4.19-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 30 Aug 2024 10:36:50 +0000 (12:36 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 30 Aug 2024 10:36:50 +0000 (12:36 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 30 Aug 2024 10:36:50 +0000 (12:36 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 30 Aug 2024 10:36:50 +0000 (12:36 +0200)
diff --git a/queue-4.19/series b/queue-4.19/series

index cab35b04a5295ebcb4d144b405dca8653d75fb35..6cfda9f2bb3906db7080cb7486a03ac609e67456 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -72,3 +72,4 @@ tools-move-alignment-related-macros-to-new-linux-align.h.patch
  drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu_vce_cs_reloc.patch
  pinctrl-rockchip-correct-rk3328-iomux-width-flag-for-gpio2-b-pins.patch
  pinctrl-single-fix-potential-null-dereference-in-pcs_get_function.patch
+wifi-mwifiex-duplicate-static-structs-used-in-driver-instances.patch
diff --git a/queue-4.19/wifi-mwifiex-duplicate-static-structs-used-in-driver-instances.patch b/queue-4.19/wifi-mwifiex-duplicate-static-structs-used-in-driver-instances.patch

new file mode 100644 (file)

index 0000000..7415172
--- /dev/null
+++ b/queue-4.19/wifi-mwifiex-duplicate-static-structs-used-in-driver-instances.patch
@@ -0,0 +1,84 @@
+From 27ec3c57fcadb43c79ed05b2ea31bc18c72d798a Mon Sep 17 00:00:00 2001
+From: Sascha Hauer <s.hauer@pengutronix.de>
+Date: Fri, 9 Aug 2024 10:11:33 +0200
+Subject: wifi: mwifiex: duplicate static structs used in driver instances
+
+From: Sascha Hauer <s.hauer@pengutronix.de>
+
+commit 27ec3c57fcadb43c79ed05b2ea31bc18c72d798a upstream.
+
+mwifiex_band_2ghz and mwifiex_band_5ghz are statically allocated, but
+used and modified in driver instances. Duplicate them before using
+them in driver instances so that different driver instances do not
+influence each other.
+
+This was observed on a board which has one PCIe and one SDIO mwifiex
+adapter. It blew up in mwifiex_setup_ht_caps(). This was called with
+the statically allocated struct which is modified in this function.
+
+Cc: stable@vger.kernel.org
+Fixes: d6bffe8bb520 ("mwifiex: support for creation of AP interface")
+Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
+Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>
+Acked-by: Brian Norris <briannorris@chromium.org>
+Signed-off-by: Kalle Valo <kvalo@kernel.org>
+Link: https://patch.msgid.link/20240809-mwifiex-duplicate-static-structs-v1-1-6837b903b1a4@pengutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/marvell/mwifiex/cfg80211.c |   32 +++++++++++++++++++-----
+ 1 file changed, 26 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
++++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+@@ -4294,11 +4294,27 @@ int mwifiex_register_cfg80211(struct mwi
+       if (ISSUPP_ADHOC_ENABLED(adapter->fw_cap_info))
+               wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
+ 
+-      wiphy->bands[NL80211_BAND_2GHZ] = &mwifiex_band_2ghz;
+-      if (adapter->config_bands & BAND_A)
+-              wiphy->bands[NL80211_BAND_5GHZ] = &mwifiex_band_5ghz;
+-      else
++      wiphy->bands[NL80211_BAND_2GHZ] = devm_kmemdup(adapter->dev,
++                                                     &mwifiex_band_2ghz,
++                                                     sizeof(mwifiex_band_2ghz),
++                                                     GFP_KERNEL);
++      if (!wiphy->bands[NL80211_BAND_2GHZ]) {
++              ret = -ENOMEM;
++              goto err;
++      }
++
++      if (adapter->config_bands & BAND_A) {
++              wiphy->bands[NL80211_BAND_5GHZ] = devm_kmemdup(adapter->dev,
++                                                             &mwifiex_band_5ghz,
++                                                             sizeof(mwifiex_band_5ghz),
++                                                             GFP_KERNEL);
++              if (!wiphy->bands[NL80211_BAND_5GHZ]) {
++                      ret = -ENOMEM;
++                      goto err;
++              }
++      } else {
+               wiphy->bands[NL80211_BAND_5GHZ] = NULL;
++      }
+ 
+       if (adapter->drcs_enabled && ISSUPP_DRCS_ENABLED(adapter->fw_cap_info))
+               wiphy->iface_combinations = &mwifiex_iface_comb_ap_sta_drcs;
+@@ -4386,8 +4402,7 @@ int mwifiex_register_cfg80211(struct mwi
+       if (ret < 0) {
+               mwifiex_dbg(adapter, ERROR,
+                           "%s: wiphy_register failed: %d\n", __func__, ret);
+-              wiphy_free(wiphy);
+-              return ret;
++              goto err;
+       }
+ 
+       if (!adapter->regd) {
+@@ -4429,4 +4444,9 @@ int mwifiex_register_cfg80211(struct mwi
+ 
+       adapter->wiphy = wiphy;
+       return ret;
++
++err:
++      wiphy_free(wiphy);
++
++      return ret;
+ }
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 30 Aug 2024 10:36:50 +0000 (12:36 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 30 Aug 2024 10:36:50 +0000 (12:36 +0200)
queue-4.19/series		patch \| blob \| blame \| history
queue-4.19/wifi-mwifiex-duplicate-static-structs-used-in-driver-instances.patch	[new file with mode: 0644]	patch \| blob