From: Greg Kroah-Hartman Date: Fri, 13 Aug 2021 09:04:37 +0000 (+0200) Subject: 5.13-stable patches X-Git-Tag: v4.4.281~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e65aac8ac286ffd62c518b578a635e741a5038a8;p=thirdparty%2Fkernel%2Fstable-queue.git 5.13-stable patches added patches: alsa-hda-add-quirk-for-asus-flow-x13.patch alsa-hda-realtek-fix-mute-micmute-leds-for-hp-probook-650-g8-notebook-pc.patch alsa-pcm-fix-mmap-breakage-without-explicit-buffer-setup.patch bpf-add-_kernel-suffix-to-internal-lockdown_bpf_read.patch bpf-add-lockdown-check-for-probe_write_user-helper.patch ovl-prevent-private-clone-if-bind-mount-is-not-allowed.patch ppp-fix-generating-ppp-unit-id-when-ifname-is-not-specified.patch --- diff --git a/queue-5.13/alsa-hda-add-quirk-for-asus-flow-x13.patch b/queue-5.13/alsa-hda-add-quirk-for-asus-flow-x13.patch new file mode 100644 index 00000000000..ef5aaa664cc --- /dev/null +++ b/queue-5.13/alsa-hda-add-quirk-for-asus-flow-x13.patch @@ -0,0 +1,31 @@ +From 739d0959fbed23838a96c48fbce01dd2f6fb2c5f Mon Sep 17 00:00:00 2001 +From: Luke D Jones +Date: Sat, 7 Aug 2021 14:58:05 +1200 +Subject: ALSA: hda: Add quirk for ASUS Flow x13 + +From: Luke D Jones + +commit 739d0959fbed23838a96c48fbce01dd2f6fb2c5f upstream. + +The ASUS GV301QH sound appears to work well with the quirk for +ALC294_FIXUP_ASUS_DUAL_SPK. + +Signed-off-by: Luke D Jones +Cc: +Link: https://lore.kernel.org/r/20210807025805.27321-1-luke@ljones.dev +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8406,6 +8406,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1043, 0x16e3, "ASUS UX50", ALC269_FIXUP_STEREO_DMIC), + SND_PCI_QUIRK(0x1043, 0x1740, "ASUS UX430UA", ALC295_FIXUP_ASUS_DACS), + SND_PCI_QUIRK(0x1043, 0x17d1, "ASUS UX431FL", ALC294_FIXUP_ASUS_DUAL_SPK), ++ SND_PCI_QUIRK(0x1043, 0x1662, "ASUS GV301QH", ALC294_FIXUP_ASUS_DUAL_SPK), + SND_PCI_QUIRK(0x1043, 0x1881, "ASUS Zephyrus S/M", ALC294_FIXUP_ASUS_GX502_PINS), + SND_PCI_QUIRK(0x1043, 0x18b1, "Asus MJ401TA", ALC256_FIXUP_ASUS_HEADSET_MIC), + SND_PCI_QUIRK(0x1043, 0x18f1, "Asus FX505DT", ALC256_FIXUP_ASUS_HEADSET_MIC), diff --git a/queue-5.13/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-probook-650-g8-notebook-pc.patch b/queue-5.13/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-probook-650-g8-notebook-pc.patch new file mode 100644 index 00000000000..843196ee40e --- /dev/null +++ b/queue-5.13/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-probook-650-g8-notebook-pc.patch @@ -0,0 +1,32 @@ +From d07149aba2ef423eae94a9cc2a6365d0cdf6fd51 Mon Sep 17 00:00:00 2001 +From: Jeremy Szu +Date: Tue, 10 Aug 2021 18:08:45 +0800 +Subject: ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC + +From: Jeremy Szu + +commit d07149aba2ef423eae94a9cc2a6365d0cdf6fd51 upstream. + +The HP ProBook 650 G8 Notebook PC is using ALC236 codec which is +using 0x02 to control mute LED and 0x01 to control micmute LED. +Therefore, add a quirk to make it works. + +Signed-off-by: Jeremy Szu +Cc: +Link: https://lore.kernel.org/r/20210810100846.65844-1-jeremy.szu@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8371,6 +8371,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x87f4, "HP", ALC287_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x87f5, "HP", ALC287_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x87f7, "HP Spectre x360 14", ALC245_FIXUP_HP_X360_AMP), ++ SND_PCI_QUIRK(0x103c, 0x8805, "HP ProBook 650 G8 Notebook PC", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x880d, "HP EliteBook 830 