From 68b79278ee059d19340e45e534eb76fe1522b7c7 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 14 Jul 2020 14:04:58 +0200 Subject: [PATCH] 5.7-stable patches added patches: revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch --- ...tection-fault-in-ath9k_hif_usb_rx_cb.patch | 184 ++++++++++++++++++ queue-5.7/series | 1 + 2 files changed, 185 insertions(+) create mode 100644 queue-5.7/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch diff --git a/queue-5.7/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch b/queue-5.7/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch new file mode 100644 index 00000000000..24ba8a73ae6 --- /dev/null +++ b/queue-5.7/revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch @@ -0,0 +1,184 @@ +From c7c641c54f41bb0cbaea455b87c70e3adb0f0923 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Tue, 14 Jul 2020 14:03:44 +0200 +Subject: Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb" + +From: Greg Kroah-Hartman + +This reverts commit 6602f080cb28745259e2fab1a4cf55eeb5894f93 which is +commit 2bbcaaee1fcbd83272e29f31e2bb7e70d8c49e05 upstream. + +It is being reverted upstream, just hasn't made it there yet and is +causing lots of problems. + +Reported-by: Hans de Goede +Cc: Qiujun Huang +Cc: Kalle Valo +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/ath/ath9k/hif_usb.c | 48 +++++++------------------------ + drivers/net/wireless/ath/ath9k/hif_usb.h | 5 --- + 2 files changed, 11 insertions(+), 42 deletions(-) + +--- a/drivers/net/wireless/ath/ath9k/hif_usb.c ++++ b/drivers/net/wireless/ath/ath9k/hif_usb.c +@@ -643,9 +643,9 @@ err: + + static void ath9k_hif_usb_rx_cb(struct urb *urb) + { +- struct rx_buf *rx_buf = (struct rx_buf *)urb->context; +- struct hif_device_usb *hif_dev = rx_buf->hif_dev; +- struct sk_buff *skb = rx_buf->skb; ++ struct sk_buff *skb = (struct sk_buff *) urb->context; ++ struct hif_device_usb *hif_dev = ++ usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); + int ret; + + if (!skb) +@@ -685,15 +685,14 @@ resubmit: + return; + free: + kfree_skb(skb); +- kfree(rx_buf); + } + + static void ath9k_hif_usb_reg_in_cb(struct urb *urb) + { +- struct rx_buf *rx_buf = (struct rx_buf *)urb->context; +- struct hif_device_usb *hif_dev = rx_buf->hif_dev; +- struct sk_buff *skb = rx_buf->skb; ++ struct sk_buff *skb = (struct sk_buff *) urb->context; + struct sk_buff *nskb; ++ struct hif_device_usb *hif_dev = ++ usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); + int ret; + + if (!skb) +@@ -751,7 +750,6 @@ resubmit: + return; + free: + kfree_skb(skb); +- kfree(rx_buf); + urb->context = NULL; + } + +@@ -797,7 +795,7 @@ static int ath9k_hif_usb_alloc_tx_urbs(s + init_usb_anchor(&hif_dev->mgmt_submitted); + + for (i = 0; i < MAX_TX_URB_NUM; i++) { +- tx_buf = kzalloc(sizeof(*tx_buf), GFP_KERNEL); ++ tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL); + if (!tx_buf) + goto err; + +@@ -834,9 +832,8 @@ static void ath9k_hif_usb_dealloc_rx_urb + + static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev) + { +- struct rx_buf *rx_buf = NULL; +- struct sk_buff *skb = NULL; + struct urb *urb = NULL; ++ struct sk_buff *skb = NULL; + int i, ret; + + init_usb_anchor(&hif_dev->rx_submitted); +@@ -844,12 +841,6 @@ static int ath9k_hif_usb_alloc_rx_urbs(s + + for (i = 0; i < MAX_RX_URB_NUM; i++) { + +- rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL); +- if (!rx_buf) { +- ret = -ENOMEM; +- goto err_rxb; +- } +- + /* Allocate URB */ + urb = usb_alloc_urb(0, GFP_KERNEL); + if (urb == NULL) { +@@ -864,14 +855,11 @@ static int ath9k_hif_usb_alloc_rx_urbs(s + goto err_skb; + } + +- rx_buf->hif_dev = hif_dev; +- rx_buf->skb = skb; +- + usb_fill_bulk_urb(urb, hif_dev->udev, + usb_rcvbulkpipe(hif_dev->udev, + USB_WLAN_RX_PIPE), + skb->data, MAX_RX_BUF_SIZE, +- ath9k_hif_usb_rx_cb, rx_buf); ++ ath9k_hif_usb_rx_cb, skb); + + /* Anchor URB */ + usb_anchor_urb(urb, &hif_dev->rx_submitted); +@@ -897,8 +885,6 @@ err_submit: + err_skb: + usb_free_urb(urb); + err_urb: +- kfree(rx_buf); +-err_rxb: + ath9k_hif_usb_dealloc_rx_urbs(hif_dev); + return ret; + } +@@ -910,21 +896,14 @@ static void ath9k_hif_usb_dealloc_reg_in + + static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev) + { +- struct rx_buf *rx_buf = NULL; +- struct sk_buff *skb = NULL; + struct urb *urb = NULL; ++ struct sk_buff *skb = NULL; + int i, ret; + + init_usb_anchor(&hif_dev->reg_in_submitted); + + for (i = 0; i < MAX_REG_IN_URB_NUM; i++) { + +- rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL); +- if (!rx_buf) { +- ret = -ENOMEM; +- goto err_rxb; +- } +- + /* Allocate URB */ + urb = usb_alloc_urb(0, GFP_KERNEL); + if (urb == NULL) { +@@ -939,14 +918,11 @@ static int ath9k_hif_usb_alloc_reg_in_ur + goto err_skb; + } + +- rx_buf->hif_dev = hif_dev; +- rx_buf->skb = skb; +- + usb_fill_int_urb(urb, hif_dev->udev, + usb_rcvintpipe(hif_dev->udev, + USB_REG_IN_PIPE), + skb->data, MAX_REG_IN_BUF_SIZE, +- ath9k_hif_usb_reg_in_cb, rx_buf, 1); ++ ath9k_hif_usb_reg_in_cb, skb, 1); + + /* Anchor URB */ + usb_anchor_urb(urb, &hif_dev->reg_in_submitted); +@@ -972,8 +948,6 @@ err_submit: + err_skb: + usb_free_urb(urb); + err_urb: +- kfree(rx_buf); +-err_rxb: + ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev); + return ret; + } +--- a/drivers/net/wireless/ath/ath9k/hif_usb.h ++++ b/drivers/net/wireless/ath/ath9k/hif_usb.h +@@ -86,11 +86,6 @@ struct tx_buf { + struct list_head list; + }; + +-struct rx_buf { +- struct sk_buff *skb; +- struct hif_device_usb *hif_dev; +-}; +- + #define HIF_USB_TX_STOP BIT(0) + #define HIF_USB_TX_FLUSH BIT(1) + diff --git a/queue-5.7/series b/queue-5.7/series index 400557fd7a8..9a9f45dcaff 100644 --- a/queue-5.7/series +++ b/queue-5.7/series @@ -130,3 +130,4 @@ module-refactor-section-attr-into-bin-attribute.patch module-do-not-expose-section-addresses-to-non-cap_syslog.patch kprobes-do-not-expose-probe-addresses-to-non-cap_syslog.patch bpf-check-correct-cred-for-cap_syslog-in-bpf_dump_raw_ok.patch +revert-ath9k-fix-general-protection-fault-in-ath9k_hif_usb_rx_cb.patch -- 2.47.3