From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24E5EC4332F for ; Thu, 13 Oct 2022 17:52:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229582AbiJMRwo (ORCPT ); Thu, 13 Oct 2022 13:52:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229554AbiJMRwk (ORCPT ); Thu, 13 Oct 2022 13:52:40 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7803A42D4E; Thu, 13 Oct 2022 10:52:39 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id F0CA5618F6; Thu, 13 Oct 2022 17:52:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 06DD8C433D6; Thu, 13 Oct 2022 17:52:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683558; bh=DLTKqalRL/yJy9k0mwrpTytTh7nTjfk/dDsHA3Kqd40=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GnFw1An3LeANfoVfG+Nzm9BjQOHY4/p0hZ/lM5z6DeGZieeIHIlVaXwgKPkeA1ely SArKtAsDNifOOqGBfUr1VDZDQHwRHrN5y0hKuNHK4N7Bc6fOcmAsqPAwCp6euwAGNT nnym1UKfui2UEnBkfkrGtaHWveFrPlXRwZlBnUp4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jann Horn , Steven Price , Vlastimil Babka , =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= , Konstantin Khlebnikov , Andrew Morton , Linus Torvalds Subject: [PATCH 5.4 01/38] mm: pagewalk: Fix race between unmap and page walker Date: Thu, 13 Oct 2022 19:52:02 +0200 Message-Id: <20221013175144.300652012@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Steven Price commit 8782fb61cc848364e1e1599d76d3c9dd58a1cc06 upstream. The mmap lock protects the page walker from changes to the page tables during the walk. However a read lock is insufficient to protect those areas which don't have a VMA as munmap() detaches the VMAs before downgrading to a read lock and actually tearing down PTEs/page tables. For users of walk_page_range() the solution is to simply call pte_hole() immediately without checking the actual page tables when a VMA is not present. We now never call __walk_page_range() without a valid vma. For walk_page_range_novma() the locking requirements are tightened to require the mmap write lock to be taken, and then walking the pgd directly with 'no_vma' set. This in turn means that all page walkers either have a valid vma, or it's that special 'novma' case for page table debugging. As a result, all the odd '(!walk->vma && !walk->no_vma)' tests can be removed. Fixes: dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap") Reported-by: Jann Horn Signed-off-by: Steven Price Cc: Vlastimil Babka Cc: Thomas Hellstr=C3=B6m Cc: Konstantin Khlebnikov Cc: Andrew Morton Signed-off-by: Linus Torvalds [manually backported. backport note: walk_page_range_novma() does not exist= in 5.4, so I'm omitting it from the backport] Signed-off-by: Jann Horn Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- mm/pagewalk.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/mm/pagewalk.c +++ b/mm/pagewalk.c @@ -38,7 +38,7 @@ static int walk_pmd_range(pud_t *pud, un do { again: next =3D pmd_addr_end(addr, end); - if (pmd_none(*pmd) || !walk->vma) { + if (pmd_none(*pmd)) { if (ops->pte_hole) err =3D ops->pte_hole(addr, next, walk); if (err) @@ -84,7 +84,7 @@ static int walk_pud_range(p4d_t *p4d, un do { again: next =3D pud_addr_end(addr, end); - if (pud_none(*pud) || !walk->vma) { + if (pud_none(*pud)) { if (ops->pte_hole) err =3D ops->pte_hole(addr, next, walk); if (err) @@ -254,7 +254,7 @@ static int __walk_page_range(unsigned lo int err =3D 0; struct vm_area_struct *vma =3D walk->vma; =20 - if (vma && is_vm_hugetlb_page(vma)) { + if (is_vm_hugetlb_page(vma)) { if (walk->ops->hugetlb_entry) err =3D walk_hugetlb_range(start, end, walk); } else @@ -324,9 +324,13 @@ int walk_page_range(struct mm_struct *mm if (!vma) { /* after the last vma */ walk.vma =3D NULL; next =3D end; + if (ops->pte_hole) + err =3D ops->pte_hole(start, next, &walk); } else if (start < vma->vm_start) { /* outside vma */ walk.vma =3D NULL; next =3D min(end, vma->vm_start); + if (ops->pte_hole) + err =3D ops->pte_hole(start, next, &walk); } else { /* inside vma */ walk.vma =3D vma; next =3D min(end, vma->vm_end); @@ -344,9 +348,8 @@ int walk_page_range(struct mm_struct *mm } if (err < 0) break; - } - if (walk.vma || walk.ops->pte_hole) err =3D __walk_page_range(start, next, &walk); + } if (err) break; } while (start =3D next, start < end); From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B58ABC4332F for ; Thu, 13 Oct 2022 17:53:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229867AbiJMRxR (ORCPT ); Thu, 13 Oct 2022 13:53:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229729AbiJMRxI (ORCPT ); Thu, 13 Oct 2022 13:53:08 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2E0A15201B; Thu, 13 Oct 2022 10:52:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E897D618F8; Thu, 13 Oct 2022 17:52:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 06A0CC43140; Thu, 13 Oct 2022 17:52:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683576; bh=CRJNGRjkpflGVzVE5K8nb5uIXUCKPhy0qiAB2mRSc9Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=z+KRK9UnpqAMcKLZT59J7Yut8A510cScklAwUOwtCtPae/qs2g0OO2Veta974A4Wd OkS6Do6vP9xipw+tj30ZdLNZNZxMpUeA2dIquqV/irmNcFytf2wvSCsyLoKytXe+AH P3uALPycOIPHtW856Z+4T7mvWc9Cgpu987soXNsk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Alexey Dobriyan (SK hynix)" , Namhyung Kim , Arnaldo Carvalho de Melo , Florian Fainelli Subject: [PATCH 5.4 02/38] perf tools: Fixup get_current_dir_name() compilation Date: Thu, 13 Oct 2022 19:52:03 +0200 Message-Id: <20221013175144.341273264@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Alexey Dobriyan commit 128dbd78bd673f9edbc4413072b23efb6657feb0 upstream. strdup() prototype doesn't live in stdlib.h . Add limits.h for PATH_MAX definition as well. This fixes the build on Android. Signed-off-by: Alexey Dobriyan (SK hynix) Acked-by: Namhyung Kim Link: http://lore.kernel.org/lkml/YRukaQbrgDWhiwGr@localhost.localdomain Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Florian Fainelli Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- tools/perf/util/get_current_dir_name.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/tools/perf/util/get_current_dir_name.c +++ b/tools/perf/util/get_current_dir_name.c @@ -3,8 +3,9 @@ // #ifndef HAVE_GET_CURRENT_DIR_NAME #include "get_current_dir_name.h" +#include +#include #include -#include =20 /* Android's 'bionic' library, for one, doesn't have this */ From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0917C433FE for ; Thu, 13 Oct 2022 17:53:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229890AbiJMRxT (ORCPT ); Thu, 13 Oct 2022 13:53:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229676AbiJMRxI (ORCPT ); Thu, 13 Oct 2022 13:53:08 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6874315200F; Thu, 13 Oct 2022 10:53:01 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B269D618F9; Thu, 13 Oct 2022 17:52:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C48ACC43146; Thu, 13 Oct 2022 17:52:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683579; bh=LnlDADaOWtZSl9lwJTC4GMmlL/gmh302YmAW5WNpG48=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2bMnOxvVONjvGhnleM49h+KHvQzkqE2lAfTlvxsdp0bAyPMFwIN8f9hViqnUcdRLl 2XcBye3pjc2Q7cHJnkSz5pwvE+q4lOhQfOKZkXKEatc8HqI0DC2pBgVkFmv4qX2XS9 eM3w7yYSCqxxQo9XMn5GGZN5Awz0flGPGjRDB5jE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, butt3rflyh4ck , Hao Sun , Jiacheng