From 5e001c36e8c7b60f74b40e2b449388cd68f4fff5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 14 Jul 2020 14:06:58 +0200 Subject: [PATCH] 4.4-stable patches added patches: revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch --- ...tection-fault-in-ath9k_hif_usb_rx_cb.patch | 184 ++++++++++++++++++ queue-4.4/series | 1 + 2 files changed, 185 insertions(+) create mode 100644 queue-4.4/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch diff --git a/queue-4.4/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch b/queue-4.4/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch new file mode 100644 index 00000000000..a85a044fb55 --- /dev/null +++ b/queue-4.4/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch @@ -0,0 +1,184 @@ +From c7c641c54f41bb0cbaea455b87c70e3adb0f0923 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Tue, 14 Jul 2020 14:03:44 +0200 +Subject: Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb" + +From: Greg Kroah-Hartman + +This reverts commit 90ecba9f1041f436ed2b35ba7a970c7cc5d0df23 which is +commit 2bbcaaee1fcbd83272e29f31e2bb7e70d8c49e05 upstream. + +It is being reverted upstream, just hasn't made it there yet and is +causing lots of problems. + +Reported-by: Hans de Goede +Cc: Qiujun Huang +Cc: Kalle Valo +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/ath/ath9k/hif_usb.c | 48 +++++++------------------------ + drivers/net/wireless/ath/ath9k/hif_usb.h | 5 --- + 2 files changed, 11 insertions(+), 42 deletions(-) + +--- a/drivers/net/wireless/ath/ath9k/hif_usb.c ++++ b/drivers/net/wireless/ath/ath9k/hif_usb.c +@@ -639,9 +639,9 @@ err: + + static void ath9k_hif_usb_rx_cb(struct urb *urb) + { +- struct rx_buf *rx_buf = (struct rx_buf *)urb->context; +- struct hif_device_usb *hif_dev = rx_buf->hif_dev; +- struct sk_buff *skb = rx_buf->skb; ++ struct sk_buff *skb = (struct sk_buff *) urb->context; ++ struct hif_device_usb *hif_dev = ++ usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); + int ret; + + if (!skb) +@@ -681,15 +681,14 @@ resubmit: + return; + free: + kfree_skb(skb); +- kfree(rx_buf); + } + + static void ath9k_hif_usb_reg_in_cb(struct urb *urb) + { +- struct rx_buf *rx_buf = (struct rx_buf *)urb->context; +- struct hif_device_usb *hif_dev = rx_buf->hif_dev; +- struct sk_buff *skb = rx_buf->skb; ++ struct sk_buff *skb = (struct sk_buff *) urb->context; + struct sk_buff *nskb; ++ struct hif_device_usb *hif_dev = ++ usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); + int ret; + + if (!skb) +@@ -747,7 +746,6 @@ resubmit: + return; + free: + kfree_skb(skb); +- kfree(rx_buf); + urb->context = NULL; + } + +@@ -793,7 +791,7 @@ static int ath9k_hif_usb_alloc_tx_urbs(s + init_usb_anchor(&hif_dev->mgmt_submitted); + + for (i = 0; i < MAX_TX_URB_NUM; i++) { +- tx_buf = kzalloc(sizeof(*tx_buf), GFP_KERNEL); ++ tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL); + if (!tx_buf) + goto err; + +@@ -830,9 +828,8 @@ static void ath9k_hif_usb_dealloc_rx_urb + + static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev) + { +- struct rx_buf *rx_buf = NULL; +- struct sk_buff *skb = NULL; + struct urb *urb = NULL; ++ struct sk_buff *skb = NULL; + int i, ret; + + init_usb_anchor(&hif_dev->rx_submitted); +@@ -840,12 +837,6 @@ static int ath9k_hif_usb_alloc_rx_urbs(s + + for (i = 0; i < MAX_RX_URB_NUM; i++) { + +- rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL); +- if (!rx_buf) { +- ret = -ENOMEM; +- goto err_rxb; +- } +- + /* Allocate URB */ + urb = usb_alloc_urb(0, GFP_KERNEL); + if (urb == NULL) { +@@ -860,14 +851,11 @@ static int ath9k_hif_usb_alloc_rx_urbs(s + goto err_skb; + } + +- rx_buf->hif_dev = hif_dev; +- rx_buf->skb = skb; +- + usb_fill_bulk_urb(urb, hif_dev->udev, + usb_rcvbulkpipe(hif_dev->udev, + USB_WLAN_RX_PIPE), + skb->data, MAX_RX_BUF_SIZE, +- ath9k_hif_usb_rx_cb, rx_buf); ++ ath9k_hif_usb_rx_cb, skb); + + /* Anchor URB */ + usb_anchor_urb(urb, &hif_dev->rx_submitted); +@@ -893,8 +881,6 @@ err_submit: + err_skb: + usb_free_urb(urb); + err_urb: +- kfree(rx_buf); +-err_rxb: + ath9k_hif_usb_dealloc_rx_urbs(hif_dev); + return ret; + } +@@ -906,21 +892,14 @@ static void ath9k_hif_usb_dealloc_reg_in + + static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev) + { +- struct rx_buf *rx_buf = NULL; +- struct sk_buff *skb = NULL; + struct urb *urb = NULL; ++ struct sk_buff *skb = NULL; + int i, ret; + + init_usb_anchor(&hif_dev->reg_in_submitted); + + for (i = 0; i < MAX_REG_IN_URB_NUM; i++) { + +- rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL); +- if (!rx_buf) { +- ret = -ENOMEM; +- goto err_rxb; +- } +- + /* Allocate URB */ + urb = usb_alloc_urb(0, GFP_KERNEL); + if (urb == NULL) { +@@ -935,14 +914,11 @@ static int ath9k_hif_usb_alloc_reg_in_ur + goto err_skb; + } + +- rx_buf->hif_dev = hif_dev; +- rx_buf->skb = skb; +- + usb_fill_int_urb(urb, hif_dev->udev, + usb_rcvintpipe(hif_dev->udev, + USB_REG_IN_PIPE), + skb->data, MAX_REG_IN_BUF_SIZE, +- ath9k_hif_usb_reg_in_cb, rx_buf, 1); ++ ath9k_hif_usb_reg_in_cb, skb, 1); + + /* Anchor URB */ + usb_anchor_urb(urb, &hif_dev->reg_in_submitted); +@@ -968,8 +944,6 @@ err_submit: + err_skb: + usb_free_urb(urb); + err_urb: +- kfree(rx_buf); +-err_rxb: + ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev); + return ret; + } +--- a/drivers/net/wireless/ath/ath9k/hif_usb.h ++++ b/drivers/net/wireless/ath/ath9k/hif_usb.h +@@ -84,11 +84,6 @@ struct tx_buf { + struct list_head list; + }; + +-struct rx_buf { +- struct sk_buff *skb; +- struct hif_device_usb *hif_dev; +-}; +- + #define HIF_USB_TX_STOP BIT(0) + #define HIF_USB_TX_FLUSH BIT(1) + diff --git a/queue-4.4/series b/queue-4.4/series index dc8021414d4..b6b1d38a4fb 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -11,3 +11,4 @@ alsa-opl3-fix-infoleak-in-opl3.patch alsa-hda-let-hs_mic-be-picked-ahead-of-hp_mic.patch alsa-usb-audio-add-quirk-for-macrosilicon-ms2109.patch kvm-x86-bit-8-of-non-leaf-pdpes-is-not-reserved.patch +revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch -- 2.47.3