From 42bbaeac52487abb02fc5fe33bd898ef39aa9141 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 29 Mar 2020 16:22:32 -0400 Subject: [PATCH] Fixes for 4.9 Signed-off-by: Sasha Levin --- ...-schedule-ogm-for-disabled-interface.patch | 47 ++++++++ ...ultiple-definition-with-gcc-fno-comm.patch | 90 +++++++++++++++ ...dt-bindings-net-fman-erratum-a050385.patch | 89 +++++++++++++++ ...send-mesh-hwmp-preq-if-hwmp-is-disab.patch | 38 +++++++ ...tlockup-when-rescanning-devices-in-p.patch | 107 ++++++++++++++++++ queue-4.9/series | 6 + ...-one-in-samsung-driver-strncpy-size-.patch | 44 +++++++ 7 files changed, 421 insertions(+) create mode 100644 queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch create mode 100644 queue-4.9/cpupower-avoid-multiple-definition-with-gcc-fno-comm.patch create mode 100644 queue-4.9/dt-bindings-net-fman-erratum-a050385.patch create mode 100644 queue-4.9/mac80211-do-not-send-mesh-hwmp-preq-if-hwmp-is-disab.patch create mode 100644 queue-4.9/scsi-ipr-fix-softlockup-when-rescanning-devices-in-p.patch create mode 100644 queue-4.9/sxgbe-fix-off-by-one-in-samsung-driver-strncpy-size-.patch diff --git a/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch b/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch new file mode 100644 index 00000000000..dbd703d5e2b --- /dev/null +++ b/queue-4.9/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch @@ -0,0 +1,47 @@ +From a9e2055aad05436a8a2bd5cc00906f0f16fd70c2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 16 Feb 2020 13:02:06 +0100 +Subject: batman-adv: Don't schedule OGM for disabled interface + +From: Sven Eckelmann + +[ Upstream commit 8e8ce08198de193e3d21d42e96945216e3d9ac7f ] + +A transmission scheduling for an interface which is currently dropped by +batadv_iv_ogm_iface_disable could still be in progress. The B.A.T.M.A.N. V +is simply cancelling the workqueue item in an synchronous way but this is +not possible with B.A.T.M.A.N. IV because the OGM submissions are +intertwined. + +Instead it has to stop submitting the OGM when it detect that the buffer +pointer is set to NULL. + +Reported-by: syzbot+a98f2016f40b9cd3818a@syzkaller.appspotmail.com +Reported-by: syzbot+ac36b6a33c28a491e929@syzkaller.appspotmail.com +Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") +Signed-off-by: Sven Eckelmann +Cc: Hillf Danton +Signed-off-by: Simon Wunderlich +Signed-off-by: Sasha Levin +--- + net/batman-adv/bat_iv_ogm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c +index 2b663622bdb45..c22478d506325 100644 +--- a/net/batman-adv/bat_iv_ogm.c ++++ b/net/batman-adv/bat_iv_ogm.c +@@ -969,6 +969,10 @@ static void batadv_iv_ogm_schedule_buff(struct batadv_hard_iface *hard_iface) + + lockdep_assert_held(&hard_iface->bat_iv.ogm_buff_mutex); + ++ /* interface already disabled by batadv_iv_ogm_iface_disable */ ++ if (!*ogm_buff) ++ return; ++ + /* interface already disabled by batadv_iv_ogm_iface_disable */ + if (!*ogm_buff) + return; +-- +2.20.1 + diff --git a/queue-4.9/cpupower-avoid-multiple-definition-with-gcc-fno-comm.patch b/queue-4.9/cpupower-avoid-multiple-definition-with-gcc-fno-comm.patch new file mode 100644 index 00000000000..6ee66d587a7 --- /dev/null +++ b/queue-4.9/cpupower-avoid-multiple-definition-with-gcc-fno-comm.patch @@ -0,0 +1,90 @@ +From e2562b57209660471f022f48addf700894582070 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Feb 2020 14:33:59 -0500 +Subject: cpupower: avoid multiple definition with gcc -fno-common + +From: Mike Gilbert + +[ Upstream commit 2de7fb60a4740135e03cf55c1982e393ccb87b6b ] + +Building cpupower with -fno-common in CFLAGS results in errors due to +multiple definitions of the 'cpu_count' and 'start_time' variables. + +./utils/idle_monitor/snb_idle.o:./utils/idle_monitor/cpupower-monitor.h:28: +multiple definition of `cpu_count'; +./utils/idle_monitor/nhm_idle.o:./utils/idle_monitor/cpupower-monitor.h:28: +first defined here +... +./utils/idle_monitor/cpuidle_sysfs.o:./utils/idle_monitor/cpuidle_sysfs.c:22: +multiple definition of `start_time'; +./utils/idle_monitor/amd_fam14h_idle.o:./utils/idle_monitor/amd_fam14h_idle.c:85: +first defined here + +The -fno-common option will be enabled by default in GCC 10. + +Bug: https://bugs.gentoo.org/707462 +Signed-off-by: Mike Gilbert +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c | 2 +- + tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c | 2 +- + tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c | 2 ++ + tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h | 2 +- + 4 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c b/tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c +index 2116df9ad8325..c097a3748674f 100644 +--- a/tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c ++++ b/tools/power/cpupower/utils/idle_monitor/amd_fam14h_idle.c +@@ -83,7 +83,7 @@ static struct pci_access *pci_acc; + static struct pci_dev *amd_fam14h_pci_dev; + static int nbp1_entered; + +-struct timespec start_time; ++static struct timespec start_time; + static unsigned long long timediff; + + #ifdef DEBUG +diff --git a/tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c b/tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c +index 5b3205f162174..5277df27191f3 100644 +--- a/tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c ++++ b/tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c +@@ -21,7 +21,7 @@ struct cpuidle_monitor cpuidle_sysfs_monitor; + + static unsigned long long **previous_count; + static unsigned long long **current_count; +-struct timespec start_time; ++static struct timespec start_time; + static unsigned long long timediff; + + static int cpuidle_get_count_percent(unsigned int id, double *percent, +diff --git a/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c b/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c +index 05f953f0f0a0c..80a21cb67d94f 100644 +--- a/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c ++++ b/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.c +@@ -29,6 +29,8 @@ struct cpuidle_monitor *all_monitors[] = { + 0 + }; + ++int cpu_count; ++ + static struct cpuidle_monitor *monitors[MONITORS_MAX]; + static unsigned int avail_monitors; + +diff --git a/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h b/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h +index 9e43f3371fbc6..3558bbae2b5dc 100644 +--- a/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h ++++ b/tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h +@@ -18,7 +18,7 @@ + #define CSTATE_NAME_LEN 5 + #define CSTATE_DESC_LEN 60 + +-int cpu_count; ++extern int cpu_count; + + /* Hard to define the right names ...: */ + enum power_range_e { +-- +2.20.1 + diff --git a/queue-4.9/dt-bindings-net-fman-erratum-a050385.patch b/queue-4.9/dt-bindings-net-fman-erratum-a050385.patch new file mode 100644 index 00000000000..1bcf942dbd3 --- /dev/null +++ b/queue-4.9/dt-bindings-net-fman-erratum-a050385.patch @@ -0,0 +1,89 @@ +From 8f50ba9c86cbdf552bfbc10e93ad50c27a22bdfa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 4 Mar 2020 18:04:25 +0200 +Subject: dt-bindings: net: FMan erratum A050385 + +From: Madalin Bucur + +[ Upstream commit 26d5bb9e4c4b541c475751e015072eb2cbf70d15 ] + +FMAN DMA read or writes under heavy traffic load may cause FMAN +internal resource leak; thus stopping further packet processing. + +The FMAN internal queue can overflow when FMAN splits single +read or write transactions into multiple smaller transactions +such that more than 17 AXI transactions are in flight from FMAN +to interconnect. When the FMAN internal queue overflows, it can +stall further packet processing. The issue can occur with any one +of the following three conditions: + + 1. FMAN AXI transaction crosses 4K address boundary (Errata + A010022) + 2. FMAN DMA address for an AXI transaction is not 16 byte + aligned, i.e. the last 4 bits of an address are non-zero + 3. Scatter Gather (SG) frames have more than one SG