Xu , "Christian Brauner (Microsoft)" , Dongliang Mu , Al Viro Subject: [PATCH 5.4 03/38] fs: fix UAF/GPF bug in nilfs_mdt_destroy Date: Thu, 13 Oct 2022 19:52:04 +0200 Message-Id: <20221013175144.381807116@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dongliang Mu commit 2e488f13755ffbb60f307e991b27024716a33b29 upstream. In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes) Link:=C2=A0https://lkml.kernel.org/r/CAFcO6XOcf1Jj2SeGt=3DjJV59wmhESeSKpfR0= omdFRq+J9nD1vfQ@mail.gmail.com Reported-by: butt3rflyh4ck Reported-by: Hao Sun Reported-by: Jiacheng Xu Reviewed-by: Christian Brauner (Microsoft) Signed-off-by: Dongliang Mu Cc: Al Viro Cc: stable@vger.kernel.org Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- fs/inode.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/fs/inode.c +++ b/fs/inode.c @@ -167,8 +167,6 @@ int inode_init_always(struct super_block inode->i_wb_frn_history =3D 0; #endif =20 - if (security_inode_alloc(inode)) - goto out; spin_lock_init(&inode->i_lock); lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key); =20 @@ -199,11 +197,12 @@ int inode_init_always(struct super_block inode->i_fsnotify_mask =3D 0; #endif inode->i_flctx =3D NULL; + + if (unlikely(security_inode_alloc(inode))) + return -ENOMEM; this_cpu_inc(nr_inodes); =20 return 0; -out: - return -ENOMEM; } EXPORT_SYMBOL(inode_init_always); =20 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5939DC433FE for ; Thu, 13 Oct 2022 17:53:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229932AbiJMRx3 (ORCPT ); Thu, 13 Oct 2022 13:53:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229769AbiJMRxL (ORCPT ); Thu, 13 Oct 2022 13:53:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 496AF14FD3B; Thu, 13 Oct 2022 10:53:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8421D618F6; Thu, 13 Oct 2022 17:53:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85F00C433C1; Thu, 13 Oct 2022 17:53:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683582; bh=clqMLo8si0W5e46evh3BggiIvOUCFs2EZmoLr7MDpF8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WdgiSEhRho5NR0DsG3DiEM8xrKU1YVXuOi4nEtislT13xWw/oIgHm2pL0uFececbw b36p1q83QiKedFUi0w4dXE6fdB12i4UlzfAfMHSko2SdPV7+KYs1zecbrhz3o6l/ye 4dj8iXizDP/J2U6ltn+6kHLdVOC68xjxyFpjgBvg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Cristian Marussi , Sudeep Holla , Sasha Levin Subject: [PATCH 5.4 04/38] firmware: arm_scmi: Add SCMI PM driver remove routine Date: Thu, 13 Oct 2022 19:52:05 +0200 Message-Id: <20221013175144.417813093@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Cristian Marussi [ Upstream commit dea796fcab0a219830831c070b8dc367d7e0f708 ] Currently, when removing the SCMI PM driver not all the resources registered with genpd subsystem are properly de-registered. As a side effect of this after a driver unload/load cycle you get a splat with a few warnings like this: | debugfs: Directory 'BIG_CPU0' with parent 'pm_genpd' already present! | debugfs: Directory 'BIG_CPU1' with parent 'pm_genpd' already present! | debugfs: Directory 'LITTLE_CPU0' with parent 'pm_genpd' already present! | debugfs: Directory 'LITTLE_CPU1' with parent 'pm_genpd' already present! | debugfs: Directory 'LITTLE_CPU2' with parent 'pm_genpd' already present! | debugfs: Directory 'LITTLE_CPU3' with parent 'pm_genpd' already present! | debugfs: Directory 'BIG_SSTOP' with parent 'pm_genpd' already present! | debugfs: Directory 'LITTLE_SSTOP' with parent 'pm_genpd' already present! | debugfs: Directory 'DBGSYS' with parent 'pm_genpd' already present! | debugfs: Directory 'GPUTOP' with parent 'pm_genpd' already present! Add a proper scmi_pm_domain_remove callback to the driver in order to take care of all the needed cleanups not handled by devres framework. Link: https://lore.kernel.org/r/20220817172731.1185305-7-cristian.marussi@a= rm.com Signed-off-by: Cristian Marussi Signed-off-by: Sudeep Holla Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/firmware/arm_scmi/scmi_pm_domain.