From: Sasha Levin Date: Fri, 4 Jun 2021 18:20:29 +0000 (-0400) Subject: Fixes for 4.19 X-Git-Tag: v4.4.272~94 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aecb35b8acc1314848720442f016eb5f6d02dbf1;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.19 Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/alsa-usb-update-old-style-static-const-declaration.patch b/queue-4.19/alsa-usb-update-old-style-static-const-declaration.patch new file mode 100644 index 00000000000..4787688ed04 --- /dev/null +++ b/queue-4.19/alsa-usb-update-old-style-static-const-declaration.patch @@ -0,0 +1,46 @@ +From a7b245f214b62b16cbe59fb7cf2f2b2a399c6709 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 11 Jan 2020 15:47:36 -0600 +Subject: ALSA: usb: update old-style static const declaration +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pierre-Louis Bossart + +[ Upstream commit ff40e0d41af19e36b43693fcb9241b4a6795bb44 ] + +GCC reports the following warning with W=1 + +sound/usb/mixer_quirks.c: In function ‘snd_microii_controls_create’: +sound/usb/mixer_quirks.c:1694:2: warning: ‘static’ is not at beginning +of declaration [-Wold-style-declaration] + 1694 | const static usb_mixer_elem_resume_func_t resume_funcs[] = { + | ^~~~~ + +Move static to the beginning of declaration + +Signed-off-by: Pierre-Louis Bossart +Link: https://lore.kernel.org/r/20200111214736.3002-3-pierre-louis.bossart@linux.intel.com +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/usb/mixer_quirks.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c +index 169679419b39..a74e07eff60c 100644 +--- a/sound/usb/mixer_quirks.c ++++ b/sound/usb/mixer_quirks.c +@@ -1708,7 +1708,7 @@ static struct snd_kcontrol_new snd_microii_mixer_spdif[] = { + static int snd_microii_controls_create(struct usb_mixer_interface *mixer) + { + int err, i; +- const static usb_mixer_elem_resume_func_t resume_funcs[] = { ++ static const usb_mixer_elem_resume_func_t resume_funcs[] = { + snd_microii_spdif_default_update, + NULL, + snd_microii_spdif_switch_update +-- +2.30.2 + diff --git a/queue-4.19/net-usb-cdc_ncm-don-t-spew-notifications.patch b/queue-4.19/net-usb-cdc_ncm-don-t-spew-notifications.patch new file mode 100644 index 00000000000..d4bc6d587d7 --- /dev/null +++ b/queue-4.19/net-usb-cdc_ncm-don-t-spew-notifications.patch @@ -0,0 +1,112 @@ +From ba8ac89f2b4e4310a4ac84c5f38d2e1f1e110f82 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Jan 2021 17:12:08 -0800 +Subject: net: usb: cdc_ncm: don't spew notifications + +From: Grant Grundler + +[ Upstream commit de658a195ee23ca6aaffe197d1d2ea040beea0a2 ] + +RTL8156 sends notifications about every 32ms. +Only display/log notifications when something changes. + +This issue has been reported by others: + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832472 + https://lkml.org/lkml/2020/8/27/1083 + +... +[785962.779840] usb 1-1: new high-speed USB device number 5 using xhci_hcd +[785962.929944] usb 1-1: New USB device found, idVendor=0bda, idProduct=8156, bcdDevice=30.00 +[785962.929949] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=6 +[785962.929952] usb 1-1: Product: USB 10/100/1G/2.5G LAN +[785962.929954] usb 1-1: Manufacturer: Realtek +[785962.929956] usb 1-1: SerialNumber: 000000001 +[785962.991755] usbcore: registered new interface driver cdc_ether +[785963.017068] cdc_ncm 1-1:2.0: MAC-Address: 00:24:27:88:08:15 +[785963.017072] cdc_ncm 1-1:2.0: setting rx_max = 16384 +[785963.017169] cdc_ncm 1-1:2.0: setting tx_max = 16384 +[785963.017682] cdc_ncm 1-1:2.0 usb0: register 'cdc_ncm' at usb-0000:00:14.0-1, CDC NCM, 00:24:27:88:08:15 +[785963.019211] usbcore: registered new interface driver cdc_ncm +[785963.023856] usbcore: registered new interface driver cdc_wdm +[785963.025461] usbcore: registered new interface driver cdc_mbim +[785963.038824] cdc_ncm 1-1:2.0 enx002427880815: renamed from usb0 +[785963.089586] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected +[785963.121673] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected +[785963.153682] cdc_ncm 1-1:2.0 enx002427880815: network connection: disconnected +... + +This is about 2KB per second and will overwrite all contents of a 1MB +dmesg buffer in under 10 minutes rendering them useless for debugging +many kernel problems. + +This is also an extra 180 MB/day in /var/logs (or 1GB per week) rendering +the majority of those logs useless too. + +When the link is up (expected state), spew amount is >2x higher: +... +[786139.600992] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected +[786139.632997] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink +[786139.665097] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected +[786139.697100] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink +[786139.729094] cdc_ncm 2-1:2.0 enx002427880815: network connection: connected +[786139.761108] cdc_ncm 2-1:2.0 enx002427880815: 2500 mbit/s downlink 2500 mbit/s uplink +... + +Chrome OS cannot support RTL8156 until this is fixed. + +Signed-off-by: Grant Grundler +Reviewed-by: Hayes Wang +Link: https://lore.kernel.org/r/20210120011208.3768105-1-grundler@chromium.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/usb/cdc_ncm.c | 12 +++++++++++- + include/linux/usb/usbnet.h | 2 ++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c +index faca70c3647d..82ec00a7370d 100644 +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -1590,6 +1590,15 @@ cdc_ncm_speed_change(struct usbnet *dev, + uint32_t rx_speed = le32_to_cpu(data->DLBitRRate); + uint32_t tx_speed = le32_to_cpu(data->ULBitRate); + ++ /* if the speed hasn't changed, don't report it. ++ * RTL8156 shipped before 2021 sends notification about every 32ms. ++ */ ++ if (dev->rx_speed == rx_speed && dev->tx_speed == tx_speed) ++ return; ++ ++ dev->rx_speed = rx_speed; ++ dev->tx_speed = tx_speed; ++ + /* + * Currently the USB-NET API does not support reporting the actual + * device speed. Do print it instead. +@@ -1633,7 +1642,8 @@ static void cdc_ncm_status(struct usbnet *dev, struct urb *urb) + * USB_CDC_NOTIFY_NETWORK_CONNECTION notification shall be + * sent by device after USB_CDC_NOTIFY_SPEED_CHANGE. + */ +- usbnet_link_change(dev, !!event->wValue, 0); ++ if (netif_carrier_ok(dev->net) != !!event->wValue) ++ usbnet_link_change(dev, !!event->wValue, 0); + break; + + case USB_CDC_NOTIFY_SPEED_CHANGE: +diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h +index e2ec3582e549..452ca06ed253 100644 +--- a/include/linux/usb/usbnet.h ++++ b/include/linux/usb/usbnet.h +@@ -83,6 +83,8 @@ struct usbnet { + # define EVENT_LINK_CHANGE 11 + # define EVENT_SET_RX_MODE 12 + # define EVENT_NO_IP_ALIGN 13 ++ u32 rx_speed; /* in bps - NOT Mbps */ ++ u32 tx_speed; /* in bps - NOT Mbps */ + }; + + static inline struct usb_driver *driver_of(struct usb_interface *intf) +-- +2.30.2 + diff --git a/queue-4.19/nl80211-validate-key-indexes-for-cfg80211_registered.patch b/queue-4.19/nl80211-validate-key-indexes-for-cfg80211_registered.patch new file mode 100644 index 00000000000..52ce33d9265 --- /dev/null +++ b/queue-4.19/nl80211-validate-key-indexes-for-cfg80211_registered.patch @@ -0,0 +1,133 @@ +From e5af0e9f1072c5d6e5cbc46f8520417ce11ad628 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Jun 2021 09:28:52 -0700 +Subject: nl80211: validate key indexes for cfg80211_registered_device + +From: Anant Thazhemadam + +commit 2d9463083ce92636a1bdd3e30d1236e3e95d859e upstream + +syzbot discovered a bug in which an OOB access was being made because +an unsuitable key_idx value was wrongly considered to be acceptable +while deleting a key in nl80211_del_key(). + +Since we don't know the cipher at the time of deletion, if +cfg80211_validate_key_settings() were to be called directly in +nl80211_del_key(), even valid keys would be