buffer in + the SG list and any one of the buffers, except the last + buffer in the SG list has data size that is not a multiple + of 16 bytes, i.e., other than 16, 32, 48, 64, etc. + +With any one of the above three conditions present, there is +likelihood of stalled FMAN packet processing, especially under +stress with multiple ports injecting line-rate traffic. + +To avoid situations that stall FMAN packet processing, all of the +above three conditions must be avoided; therefore, configure the +system with the following rules: + + 1. Frame buffers must not span a 4KB address boundary, unless + the frame start address is 256 byte aligned + 2. All FMAN DMA start addresses (for example, BMAN buffer + address, FD[address] + FD[offset]) are 16B aligned + 3. SG table and buffer addresses are 16B aligned and the size + of SG buffers are multiple of 16 bytes, except for the last + SG buffer that can be of any size. + +Additional workaround notes: +- Address alignment of 64 bytes is recommended for maximally +efficient system bus transactions (although 16 byte alignment is +sufficient to avoid the stall condition) +- To support frame sizes that are larger than 4K bytes, there are +two options: + 1. Large single buffer frames that span a 4KB page boundary can + be converted into SG frames to avoid transaction splits at + the 4KB boundary, + 2. Align the large single buffer to 256B address boundaries, + ensure that the frame address plus offset is 256B aligned. +- If software generated SG frames have buffers that are unaligned +and with random non-multiple of 16 byte lengths, before +transmitting such frames via FMAN, frames will need to be copied +into a new single buffer or multiple buffer SG frame that is +compliant with the three rules listed above. + +Signed-off-by: Madalin Bucur +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + Documentation/devicetree/bindings/powerpc/fsl/fman.txt | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/Documentation/devicetree/bindings/powerpc/fsl/fman.txt b/Documentation/devicetree/bindings/powerpc/fsl/fman.txt +index df873d1f3b7c5..2aaae210317bb 100644 +--- a/Documentation/devicetree/bindings/powerpc/fsl/fman.txt ++++ b/Documentation/devicetree/bindings/powerpc/fsl/fman.txt +@@ -110,6 +110,13 @@ PROPERTIES + Usage: required + Definition: See soc/fsl/qman.txt and soc/fsl/bman.txt + ++- fsl,erratum-a050385 ++ Usage: optional ++ Value type: boolean ++ Definition: A boolean property. Indicates the presence of the ++ erratum A050385 which indicates that DMA transactions that are ++ split can result in a FMan lock. ++ + ============================================================================= + FMan MURAM Node + +-- +2.20.1 + diff --git a/queue-4.9/mac80211-do-not-send-mesh-hwmp-preq-if-hwmp-is-disab.patch b/queue-4.9/mac80211-do-not-send-mesh-hwmp-preq-if-hwmp-is-disab.patch new file mode 100644 index 00000000000..32bcd829534 --- /dev/null +++ b/queue-4.9/mac80211-do-not-send-mesh-hwmp-preq-if-hwmp-is-disab.patch @@ -0,0 +1,38 @@ +From 44895f3ab2488a98a6112aeaf07f86371f0b5fe5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 5 Mar 2020 15:04:09 +0100 +Subject: mac80211: Do not send mesh HWMP PREQ if HWMP is disabled + +From: Nicolas Cavallari + +[ Upstream commit ba32679cac50c38fdf488296f96b1f3175532b8e ] + +When trying to transmit to an unknown destination, the mesh code would +unconditionally transmit a HWMP PREQ even if HWMP is not the current +path selection algorithm. + +Signed-off-by: Nicolas Cavallari +Link: https://lore.kernel.org/r/20200305140409.12204-1-cavallar@lri.fr +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/mesh_hwmp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c +index 5f4c228b82e56..f7eaa1051b5b2 100644 +--- a/net/mac80211/mesh_hwmp.c ++++ b/net/mac80211/mesh_hwmp.c +@@ -1131,7 +1131,8 @@ int mesh_nexthop_resolve(struct ieee80211_sub_if_data *sdata, + } + } + +- if (!(mpath->flags & MESH_PATH_RESOLVING)) ++ if (!