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/firmware/arm_scmi/scmi_pm_domain.c b/drivers/firmware/= arm_scmi/scmi_pm_domain.c index 177874adccf0..b0c8962b9885 100644 --- a/drivers/firmware/arm_scmi/scmi_pm_domain.c +++ b/drivers/firmware/arm_scmi/scmi_pm_domain.c @@ -106,9 +106,28 @@ static int scmi_pm_domain_probe(struct scmi_device *sd= ev) scmi_pd_data->domains =3D domains; scmi_pd_data->num_domains =3D num_domains; =20 + dev_set_drvdata(dev, scmi_pd_data); + return of_genpd_add_provider_onecell(np, scmi_pd_data); } =20 +static void scmi_pm_domain_remove(struct scmi_device *sdev) +{ + int i; + struct genpd_onecell_data *scmi_pd_data; + struct device *dev =3D &sdev->dev; + struct device_node *np =3D dev->of_node; + + of_genpd_del_provider(np); + + scmi_pd_data =3D dev_get_drvdata(dev); + for (i =3D 0; i < scmi_pd_data->num_domains; i++) { + if (!scmi_pd_data->domains[i]) + continue; + pm_genpd_remove(scmi_pd_data->domains[i]); + } +} + static const struct scmi_device_id scmi_id_table[] =3D { { SCMI_PROTOCOL_POWER }, { }, @@ -118,6 +137,7 @@ MODULE_DEVICE_TABLE(scmi, scmi_id_table); static struct scmi_driver scmi_power_domain_driver =3D { .name =3D "scmi-power-domain", .probe =3D scmi_pm_domain_probe, + .remove =3D scmi_pm_domain_remove, .id_table =3D scmi_id_table, }; module_scmi_driver(scmi_power_domain_driver); --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9C3AC4332F for ; Thu, 13 Oct 2022 17:53:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229812AbiJMRxq (ORCPT ); Thu, 13 Oct 2022 13:53:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229598AbiJMRxQ (ORCPT ); Thu, 13 Oct 2022 13:53:16 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C0B414FD2D; Thu, 13 Oct 2022 10:53:07 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 633DFB82022; Thu, 13 Oct 2022 17:53:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C3C99C433D6; Thu, 13 Oct 2022 17:53:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683585; bh=C51fN9Flo2zCAj2jCaWdZGHnkUxwUijWwOrzoNiedtg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LKXRfTevz1UKvjta1+q/nqUNjojqBvEJbUJs9P6vWB6wBkawajnd03X3ksk7DTpM0 5OLdiU+fr9S4RsXTMjApYIejjramzMn1v6yr43phbQPjrF4r4g4Am0L5cv94GQS4wn WtzxI9iMh/kQ9l5ZSbAT9QRIDiC3gPQxxPNjhon0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Swati Agarwal , Vinod Koul , Sasha Levin Subject: [PATCH 5.4 05/38] dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property Date: Thu, 13 Oct 2022 19:52:06 +0200 Message-Id: <20221013175144.449468561@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Swati Agarwal [ Upstream commit 462bce790e6a7e68620a4ce260cc38f7ed0255d5 ] Free the allocated resources for missing xlnx,num-fstores property. Signed-off-by: Swati Agarwal Link: https://lore.kernel.org/r/20220817061125.4720-3-swati.agarwal@xilinx.