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8846, "HP EliteBook 850 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8847, "HP EliteBook x360 830 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), diff --git a/queue-5.13/alsa-pcm-fix-mmap-breakage-without-explicit-buffer-setup.patch b/queue-5.13/alsa-pcm-fix-mmap-breakage-without-explicit-buffer-setup.patch new file mode 100644 index 00000000000..4c60855768d --- /dev/null +++ b/queue-5.13/alsa-pcm-fix-mmap-breakage-without-explicit-buffer-setup.patch @@ -0,0 +1,42 @@ +From dc0dc8a73e8e4dc33fba93dfe23356cc5a500c57 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Sun, 8 Aug 2021 09:01:16 +0200 +Subject: ALSA: pcm: Fix mmap breakage without explicit buffer setup + +From: Takashi Iwai + +commit dc0dc8a73e8e4dc33fba93dfe23356cc5a500c57 upstream. + +The recent fix c4824ae7db41 ("ALSA: pcm: Fix mmap capability check") +restricts the mmap capability only to the drivers that properly set up +the buffers, but it caused a regression for a few drivers that manage +the buffer on its own way. + +For those with UNKNOWN buffer type (i.e. the uninitialized / unused +substream->dma_buffer), just assume that the driver handles the mmap +properly and blindly trust the hardware info bit. + +Fixes: c4824ae7db41 ("ALSA: pcm: Fix mmap capability check") +Reported-and-tested-by: Jeff Woods +Cc: +Link: https://lore.kernel.org/r/s5him0gpghv.wl-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/core/pcm_native.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/sound/core/pcm_native.c ++++ b/sound/core/pcm_native.c +@@ -251,7 +251,10 @@ static bool hw_support_mmap(struct snd_p + + switch (substream->dma_buffer.dev.type) { + case SNDRV_DMA_TYPE_UNKNOWN: +- return false; ++ /* we can't know the device, so just assume that the driver does ++ * everything right ++ */ ++ return true; + case SNDRV_DMA_TYPE_CONTINUOUS: + case SNDRV_DMA_TYPE_VMALLOC: + return true; diff --git a/queue-5.13/bpf-add-_kernel-suffix-to-internal-lockdown_bpf_read.patch b/queue-5.13/bpf-add-_kernel-suffix-to-internal-lockdown_bpf_read.patch new file mode 100644 index 00000000000..486c9e6a683 --- /dev/null +++ b/queue-5.13/bpf-add-_kernel-suffix-to-internal-lockdown_bpf_read.patch @@ -0,0 +1,87 @@ +From 71330842ff93ae67a066c1fa68d75672527312fa Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Mon, 9 Aug 2021 21:45:32 +0200 +Subject: bpf: Add _kernel suffix to internal lockdown_bpf_read + +From: Daniel Borkmann + +commit 71330842ff93ae67a066c1fa68d75672527312fa upstream. + +Rename LOCKDOWN_BPF_READ into LOCKDOWN_BPF_READ_KERNEL so we have naming +more consistent with a LOCKDOWN_BPF_WRITE_USER option that we are adding. + +Signed-off-by: Daniel Borkmann +Acked-by: Andrii Nakryiko +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/security.h | 2 +- + kernel/bpf/helpers.c | 4 ++-- + kernel/trace/bpf_trace.c | 8 ++++---- + security/security.c | 2 +- + 4 files changed, 8 insertions(+), 8 deletions(-) + +--- a/include/linux/security.h ++++ b/include/linux/security.h +@@ -123,7 +123,7 @@ enum lockdown_reason { + LOCKDOWN_INTEGRITY_MAX, + LOCKDOWN_KCORE, + LOCKDOWN_KPROBES, +- LOCKDOWN_BPF_READ, ++ LOCKDOWN_BPF_READ_KERNEL, + LOCKDOWN_PERF, + LOCKDOWN_TRACEFS, + LOCKDOWN_XMON_RW, +--- a/kernel/bpf/helpers.c ++++ b/kernel/bpf/helpers.c +@@ -1070,12 +1070,12 @@ bpf_base_func_proto(enum bpf_func_id fun + case BPF_FUNC_probe_read_user: + return &bpf_probe_read_user_proto; + case BPF_FUNC_probe_read_kernel: +- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ? ++ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? + NULL : &bpf_probe_read_kernel_proto; + case BPF_FUNC_probe_read_user_str: + return &bpf_probe_read_user_str_proto; + case BPF_FUNC_probe_read_kernel_str: +- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ? ++ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? + NULL : &bpf_probe_read_kernel_str_proto; + case BPF_FUNC_snprintf_btf: + return &bpf_snprintf_btf_proto; +--- a/kernel/trace/bpf_trace.c ++++ b/kernel/trace/bpf_trace.c +@@ -999,19 +999,19 @@ bpf_tracing_func_proto(enum bpf_func_id + case BPF_FUNC_probe_read_user: + return &bpf_probe_read_user_proto; + case BPF_FUNC_probe_read_kernel: +- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ? ++ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? + NULL : &bpf_probe_read_kernel_proto; + case BPF_FUNC_probe_read_user_str: + return &bpf_probe_read_user_str_proto; + case BPF_FUNC_probe_read_kernel_str: +- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ? ++ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? + NULL : &bpf_probe_read_kernel_str_proto; + #ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + case BPF_FUNC_probe_read: +- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ? ++ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? + NULL : &bpf_probe_read_compat_proto; + case BPF_FUNC_probe_read_str: +- return security_locked_down(LOCKDOWN_BPF_READ) < 0 ? ++ return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? + NULL : &bpf_probe_read_compat_str_proto; + #endif + #ifdef CONFIG_CGROUPS +--- a/security/security.c ++++ b/security/security.c +@@ -61,7 +61,7 @@ const char *const lockdown_reasons[LOCKD + [LOCKDOWN_INTEGRITY_MAX] = "integrity", + [LOCKDOWN_KCORE] = "/proc/kcore access", + [LOCKDOWN_KPROBES] = "use of kprobes", +- [LOCKDOWN_BPF_READ] = "use of bpf to read kernel RAM", ++ [LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM", + [LOCKDOWN_PERF] = "unsafe use of perf", + [LOCKDOWN_TRACEFS] = "use of tracefs", + [LOCKDOWN_XMON_RW] = "xmon read and write access", diff --git a/queue-5.13/bpf-add-lockdown-check-for-probe_write_user-helper.patch b/queue-5.13/bpf-add-lockdown-check-for-probe_write_user-helper.patch new file mode 100644 index 00000000000..1a45cf6888b --- /dev/null +++ b/queue-5.13/bpf-add-lockdown-check-for-probe_write_user-helper.patch @@ -0,0 +1,82 @@ +From 51e1bb9eeaf7868db56e58f47848e364ab4c4129 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Mon, 9 Aug 2021 12:43:17 +0200 +Subject: bpf: Add lockdown check for probe_write_user helper + +From: Daniel Borkmann + +commit 51e1bb9eeaf7868db56e58f47848e364ab4c4129 upstream. + +Back then, commit 96ae52279594 ("bpf: Add bpf_probe_write_user BPF helper +to be called in tracers") added the bpf_probe_write_user() helper in order +to allow to override user space memory. Its original goal was to have a +facility to "debug, divert, and manipulate execution of semi-cooperative +processes" under CAP_SYS_ADMIN. Write to kernel was explicitly disallowed +since it would otherwise tamper with its integrity. + +One use case was shown in cf9b1199de27 ("samples/bpf: Add test/example of +using bpf_probe_write_user bpf helper") where the program DNATs traffic +at the time of connect(2) syscall, meaning, it rewrites the arguments to +a syscall while they're still in userspace, and before the syscall has a +chance to copy the argument into kernel space. These days we have better +mechanisms in BPF for achieving the same (e.g. for load-balancers), but +without having to