From: Greg Kroah-Hartman Date: Tue, 14 Jul 2020 12:07:26 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v5.7.9~14 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ce3ecf5bace8a29a5c558dd7ec1a4b6003bde8cf;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch --- diff --git a/queue-4.14/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch b/queue-4.14/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch new file mode 100644 index 00000000000..6de772e4710 --- /dev/null +++ b/queue-4.14/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch @@ -0,0 +1,184 @@ +From c7c641c54f41bb0cbaea455b87c70e3adb0f0923 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Tue, 14 Jul 2020 14:03:44 +0200 +Subject: Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb" + +From: Greg Kroah-Hartman + +This reverts commit 97efdabe90f035d16d3f79218055e87c76ec02e6 which is +commit 2bbcaaee1fcbd83272e29f31e2bb7e70d8c49e05 upstream. + +It is being reverted upstream, just hasn't made it there yet and is +causing lots of problems. + +Reported-by: Hans de Goede +Cc: Qiujun Huang +Cc: Kalle Valo +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/ath/ath9k/hif_usb.c | 48 +++++++------------------------ + drivers/net/wireless/ath/ath9k/hif_usb.h | 5 --- + 2 files changed, 11 insertions(+), 42 deletions(-) + +--- a/drivers/net/wireless/ath/ath9k/hif_usb.c ++++ b/drivers/net/wireless/ath/ath9k/hif_usb.c +@@ -641,9 +641,9 @@ err: + + static void ath9k_hif_usb_rx_cb(struct urb *urb) + { +- struct rx_buf *rx_buf = (struct rx_buf *)urb->context; +- struct hif_device_usb *hif_dev = rx_buf->hif_dev; +- struct sk_buff *skb = rx_buf->skb; ++ struct sk_buff *skb = (struct sk_buff *) urb->context; ++ struct hif_device_usb *hif_dev = ++ usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); + int ret; + + if (!skb) +@@ -683,15 +683,14 @@ resubmit: + return; + free: + kfree_skb(skb); +- kfree(rx_buf); + } + + static void ath9k_hif_usb_reg_in_cb(struct urb *urb) + { +- struct rx_buf *rx_buf = (struct rx_buf *)urb->context; +- struct hif_device_usb *hif_dev = rx_buf->hif_dev; +- struct sk_buff *skb = rx_buf->skb; ++ struct sk_buff *skb = (struct sk_buff *) urb->context; + struct sk_buff *nskb; ++ struct hif_device_usb *hif_dev = ++ usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); + int ret; + + if (!skb) +@@ -749,7 +748,6 @@ resubmit: + return; + free: + kfree_skb(skb); +- kfree(rx_buf); + urb->context = NULL; + } + +@@ -795,7 +793,7 @@ static int ath9k_hif_usb_alloc_tx_urbs(s + init_usb_anchor(&hif_dev->mgmt_submitted); + + for (i = 0; i < MAX_TX_URB_NUM; i++) { +- tx_buf = kzalloc(sizeof(*tx_buf), GFP_KERNEL); ++ tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL); + if (!tx_buf) + goto err; + +@@ -832,9 +830,8 @@ static void ath9k_hif_usb_dealloc_rx_urb + + static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev) + { +- struct rx_buf *rx_buf = NULL; +- struct sk_buff *skb = NULL; + struct urb *urb = NULL; ++ struct sk_buff *skb = NULL; + int i, ret; + + init_usb_anchor(&hif_dev->rx_submitted); +@@ -842,12 +839,6 @@ static int ath9k_hif_usb_alloc_rx_urbs(s + + for (i = 0; i < MAX_RX_URB_NUM; i++) { + +- rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL); +- if (!rx_buf) { +- ret = -ENOMEM; +- goto err_rxb; +- } +- + /* Allocate URB */ + urb = usb_alloc_urb(0, GFP_KERNEL); + if (urb == NULL) { +@@ -862,14 +853,11 @@ static int ath9k_hif_usb_alloc_rx_urbs(s + goto err_skb; + } + +- rx_buf->hif_dev = hif_dev; +- rx_buf->skb = skb; +- + usb_fill_bulk_urb(urb, hif_dev->udev, + usb_rcvbulkpipe(hif_dev->udev, + USB_WLAN_RX_PIPE), + skb->data, MAX_RX_BUF_SIZE, +- ath9k_hif_usb_rx_cb, rx_buf); ++ ath9k_hif_usb_rx_cb, skb); + + /* Anchor URB */ + usb_anchor_urb(urb, &hif_dev->rx_submitted); +@@ -895,8 +883,6 @@ err_submit: + err_skb: + usb_free_urb(urb); + err_urb: +- kfree(rx_buf); +-err_rxb: + ath9k_hif_usb_dealloc_rx_urbs(hif_dev); + return ret; + } +@@ -908,21 +894,14 @@ static void ath9k_hif_usb_dealloc_reg_in + + static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev) + { +- struct rx_buf *rx_buf = NULL; +- struct sk_buff *skb = NULL; + struct urb *urb = NULL; ++ struct sk_buff *skb = NULL; + int i, ret; + + init_usb_anchor(&hif_dev->reg_in_submitted); + + for (i = 0; i < MAX_REG_IN_URB_NUM; i++) { + +- rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL); +- if (!rx_buf) { +- ret = -ENOMEM; +- goto err_rxb; +- } +- + /* Allocate URB */ + urb = usb_alloc_urb(0, GFP_KERNEL); + if (urb == NULL) { +@@ -937,14 +916,11 @@ static int ath9k_hif_usb_alloc_reg_in_ur + goto err_skb; + } + +- rx_buf->hif_dev = hif_dev; +- rx_buf->skb = skb; +- + usb_fill_int_urb(urb, hif_dev->udev, + usb_rcvintpipe(hif_dev->udev, + USB_REG_IN_PIPE), + skb->data, MAX_REG_IN_BUF_SIZE, +- ath9k_hif_usb_reg_in_cb, rx_buf, 1); ++ ath9k_hif_usb_reg_in_cb, skb, 1); + + /* Anchor URB */ + usb_anchor_urb(urb, &hif_dev->reg_in_submitted); +@@ -970,8 +946,6 @@ err_submit: + err_skb: + usb_free_urb(urb); + err_urb: +- kfree(rx_buf); +-err_rxb: + ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev); + return ret; + } +--- a/drivers/net/wireless/ath/ath9k/hif_usb.h ++++ b/drivers/net/wireless/ath/ath9k/hif_usb.h +@@ -86,11 +86,6 @@ struct tx_buf { + struct list_head list; + }; + +-struct rx_buf { +- struct sk_buff *skb; +- struct hif_device_usb *hif_dev; +-}; +- + #define HIF_USB_TX_STOP BIT(0) + #define HIF_USB_TX_FLUSH BIT(1) + diff --git a/queue-4.14/series b/queue-4.14/series index c97718782bc..5260081835d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -31,3 +31,4 @@ kvm-arm64-stop-clobbering-x0-for-hvc_soft_restart.patch kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch kvm-x86-inject-gp-if-guest-attempts-to-toggle-cr4.la57-in-64-bit-mode.patch kvm-x86-mark-cr4.tsd-as-being-possibly-owned-by-the-guest.patch +revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch