d5b40908bfd1a ("usb: gadget: u_ether: fix race in +setting MAC address in setup phase") didn't take into account +the fact that the interface must be marked as having a set +MAC address when it's set as module argument. + +Fixed by marking the interface with NET_ADDR_SET when +the "dev_addr" module argument is supplied. + +Fixes: 890d5b40908bfd1a ("usb: gadget: u_ether: fix race in setting MAC address in setup phase") +Cc: stable@vger.kernel.org +Signed-off-by: Marian Postevca +Link: https://lore.kernel.org/r/20220603153459.32722-1-posteuca@mutex.one +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/gadget/function/u_ether.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +--- a/drivers/usb/gadget/function/u_ether.c ++++ b/drivers/usb/gadget/function/u_ether.c +@@ -775,9 +775,13 @@ struct eth_dev *gether_setup_name(struct + dev->qmult = qmult; + snprintf(net->name, sizeof(net->name), "%s%%d", netname); + +- if (get_ether_addr(dev_addr, addr)) ++ if (get_ether_addr(dev_addr, addr)) { ++ net->addr_assign_type = NET_ADDR_RANDOM; + dev_warn(&g->dev, + "using random %s ethernet address\n", "self"); ++ } else { ++ net->addr_assign_type = NET_ADDR_SET; ++ } + eth_hw_addr_set(net, addr); + if (get_ether_addr(host_addr, dev->host_mac)) + dev_warn(&g->dev, +@@ -844,6 +848,10 @@ struct net_device *gether_setup_name_def + + eth_random_addr(dev->dev_mac); + pr_warn("using random %s ethernet address\n", "self"); ++ ++ /* by default we always have a random MAC address */ ++ net->addr_assign_type = NET_ADDR_RANDOM; ++ + eth_random_addr(dev->host_mac); + pr_warn("using random %s ethernet address\n", "host"); + +@@ -871,7 +879,6 @@ int gether_register_netdev(struct net_de + dev = netdev_priv(net); + g = dev->gadget; + +- net->addr_assign_type = NET_ADDR_RANDOM; + eth_hw_addr_set(net, dev->dev_mac); + + status = register_netdev(net); +@@ -912,6 +919,7 @@ int gether_set_dev_addr(struct net_devic + if (get_ether_addr(dev_addr, new_addr)) + return -EINVAL; + memcpy(dev->dev_mac, new_addr, ETH_ALEN); ++ net->addr_assign_type = NET_ADDR_SET; + return 0; + } + EXPORT_SYMBOL_GPL(gether_set_dev_addr); diff --git a/queue-5.18/usb-serial-io_ti-add-agilent-e5805a-support.patch b/queue-5.18/usb-serial-io_ti-add-agilent-e5805a-support.patch new file mode 100644 index 00000000000..daab6b4b518 --- /dev/null +++ b/queue-5.18/usb-serial-io_ti-add-agilent-e5805a-support.patch @@ -0,0 +1,49 @@ +From 908e698f2149c3d6a67d9ae15c75545a3f392559 Mon Sep 17 00:00:00 2001 +From: Robert Eckelmann +Date: Sat, 21 May 2022 23:08:08 +0900 +Subject: USB: serial: io_ti: add Agilent E5805A support + +From: Robert Eckelmann + +commit 908e698f2149c3d6a67d9ae15c75545a3f392559 upstream. + +Add support for Agilent E5805A (rebranded ION Edgeport/4) to io_ti. + +Signed-off-by: Robert Eckelmann +Link: https://lore.kernel.org/r/20220521230808.30931eca@octoberrain +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/io_ti.c | 2 ++ + drivers/usb/serial/io_usbvend.h | 1 + + 2 files changed, 3 insertions(+) + +--- a/drivers/usb/serial/io_ti.c ++++ b/drivers/usb/serial/io_ti.c +@@ -166,6 +166,7 @@ static const struct usb_device_id edgepo + { USB_DEVICE(USB_VENDOR_ID_ION, ION_DEVICE_ID_TI_EDGEPORT_8S) }, + { USB_DEVICE(USB_VENDOR_ID_ION, ION_DEVICE_ID_TI_EDGEPORT_416) }, + { USB_DEVICE(USB_VENDOR_ID_ION, ION_DEVICE_ID_TI_EDGEPORT_416B) }, ++ { USB_DEVICE(USB_VENDOR_ID_ION, ION_DEVICE_ID_E5805A) }, + { } + }; + +@@ -204,6 +205,7 @@ static const struct usb_device_id id_tab + { USB_DEVICE(USB_VENDOR_ID_ION, ION_DEVICE_ID_TI_EDGEPORT_8S) }, + { USB_DEVICE(USB_VENDOR_ID_ION, ION_DEVICE_ID_TI_EDGEPORT_416) }, + { USB_DEVICE(USB_VENDOR_ID_ION, ION_DEVICE_ID_TI_EDGEPORT_416B) }, ++ { USB_DEVICE(USB_VENDOR_ID_ION, ION_DEVICE_ID_E5805A) }, + { } + }; + +--- a/drivers/usb/serial/io_usbvend.h ++++ b/drivers/usb/serial/io_usbvend.h +@@ -212,6 +212,7 @@ + // + // Definitions for other product IDs + #define ION_DEVICE_ID_MT4X56USB 0x1403 // OEM device ++#define ION_DEVICE_ID_E5805A 0x1A01 // OEM device (rebranded Edgeport/4) + + + #define GENERATION_ID_FROM_USB_PRODUCT_ID(ProductId) \ diff --git a/queue-5.18/usb-serial-option-add-support-for-cinterion-mv31-with-new-baseline.patch b/queue-5.18/usb-serial-option-add-support-for-cinterion-mv31-with-new-baseline.patch new file mode 100644 index 00000000000..5852b0a8922 --- /dev/null +++ b/queue-5.18/usb-serial-option-add-support-for-cinterion-mv31-with-new-baseline.patch @@ -0,0 +1,75 @@ +From 158f7585bfcea4aae0ad4128d032a80fec550df1 Mon Sep 17 00:00:00 2001 +From: Slark Xiao +Date: Wed, 1 Jun 2022 11:47:40 +0800 +Subject: USB: serial: option: add support for Cinterion MV31 with new baseline + +From: Slark Xiao + +commit 158f7585bfcea4aae0ad4128d032a80fec550df1 upstream. + +Adding support for Cinterion device MV31 with Qualcomm +new baseline. Use different PIDs to separate it from +previous base line products. +All interfaces settings keep same as previous. + +Below is test evidence: +T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 +D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=1e2d ProdID=00b8 Rev=04.14 +S: Manufacturer=Cinterion +S: Product=Cinterion PID 0x00B8 USB Mobile Broadband +S: SerialNumber=90418e79 +C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA +I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim +I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim +I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option +I: If#=0x3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) +I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option +I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option + +T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 +D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=1e2d ProdID=00b9 Rev=04.14 +S: Manufacturer=Cinterion +S: Product=Cinterion PID 0x00B9 USB Mobile Broadband +S: SerialNumber=90418e79 +C: #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=500mA +I: If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan +I: If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option +I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option +I: If#=0x3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option + +For PID 00b8, interface 3 is GNSS port which don't use serial driver. + +Signed-off-by: Slark Xiao +Link: https://lore.kernel.org/r/20220601034740.5438-1-slark_xiao@163.com +[ johan: rename defines using a "2" infix ] +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/serial/option.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -432,6 +432,8 @@ static void option_instat_callback(struc + #define CINTERION_PRODUCT_CLS8 0x00b0 + #define CINTERION_PRODUCT_MV31_MBIM 0x00b3 + #define CINTERION_PRODUCT_MV31_RMNET 0x00b7 ++#define CINTERION_PRODUCT_MV31_2_MBIM 0x00b8 ++#define CINTERION_PRODUCT_MV31_2_RMNET 0x00b9 + #define CINTERION_PRODUCT_MV32_WA 0x00f1 + #define CINTERION_PRODUCT_MV32_WB 0x00f2 + +@@ -1979,6 +1981,10 @@ static const struct usb_device_id option + .driver_info = RSVD(3)}, + { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV31_RMNET, 0xff), + .driver_info = RSVD(0)}, ++ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV31_2_MBIM, 0xff), ++ .driver_info = RSVD(3)}, ++ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV31_2_RMNET, 0xff), ++ .driver_info = RSVD(0)}, + { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV32_WA, 0xff), + .driver_info = RSVD(3)}, + { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV32_WB, 0xff), -- 2.47.3