= com Signed-off-by: Vinod Koul Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/dma/xilinx/xilinx_dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma/xilinx/xilinx_dma.c b/drivers/dma/xilinx/xilinx_dm= a.c index 7729b8d22553..792776c86ee8 100644 --- a/drivers/dma/xilinx/xilinx_dma.c +++ b/drivers/dma/xilinx/xilinx_dma.c @@ -2683,7 +2683,7 @@ static int xilinx_dma_probe(struct platform_device *p= dev) if (err < 0) { dev_err(xdev->dev, "missing xlnx,num-fstores property\n"); - return err; + goto disable_clks; } =20 err =3D of_property_read_u32(node, "xlnx,flush-fsync", --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0384FC4332F for ; Thu, 13 Oct 2022 17:53:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229775AbiJMRxz (ORCPT ); Thu, 13 Oct 2022 13:53:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229826AbiJMRx0 (ORCPT ); Thu, 13 Oct 2022 13:53:26 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2009915201B; Thu, 13 Oct 2022 10:53:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id B7597CE22CB; Thu, 13 Oct 2022 17:53:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A8A81C433C1; Thu, 13 Oct 2022 17:53:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683588; bh=gtlsmRQIxOF1aD70zk6aG8lbdASWebPDvTW22e+qgeY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0rX8uIQAomkhDJWF59utteLTetuUjGlWPL5pRhiuLu9ef9R2cy3fpCKkGQSxY1TZe xxFPEO9HlsPTzmWHi8ipYo+9zV9hGyZKi3d+gytOPSf1GjmE29mpa6Yvx0Czkj9X5s B06ykDuvzqFpusSKK5y4qTCpA0Ih7a4DBcvBG04s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Swati Agarwal , Radhey Shyam Pandey , Vinod Koul , Sasha Levin Subject: [PATCH 5.4 06/38] dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure Date: Thu, 13 Oct 2022 19:52:07 +0200 Message-Id: <20221013175144.477698452@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Swati Agarwal [ Upstream commit 8f2b6bc79c32f0fa60df000ae387a790ec80eae9 ] The driver does not handle the failure case while calling dma_set_mask_and_coherent API. In case of failure, capture the return value of API and then report an error. Addresses-coverity: Unchecked return value (CHECKED_RETURN) Signed-off-by: Swati Agarwal Reviewed-by: Radhey Shyam Pandey Link: https://lore.kernel.org/r/20220817061125.4720-4-swati.agarwal@xilinx.= com Signed-off-by: Vinod Koul Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/dma/xilinx/xilinx_dma.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/dma/xilinx/xilinx_dma.c b/drivers/dma/xilinx/xilinx_dm= a.c index 792776c86ee8..3bb711e735ab 100644 --- a/drivers/dma/xilinx/xilinx_dma.c +++ b/drivers/dma/xilinx/xilinx_dma.c @@ -2703,7 +2703,11 @@ static int xilinx_dma_probe(struct platform_device *= pdev) xdev->ext_addr =3D false; =20 /* Set the dma mask bits */ - dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); + err =3D dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); + if (err < 0) { + dev_err(xdev->dev, "DMA mask error %d\n", err); + goto disable_clks; + } =20 /* Initialize the DMA engine */ xdev->common.dev =3D &pdev->dev; --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABDEDC43219 for ; Thu, 13 Oct 2022 17:53:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229822AbiJMRxw (ORCPT ); Thu, 13 Oct 2022 13:53:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229771AbiJMRx0 (ORCPT ); Thu, 13 Oct 2022 13:53:26 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0FC93153825; Thu, 13 Oct 2022 10:53:16 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 92EE8CE22CC; Thu, 13 Oct 2022 17:53:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C8ADC433D6; Thu, 13 Oct 2022 17:53:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683590; bh=snTKj5uUCniAAmOx2ttL6/s1ceXhHSHr5CwfTfYUtug=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=L0FVw1lcVGPIk+5+iS3BxY775VLrAk0ai9H0lZIiSolLbvsyp+Q0+qIzMSSEGZPYi 8s/IYjarSTc+LhEi3Mxq8N8JHACO58HpCjS7YNu+w+Gf732rFOAB/bbyU1c5ubRCKo 6DJeHtZTd2Uhem8pn6kIAo1wqWPujeQrbqruVQCs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Arnd Bergmann , Sergei Antonov , Jonas Jensen , Sasha Levin Subject: [PATCH 5.4 07/38] ARM: dts: fix Moxa SDIO compatible, remove sdhci misnomer Date: Thu, 13 Oct 2022 19:52:08 +0200 Message-Id: <20221013175144.510668350@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sergei Antonov [ Upstream commit 02181e68275d28cab3c3f755852770367f1bc229 ] Driver moxart-mmc.c has .compatible =3D "moxa,moxart-mmc". But moxart .dts/.dtsi and the documentation file moxa,moxart-dma.txt contain compatible =3D "moxa,moxart-sdhci". Change moxart .dts/.dtsi files and moxa,moxart-dma.txt to match the driver. Replace 'sdhci' with 'mmc' in names too, since SDHCI is a different controller from FTSDC010. Suggested-by: Arnd Bergmann Signed-off-by: Sergei Antonov Cc: Jonas Jensen Link: https://lore.kernel.org/r/20220907175341.1477383-1-saproj@gmail.com' Signed-off-by: Arnd Bergmann Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt | 4 ++-- arch/arm/boot/dts/moxart-uc7112lx.dts | 2 +- arch/arm/boot/dts/moxart.dtsi | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt b/Do= cumentation/devicetree/bindings/dma/moxa,moxart-dma.txt index 8a9f3559335b..7e14e26676ec 100644 --- a/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt +++ b/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt @@ -34,8 +34,8 @@ Example: Use specific request line passing from dma For example, MMC request line is 5 =20 - sdhci: sdhci@98e00000 { - compatible =3D "moxa,moxart-sdhci"; + mmc: mmc@98e00000 { + compatible =3D "moxa,moxart-mmc"; reg =3D <0x98e00000 0x5C>; interrupts =3D <5 0>; clocks =3D <&clk_apb>; diff --git a/arch/arm/boot/dts/moxart-uc7112lx.dts b/arch/arm/boot/dts/moxa= rt-uc7112lx.dts index eb5291b0ee3a..e07b807b4cec 100644 --- a/arch/arm/boot/dts/moxart-uc7112lx.dts +++ b/arch/arm/boot/dts/moxart-uc7112lx.dts @@ -79,7 +79,7 @@ &clk_pll { clocks =3D <&ref12>; }; =20 -&sdhci { +&mmc { status =3D "okay"; }; =20 diff --git a/arch/arm/boot/dts/moxart.dtsi b/arch/arm/boot/dts/moxart.dtsi index f5f070a87482..764832ddfa78 100644 --- a/arch/arm/boot/dts/moxart.dtsi +++ b/arch/arm/boot/dts/moxart.dtsi @@ -93,8 +93,8 @@ watchdog: watchdog@98500000 { clock-names =3D "PCLK"; }; =20 - sdhci: sdhci@98e00000 { - compatible =3D "moxa,moxart-sdhci"; + mmc: mmc@98e00000 { + compatible =3D "moxa,moxart-mmc"; reg =3D <0x98e00000 0x5C>; interrupts =3D <5 IRQ_TYPE_LEVEL_HIGH>; clocks =3D <&clk_apb>; --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D4B7C4332F for ; Thu, 13 Oct 2022 17:54:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229982AbiJMRy2 (ORCPT ); Thu, 13 Oct 2022 13:54:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229906AbiJMRxw (ORCPT ); Thu, 13 Oct 2022 13:53:52 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6456A153827; Thu, 13 Oct 2022 10:53:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id BC366B82023; Thu, 13 Oct 2022 17:53:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 31F70C433D7; Thu, 13 Oct 2022 17:53:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683593; bh=3z4xjd6rC4Y+qNEmVpMFVeGkTQLZ9ph+XAsHLmwze58=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O6ijnK+NrENLazrotZ+H0ptxrsmSL9K6CxpXLXvCcp4FvT7ap3tvWqKJ8C3vR3/83 scI4Z9pbmYRU+TTzctnkZM55U9H2LSBeJTXsyhpE3Ks2cuf9krwrTCS3NtbrH5JQzL JvNmMq27txi+u1qXuqJ4JLvjap9QApHIFJx48sgw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zheyu Ma , Saurav Kashyap , Wende Tan , Letu Ren , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 5.4 08/38] scsi: qedf: Fix a UAF bug in __qedf_probe() Date: Thu, 13 Oct 2022 19:52:09 +0200 Message-Id: <20221013175144.546603830@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Letu Ren [ Upstream commit fbfe96869b782364caebae0445763969ddb6ea67 ] In __qedf_probe(), if qedf->cdev is NULL which means qed_ops->common->probe() failed, then the program will goto label err1, and scsi_host_put() will free lport->host pointer. Because the memory qedf points to is allocated by libfc_host_alloc(), it will be freed by scsi_host_put(). However, the if statement below label err0 only checks whether qedf is NULL but doesn't check whether the memory has been freed. So a UAF bug can occur. There are two ways to reach the statements below err0. The first one is described as before, "qedf" should be set to NULL. The second one is goto "err0" directly. In the latter scenario qedf hasn't been changed and it has the initial value NULL. As a result the if statement is not reachable in any situation. The KASAN logs are as follows: [ 2.312969] BUG: KASAN: use-after-free in __qedf_probe+0x5dcf/0x6bc0 [ 2.312969] [ 2.312969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel= -1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 2.312969] Call Trace: [ 2.312969] dump_stack_lvl+0x59/0x7b [ 2.312969] print_address_description+0x7c/0x3b0 [ 2.312969] ? __qedf_probe+0x5dcf/0x6bc0 [ 2.312969] __kasan_report+0x160/0x1c0 [ 2.312969] ? __qedf_probe+0x5dcf/0x6bc0 [ 2.312969] kasan_report+0x4b/0x70 [ 2.312969] ? kobject_put+0x25d/0x290 [ 2.312969] kasan_check_range+0x2ca/0x310 [ 2.312969] __qedf_probe+0x5dcf/0x6bc0 [ 2.312969] ? selinux_kernfs_init_security+0xdc/0x5f0 [ 2.312969] ? trace_rpm_return_int_rcuidle+0x18/0x120 [ 2.312969] ? rpm_resume+0xa5c/0x16e0 [ 2.312969] ? qedf_get_generic_tlv_data+0x160/0x160 [ 2.312969] local_pci_probe+0x13c/0x1f0 [ 2.312969] pci_device_probe+0x37e/0x6c0 Link: https://lore.kernel.org/r/20211112120641.16073-1-fantasquex@gmail.com Reported-by: Zheyu Ma Acked-by: Saurav Kashyap Co-developed-by: Wende Tan Signed-off-by: Wende Tan Signed-off-by: Letu Ren Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/scsi/qedf/qedf_main.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index c95e04cc6424..f864ef059d29 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -3544,11 +3544,6 @@ static int __qedf_probe(struct pci_dev *pdev, int mo= de) err1: scsi_host_put(lport->host); err0: - if (qedf) { - QEDF_INFO(&qedf->dbg_ctx, QEDF_LOG_DISC, "Probe done.\n"); - - clear_bit(QEDF_PROBING, &qedf->flags); - } return rc; } =20 --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61B52C43217 for ; Thu, 13 Oct 2022 17:54:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229940AbiJMRyL (ORCPT ); Thu, 13 Oct 2022 13:54:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229772AbiJMRxa (ORCPT ); Thu, 13 Oct 2022 13:53:30 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A4CC14D1D8; Thu, 13 Oct 2022 10:53:19 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9ABA4B82027; Thu, 13 Oct 2022 17:53:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1366CC433D6; Thu, 13 Oct 2022 17:53:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683596; bh=cQxfJ3qsYjvYJ9DIUiqLsyT626Q05v8l6z9zEIm+TSw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Zok1fCAYelHvYb7MqkvsvrrppjcXKmmPa1RJzaEODgpZpz9K5c+wZ5BpK+/tjWDn7 knlfeJg18fMlJxnJrf2+q7PJYbaMUmVizfpUOyxWvCz6exQoA8+RcgQGVB3u3i+deI oKTQcmRPbg5wvUa+fAw7sDC/HRSAxi68P1idMQoI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Haimin Zhang , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 09/38] net/ieee802154: fix uninit value bug in dgram_sendmsg Date: Thu, 13 Oct 2022 19:52:10 +0200 Message-Id: <20221013175144.583618341@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Haimin Zhang [ Upstream commit 94160108a70c8af17fa1484a37e05181c0e094af ] There is uninit value bug in dgram_sendmsg function in net/ieee802154/socket.c when the length of valid data pointed by the msg->msg_name isn't verified. We introducing