write to userspace memory. + +Of course the bpf_probe_write_user() helper can also be used to abuse +many other things for both good or bad purpose. Outside of BPF, there is +a similar mechanism for ptrace(2) such as PTRACE_PEEK{TEXT,DATA} and +PTRACE_POKE{TEXT,DATA}, but would likely require some more effort. +Commit 96ae52279594 explicitly dedicated the helper for experimentation +purpose only. Thus, move the helper's availability behind a newly added +LOCKDOWN_BPF_WRITE_USER lockdown knob so that the helper is disabled under +the "integrity" mode. More fine-grained control can be implemented also +from LSM side with this change. + +Fixes: 96ae52279594 ("bpf: Add bpf_probe_write_user BPF helper to be called in tracers") +Signed-off-by: Daniel Borkmann +Acked-by: Andrii Nakryiko +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/security.h | 1 + + kernel/trace/bpf_trace.c | 5 +++-- + security/security.c | 1 + + 3 files changed, 5 insertions(+), 2 deletions(-) + +--- a/include/linux/security.h ++++ b/include/linux/security.h +@@ -120,6 +120,7 @@ enum lockdown_reason { + LOCKDOWN_MMIOTRACE, + LOCKDOWN_DEBUGFS, + LOCKDOWN_XMON_WR, ++ LOCKDOWN_BPF_WRITE_USER, + LOCKDOWN_INTEGRITY_MAX, + LOCKDOWN_KCORE, + LOCKDOWN_KPROBES, +--- a/kernel/trace/bpf_trace.c ++++ b/kernel/trace/bpf_trace.c +@@ -990,12 +990,13 @@ bpf_tracing_func_proto(enum bpf_func_id + return &bpf_get_numa_node_id_proto; + case BPF_FUNC_perf_event_read: + return &bpf_perf_event_read_proto; +- case BPF_FUNC_probe_write_user: +- return bpf_get_probe_write_proto(); + case BPF_FUNC_current_task_under_cgroup: + return &bpf_current_task_under_cgroup_proto; + case BPF_FUNC_get_prandom_u32: + return &bpf_get_prandom_u32_proto; ++ case BPF_FUNC_probe_write_user: ++ return security_locked_down(LOCKDOWN_BPF_WRITE_USER) < 0 ? ++ NULL : bpf_get_probe_write_proto(); + case BPF_FUNC_probe_read_user: + return &bpf_probe_read_user_proto; + case BPF_FUNC_probe_read_kernel: +--- a/security/security.c ++++ b/security/security.c +@@ -58,6 +58,7 @@ const char *const lockdown_reasons[LOCKD + [LOCKDOWN_MMIOTRACE] = "unsafe mmio", + [LOCKDOWN_DEBUGFS] = "debugfs access", + [LOCKDOWN_XMON_WR] = "xmon write access", ++ [LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM", + [LOCKDOWN_INTEGRITY_MAX] = "integrity", + [LOCKDOWN_KCORE] = "/proc/kcore access", + [LOCKDOWN_KPROBES] = "use of kprobes", diff --git a/queue-5.13/ovl-prevent-private-clone-if-bind-mount-is-not-allowed.patch b/queue-5.13/ovl-prevent-private-clone-if-bind-mount-is-not-allowed.patch new file mode 100644 index 00000000000..37a3a06baa6 --- /dev/null +++ b/queue-5.13/ovl-prevent-private-clone-if-bind-mount-is-not-allowed.patch @@ -0,0 +1,100 @@ +From 427215d85e8d1476da1a86b8d67aceb485eb3631 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Mon, 9 Aug 2021 10:19:47 +0200 +Subject: ovl: prevent private clone if bind mount is not allowed + +From: Miklos Szeredi + +commit 427215d85e8d1476da1a86b8d67aceb485eb3631 upstream. + +Add the following checks from __do_loopback() to clone_private_mount() as +well: + + - verify that the mount is in the current namespace + + - verify that there are no locked children + +Reported-by: Alois Wohlschlager +Fixes: c771d683a62e ("vfs: introduce clone_private_mount()") +Cc: # v3.18 +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman +--- + fs/namespace.c | 42 ++++++++++++++++++++++++++++-------------- + 1 file changed, 28 insertions(+), 14 deletions(-) + +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -1938,6 +1938,20 @@ void drop_collected_mounts(struct vfsmou + namespace_unlock(); + } + ++static bool has_locked_children(struct mount *mnt, struct dentry *dentry) ++{ ++ struct mount *child; ++ ++ list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) { ++ if (!is_subdir(child->mnt_mountpoint, dentry)) ++ continue; ++ ++ if (child->mnt.mnt_flags & MNT_LOCKED) ++ return true; ++ } ++ return false; ++} ++ + /** + * clone_private_mount - create a private clone of a path + * @path: path to clone +@@ -1953,10 +1967,19 @@ struct vfsmount *clone_private_mount(con + struct mount *old_mnt = real_mount(path->mnt); + struct mount *new_mnt; + ++ down_read(&namespace_sem); + if (IS_MNT_UNBINDABLE(old_mnt)) +- return ERR_PTR(-EINVAL); ++ goto invalid; ++ ++ if (!check_mnt(old_mnt)) ++ goto invalid; ++ ++ if (has_locked_children(old_mnt, path->dentry)) ++ goto invalid; + + new_mnt = clone_mnt(old_mnt, path->dentry, CL_PRIVATE); ++ up_read(&namespace_sem); ++ + if (IS_ERR(new_mnt)) + return ERR_CAST(new_mnt); + +@@ -1964,6 +1987,10 @@ struct vfsmount *clone_private_mount(con + new_mnt->mnt_ns = MNT_NS_INTERNAL; + + return &new_mnt->mnt; ++ ++invalid: ++ up_read(&namespace_sem); ++ return ERR_PTR(-EINVAL); + } + EXPORT_SYMBOL_GPL(clone_private_mount); + +@@ -2315,19 +2342,6 @@ static int do_change_type(struct path *p + return err; + } + +-static bool has_locked_children(struct mount *mnt, struct dentry *dentry) +-{ +- struct mount *child; +- list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) { +- if (!is_subdir(child->mnt_mountpoint, dentry)) +- continue; +- +- if (child->mnt.mnt_flags & MNT_LOCKED) +- return true; +- } +- return false; +-} +- + static struct mount *__do_loopback(struct path *old_path, int recurse) + { + struct mount *mnt = ERR_PTR(-EINVAL), *old = real_mount(old_path->mnt); diff --git a/queue-5.13/ppp-fix-generating-ppp-unit-id-when-ifname-is-not-specified.patch b/queue-5.13/ppp-fix-generating-ppp-unit-id-when-ifname-is-not-specified.patch new file mode 100644 index 00000000000..e579f5d83dd --- /dev/null +++ b/queue-5.13/ppp-fix-generating-ppp-unit-id-when-ifname-is-not-specified.patch @@ -0,0 +1,109 @@ +From 3125f26c514826077f2a4490b75e9b1c7a644c42 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= +Date: Sat, 7 Aug 2021 18:00:50 +0200 +Subject: ppp: Fix generating ppp unit id when ifname is not specified +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pali Rohár + +commit 3125f26c514826077f2a4490b75e9b1c7a644c42 upstream. + +When registering new ppp interface via PPPIOCNEWUNIT ioctl then kernel has +to choose interface name as this ioctl API does not support specifying it. + +Kernel in this case register new interface with name "ppp" where +is the ppp unit id, which can be obtained via PPPIOCGUNIT ioctl. This +applies also in the case when registering new ppp interface via rtnl +without supplying IFLA_IFNAME. + +PPPIOCNEWUNIT ioctl allows to specify own ppp unit id which will kernel +assign to ppp interface, in case this ppp id is not already used by other +ppp interface. + +In case user does not specify ppp unit id then kernel choose the first free +ppp unit id. This applies also for case when creating ppp interface via +rtnl method as it does not provide a way for specifying own ppp unit id. + +If some network interface (does not have to be ppp) has name "ppp" +with this first free ppp id then PPPIOCNEWUNIT ioctl or rtnl call fails. + +And registering new ppp interface is not possible anymore, until interface +which holds conflicting name is