(mpath->flags & MESH_PATH_RESOLVING) && ++ mesh_path_sel_is_hwmp(sdata)) + mesh_queue_preq(mpath, PREQ_Q_F_START); + + if (skb_queue_len(&mpath->frame_queue) >= MESH_FRAME_QUEUE_LEN) +-- +2.20.1 + diff --git a/queue-4.9/scsi-ipr-fix-softlockup-when-rescanning-devices-in-p.patch b/queue-4.9/scsi-ipr-fix-softlockup-when-rescanning-devices-in-p.patch new file mode 100644 index 00000000000..5de1bef59e7 --- /dev/null +++ b/queue-4.9/scsi-ipr-fix-softlockup-when-rescanning-devices-in-p.patch @@ -0,0 +1,107 @@ +From 0f0a285e09a63232f3b9293cfb5302c3ad3e77ac Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 6 Mar 2020 09:57:28 -0600 +Subject: scsi: ipr: Fix softlockup when rescanning devices in petitboot + +From: Wen Xiong + +[ Upstream commit 394b61711f3ce33f75bf70a3e22938464a13b3ee ] + +When trying to rescan disks in petitboot shell, we hit the following +softlockup stacktrace: + +Kernel panic - not syncing: System is deadlocked on memory +[ 241.223394] CPU: 32 PID: 693 Comm: sh Not tainted 5.4.16-openpower1 #1 +[ 241.223406] Call Trace: +[ 241.223415] [c0000003f07c3180] [c000000000493fc4] dump_stack+0xa4/0xd8 (unreliable) +[ 241.223432] [c0000003f07c31c0] [c00000000007d4ac] panic+0x148/0x3cc +[ 241.223446] [c0000003f07c3260] [c000000000114b10] out_of_memory+0x468/0x4c4 +[ 241.223461] [c0000003f07c3300] [c0000000001472b0] __alloc_pages_slowpath+0x594/0x6d8 +[ 241.223476] [c0000003f07c3420] [c00000000014757c] __alloc_pages_nodemask+0x188/0x1a4 +[ 241.223492] [c0000003f07c34a0] [c000000000153e10] alloc_pages_current+0xcc/0xd8 +[ 241.223508] [c0000003f07c34e0] [c0000000001577ac] alloc_slab_page+0x30/0x98 +[ 241.223524] [c0000003f07c3520] [c0000000001597fc] new_slab+0x138/0x40c +[ 241.223538] [c0000003f07c35f0] [c00000000015b204] ___slab_alloc+0x1e4/0x404 +[ 241.223552] [c0000003f07c36c0] [c00000000015b450] __slab_alloc+0x2c/0x48 +[ 241.223566] [c0000003f07c36f0] [c00000000015b754] kmem_cache_alloc_node+0x9c/0x1b4 +[ 241.223582] [c0000003f07c3760] [c000000000218c48] blk_alloc_queue_node+0x34/0x270 +[ 241.223599] [c0000003f07c37b0] [c000000000226574] blk_mq_init_queue+0x2c/0x78 +[ 241.223615] [c0000003f07c37e0] [c0000000002ff710] scsi_mq_alloc_queue+0x28/0x70 +[ 241.223631] [c0000003f07c3810] [c0000000003005b8] scsi_alloc_sdev+0x184/0x264 +[ 241.223647] [c0000003f07c38a0] [c000000000300ba0] scsi_probe_and_add_lun+0x288/0xa3c +[ 241.223663] [c0000003f07c3a00] [c000000000301768] __scsi_scan_target+0xcc/0x478 +[ 241.223679] [c0000003f07c3b20] [c000000000301c64] scsi_scan_channel.part.9+0x74/0x7c +[ 241.223696] [c0000003f07c3b70] [c000000000301df4] scsi_scan_host_selected+0xe0/0x158 +[ 241.223712] [c0000003f07c3bd0] [c000000000303f04] store_scan+0x104/0x114 +[ 241.223727] [c0000003f07c3cb0] [c0000000002d5ac4] dev_attr_store+0x30/0x4c +[ 241.223741] [c0000003f07c3cd0] [c0000000001dbc34] sysfs_kf_write+0x64/0x78 +[ 241.223756] [c0000003f07c3cf0] [c0000000001da858] kernfs_fop_write+0x170/0x1b8 +[ 241.223773] [c0000003f07c3d40] [c0000000001621fc] __vfs_write+0x34/0x60 +[ 241.223787] [c0000003f07c3d60] [c000000000163c2c] vfs_write+0xa8/0xcc +[ 241.223802] [c0000003f07c3db0] [c000000000163df4] ksys_write+0x70/0xbc +[ 241.223816] [c0000003f07c3e20] [c00000000000b40c] system_call+0x5c/0x68 + +As a part of the scan process Linux will allocate and configure a +scsi_device for each target to be scanned. If the device is not present, +then the scsi_device is torn down. As a part of scsi_device teardown a +workqueue item will be scheduled and the lockups we see are because there +are 250k workqueue items to be processed. Accoding to the specification of +SIS-64 sas controller, max_channel should be decreased on SIS-64 adapters +to 4. + +The patch fixes softlockup issue. + +Thanks for Oliver Halloran's help with debugging and explanation! + +Link: https://lore.kernel.org/r/1583510248-23672-1-git-send-email-wenxiong@linux.vnet.ibm.com +Signed-off-by: Wen Xiong +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/ipr.c | 3 ++- + drivers/scsi/ipr.h | 1 + + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c +index c5bc41d97f84b..7760b9a1e0aea 100644 +--- a/drivers/scsi/ipr.c ++++ b/drivers/scsi/ipr.c +@@ -9818,6 +9818,7 @@ static void ipr_init_ioa_cfg(struct ipr_ioa_cfg *ioa_cfg, + ioa_cfg->max_devs_supported = ipr_max_devs; + + if (ioa_cfg->sis64) { ++ host->max_channel = IPR_MAX_SIS64_BUSES; + host->max_id = IPR_MAX_SIS64_TARGETS_PER_BUS; + host->max_lun = IPR_MAX_SIS64_LUNS_PER_TARGET; + if (ipr_max_devs > IPR_MAX_SIS64_DEVS) +@@ -9826,6 +9827,7 @@ static void ipr_init_ioa_cfg(struct ipr_ioa_cfg *ioa_cfg, + + ((sizeof(struct ipr_config_table_entry64) + * ioa_cfg->max_devs_supported))); + } else { ++ host->max_channel = IPR_VSET_BUS; + host->max_id = IPR_MAX_NUM_TARGETS_PER_BUS; + host->max_lun = IPR_MAX_NUM_LUNS_PER_TARGET; + if (ipr_max_devs > IPR_MAX_PHYSICAL_DEVS) +@@ -9835,7 +9837,6 @@ static void ipr_init_ioa_cfg(struct ipr_ioa_cfg *ioa_cfg, + * ioa_cfg->max_devs_supported))); + } + +- host->max_channel = IPR_VSET_BUS; + host->unique_id = host->host_no; + host->max_cmd_len = IPR_MAX_CDB_LEN; + host->can_queue = ioa_cfg->max_cmds; +diff --git a/drivers/scsi/ipr.h b/drivers/scsi/ipr.h +index 8995053d01b3f..5b2388266c4c3 100644 +--- a/drivers/scsi/ipr.h ++++ b/drivers/scsi/ipr.h +@@ -1306,6 +1306,7 @@ struct ipr_resource_entry { + #define IPR_ARRAY_VIRTUAL_BUS 0x1 + #define IPR_VSET_VIRTUAL_BUS 0x2 + #define IPR_IOAFP_VIRTUAL_BUS 0x3 ++#define IPR_MAX_SIS64_BUSES 0x4 + + #define IPR_GET_RES_PHYS_LOC(res) \ + (((res)->bus << 24) | ((res)->target << 8) | (res)->lun) +-- +2.20.1 + diff --git a/queue-4.9/series b/queue-4.9/series index ebc7b81b5d1..ec9f850d3d4 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -49,3 +49,9 @@ hsr-add-restart-routine-into-hsr_get_node_list.patch hsr-set-.netnsok-flag.patch kvm-vmx-do-not-allow-reexecute_instruction-when-skip.patch net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch +batman-adv-don-t-schedule-ogm-for-disabled-interface.patch +cpupower-avoid-multiple-definition-with-gcc-fno-comm.patch +dt-bindings-net-fman-erratum-a050385.patch +scsi-ipr-fix-softlockup-when-rescanning-devices-in-p.patch +mac80211-do-not-send-mesh-hwmp-preq-if-hwmp-is-disab.patch +sxgbe-fix-off-by-one-in-samsung-driver-strncpy-size-.patch diff --git a/queue-4.9/sxgbe-fix-off-by-one-in-samsung-driver-strncpy-size-.patch b/queue-4.9/sxgbe-fix-off-by-one-in-samsung-driver-strncpy-size-.patch new file mode 100644 index 00000000000..0a3558f7fef --- /dev/null +++ b/queue-4.9/sxgbe-fix-off-by-one-in-samsung-driver-strncpy-size-.patch @@ -0,0 +1,44 @@ +From 95c7cd4bd9680031f5acf504b308bbe88468ebc8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 9 Mar 2020 16:22:50 +0100 +Subject: sxgbe: Fix off by one in samsung driver strncpy size arg + +From: Dominik Czarnota + +[ Upstream commit f3cc008bf6d59b8d93b4190e01d3e557b0040e15 ] + +This patch fixes an off-by-one error in strncpy size argument in +drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c. The issue is that in: + + strncmp(opt, "eee_timer:", 6) + +the passed string literal: "eee_timer:" has 10 bytes (without the NULL +byte) and the passed size argument is 6. As a result, the logic will +also accept other, malformed strings, e.g. "eee_tiXXX:". + +This bug doesn't seem to have any security impact since its present in +module's cmdline parsing code. + +Signed-off-by: Dominik Czarnota +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c b/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c +index ea44a2456ce16..11dd7c8d576d6 100644 +--- a/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c ++++ b/drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c +@@ -2313,7 +2313,7 @@ static int __init sxgbe_cmdline_opt(char *str) + if (!str || !*str) + return -EINVAL; + while ((opt = strsep(&str, ",")) != NULL) { +- if (!strncmp(opt, "eee_timer:", 6)) { ++ if (!strncmp(opt, "eee_timer:", 10)) { + if (kstrtoint(opt + 10, 0, &eee_timer)) + goto err; + } +-- +2.20.1 + -- 2.47.3