wrongly determined invalid, +and deletion wouldn't occur correctly. +For this reason, a new function - cfg80211_valid_key_idx(), has been +created, to determine if the key_idx value provided is valid or not. +cfg80211_valid_key_idx() is directly called in 2 places - +nl80211_del_key(), and cfg80211_validate_key_settings(). + +Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com +Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com +Suggested-by: Johannes Berg +Signed-off-by: Anant Thazhemadam +Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com +Cc: stable@vger.kernel.org +[also disallow IGTK key IDs if no IGTK cipher is supported] +Signed-off-by: Johannes Berg +Signed-off-by: Zubin Mithra +Signed-off-by: Sasha Levin +--- + net/wireless/core.h | 2 ++ + net/wireless/nl80211.c | 7 ++++--- + net/wireless/util.c | 39 ++++++++++++++++++++++++++++++++++++++- + 3 files changed, 44 insertions(+), 4 deletions(-) + +diff --git a/net/wireless/core.h b/net/wireless/core.h +index f5d58652108d..5f177dad2fa8 100644 +--- a/net/wireless/core.h ++++ b/net/wireless/core.h +@@ -404,6 +404,8 @@ void cfg80211_sme_abandon_assoc(struct wireless_dev *wdev); + + /* internal helpers */ + bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher); ++bool cfg80211_valid_key_idx(struct cfg80211_registered_device *rdev, ++ int key_idx, bool pairwise); + int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, + struct key_params *params, int key_idx, + bool pairwise, const u8 *mac_addr); +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c +index 5f0605275fa3..04c4fd376e1d 100644 +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -3624,9 +3624,6 @@ static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) + if (err) + return err; + +- if (key.idx < 0) +- return -EINVAL; +- + if (info->attrs[NL80211_ATTR_MAC]) + mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); + +@@ -3642,6 +3639,10 @@ static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) + key.type != NL80211_KEYTYPE_GROUP) + return -EINVAL; + ++ if (!cfg80211_valid_key_idx(rdev, key.idx, ++ key.type == NL80211_KEYTYPE_PAIRWISE)) ++ return -EINVAL; ++ + if (!rdev->ops->del_key) + return -EOPNOTSUPP; + +diff --git a/net/wireless/util.c b/net/wireless/util.c +index 6f9cff2ee795..c4536468dfbe 100644 +--- a/net/wireless/util.c ++++ b/net/wireless/util.c +@@ -214,11 +214,48 @@ bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher) + return false; + } + ++static bool ++cfg80211_igtk_cipher_supported(struct cfg80211_registered_device *rdev) ++{ ++ struct wiphy *wiphy = &rdev->wiphy; ++ int i; ++ ++ for (i = 0; i < wiphy->n_cipher_suites; i++) { ++ switch (wiphy->cipher_suites[i]) { ++ case WLAN_CIPHER_SUITE_AES_CMAC: ++ case WLAN_CIPHER_SUITE_BIP_CMAC_256: ++ case WLAN_CIPHER_SUITE_BIP_GMAC_128: ++ case WLAN_CIPHER_SUITE_BIP_GMAC_256: ++ return true; ++ } ++ } ++ ++ return false; ++} ++ ++bool cfg80211_valid_key_idx(struct cfg80211_registered_device *rdev, ++ int key_idx, bool pairwise) ++{ ++ int max_key_idx; ++ ++ if (pairwise) ++ max_key_idx = 3; ++ else if (cfg80211_igtk_cipher_supported(rdev)) ++ max_key_idx = 5; ++ else ++ max_key_idx = 3; ++ ++ if (key_idx < 0 || key_idx > max_key_idx) ++ return false; ++ ++ return true; ++} ++ + int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, + struct key_params *params, int key_idx, + bool pairwise, const u8 *mac_addr) + { +- if (key_idx < 0 || key_idx > 5) ++ if (!cfg80211_valid_key_idx(rdev, key_idx, pairwise)) + return -EINVAL; + + if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) +-- +2.30.2 + diff --git a/queue-4.19/series b/queue-4.19/series index e69de29bb2d..7cb7d00325a 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -0,0 +1,3 @@ +net-usb-cdc_ncm-don-t-spew-notifications.patch +alsa-usb-update-old-style-static-const-declaration.patch +nl80211-validate-key-indexes-for-cfg80211_registered.patch