renamed. Or when using rtnl method with +custom interface name in IFLA_IFNAME. + +As list of allocated / used ppp unit ids is not possible to retrieve from +kernel to userspace, userspace has no idea what happens nor which interface +is doing this conflict. + +So change the algorithm how ppp unit id is generated. And choose the first +number which is not neither used as ppp unit id nor in some network +interface with pattern "ppp". + +This issue can be simply reproduced by following pppd call when there is no +ppp interface registered and also no interface with name pattern "ppp": + + pppd ifname ppp1 +ipv6 noip noauth nolock local nodetach pty "pppd +ipv6 noip noauth nolock local nodetach notty" + +Or by creating the one ppp interface (which gets assigned ppp unit id 0), +renaming it to "ppp1" and then trying to create a new ppp interface (which +will always fails as next free ppp unit id is 1, but network interface with +name "ppp1" exists). + +This patch fixes above described issue by generating new and new ppp unit +id until some non-conflicting id with network interfaces is generated. + +Signed-off-by: Pali Rohár +Cc: stable@vger.kernel.org +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ppp/ppp_generic.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +--- a/drivers/net/ppp/ppp_generic.c ++++ b/drivers/net/ppp/ppp_generic.c +@@ -284,7 +284,7 @@ static struct channel *ppp_find_channel( + static int ppp_connect_channel(struct channel *pch, int unit); + static int ppp_disconnect_channel(struct channel *pch); + static void ppp_destroy_channel(struct channel *pch); +-static int unit_get(struct idr *p, void *ptr); ++static int unit_get(struct idr *p, void *ptr, int min); + static int unit_set(struct idr *p, void *ptr, int n); + static void unit_put(struct idr *p, int n); + static void *unit_find(struct idr *p, int n); +@@ -1155,9 +1155,20 @@ static int ppp_unit_register(struct ppp + mutex_lock(&pn->all_ppp_mutex); + + if (unit < 0) { +- ret = unit_get(&pn->units_idr, ppp); ++ ret = unit_get(&pn->units_idr, ppp, 0); + if (ret < 0) + goto err; ++ if (!ifname_is_set) { ++ while (1) { ++ snprintf(ppp->dev->name, IFNAMSIZ, "ppp%i", ret); ++ if (!__dev_get_by_name(ppp->ppp_net, ppp->dev->name)) ++ break; ++ unit_put(&pn->units_idr, ret); ++ ret = unit_get(&pn->units_idr, ppp, ret + 1); ++ if (ret < 0) ++ goto err; ++ } ++ } + } else { + /* Caller asked for a specific unit number. Fail with -EEXIST + * if unavailable. For backward compatibility, return -EEXIST +@@ -3552,9 +3563,9 @@ static int unit_set(struct idr *p, void + } + + /* get new free unit number and associate pointer with it */ +-static int unit_get(struct idr *p, void *ptr) ++static int unit_get(struct idr *p, void *ptr, int min) + { +- return idr_alloc(p, ptr, 0, 0, GFP_KERNEL); ++ return idr_alloc(p, ptr, min, 0, GFP_KERNEL); + } + + /* put unit number back to a pool */ diff --git a/queue-5.13/series b/queue-5.13/series index 8a593ad4711..0dfc4133e3a 100644 --- a/queue-5.13/series +++ b/queue-5.13/series @@ -1 +1,8 @@ firmware-tee_bnxt-release-tee-shm-session-and-contex.patch +bpf-add-_kernel-suffix-to-internal-lockdown_bpf_read.patch +bpf-add-lockdown-check-for-probe_write_user-helper.patch +alsa-pcm-fix-mmap-breakage-without-explicit-buffer-setup.patch +alsa-hda-realtek-fix-mute-micmute-leds-for-hp-probook-650-g8-notebook-pc.patch +alsa-hda-add-quirk-for-asus-flow-x13.patch +ppp-fix-generating-ppp-unit-id-when-ifname-is-not-specified.patch +ovl-prevent-private-clone-if-bind-mount-is-not-allowed.patch