a helper function ieee802154_sockaddr_check_size to check namelen. First we check there is addr_type in ieee802154_addr_sa. Then, we check namelen according to addr_type. Also fixed in raw_bind, dgram_bind, dgram_connect. Signed-off-by: Haimin Zhang Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- include/net/ieee802154_netdev.h | 37 +++++++++++++++++++++++++++++ net/ieee802154/socket.c | 42 ++++++++++++++++++--------------- 2 files changed, 60 insertions(+), 19 deletions(-) diff --git a/include/net/ieee802154_netdev.h b/include/net/ieee802154_netde= v.h index d0d188c3294b..a8994f307fc3 100644 --- a/include/net/ieee802154_netdev.h +++ b/include/net/ieee802154_netdev.h @@ -15,6 +15,22 @@ #ifndef IEEE802154_NETDEVICE_H #define IEEE802154_NETDEVICE_H =20 +#define IEEE802154_REQUIRED_SIZE(struct_type, member) \ + (offsetof(typeof(struct_type), member) + \ + sizeof(((typeof(struct_type) *)(NULL))->member)) + +#define IEEE802154_ADDR_OFFSET \ + offsetof(typeof(struct sockaddr_ieee802154), addr) + +#define IEEE802154_MIN_NAMELEN (IEEE802154_ADDR_OFFSET + \ + IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, addr_type)) + +#define IEEE802154_NAMELEN_SHORT (IEEE802154_ADDR_OFFSET + \ + IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, short_addr)) + +#define IEEE802154_NAMELEN_LONG (IEEE802154_ADDR_OFFSET + \ + IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, hwaddr)) + #include #include #include @@ -165,6 +181,27 @@ static inline void ieee802154_devaddr_to_raw(void *raw= , __le64 addr) memcpy(raw, &temp, IEEE802154_ADDR_LEN); } =20 +static inline int +ieee802154_sockaddr_check_size(struct sockaddr_ieee802154 *daddr, int len) +{ + struct ieee802154_addr_sa *sa; + + sa =3D &daddr->addr; + if (len < IEEE802154_MIN_NAMELEN) + return -EINVAL; + switch (sa->addr_type) { + case IEEE802154_ADDR_SHORT: + if (len < IEEE802154_NAMELEN_SHORT) + return -EINVAL; + break; + case IEEE802154_ADDR_LONG: + if (len < IEEE802154_NAMELEN_LONG) + return -EINVAL; + break; + } + return 0; +} + static inline void ieee802154_addr_from_sa(struct ieee802154_addr *a, const struct ieee802154_addr_sa *sa) { diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c index 9a675ba0bf0a..a92b11999e5f 100644 --- a/net/ieee802154/socket.c +++ b/net/ieee802154/socket.c @@ -201,8 +201,9 @@ static int raw_bind(struct sock *sk, struct sockaddr *_= uaddr, int len) int err =3D 0; struct net_device *dev =3D NULL; =20 - if (len < sizeof(*uaddr)) - return -EINVAL; + err =3D ieee802154_sockaddr_check_size(uaddr, len); + if (err < 0) + return err; =20 uaddr =3D (struct sockaddr_ieee802154 *)_uaddr; if (uaddr->family !=3D AF_IEEE802154) @@ -498,7 +499,8 @@ static int dgram_bind(struct sock *sk, struct sockaddr = *uaddr, int len) =20 ro->bound =3D 0; =20 - if (len < sizeof(*addr)) + err =3D ieee802154_sockaddr_check_size(addr, len); + if (err < 0) goto out; =20 if (addr->family !=3D AF_IEEE802154) @@ -569,8 +571,9 @@ static int dgram_connect(struct sock *sk, struct sockad= dr *uaddr, struct dgram_sock *ro =3D dgram_sk(sk); int err =3D 0; =20 - if (len < sizeof(*addr)) - return -EINVAL; + err =3D ieee802154_sockaddr_check_size(addr, len); + if (err < 0) + return err; =20 if (addr->family !=3D AF_IEEE802154) return -EINVAL; @@ -609,6 +612,7 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr= *msg, size_t size) struct ieee802154_mac_cb *cb; struct dgram_sock *ro =3D dgram_sk(sk); struct ieee802154_addr dst_addr; + DECLARE_SOCKADDR(struct sockaddr_ieee802154*, daddr, msg->msg_name); int hlen, tlen; int err; =20 @@ -617,10 +621,20 @@ static int dgram_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t size) return -EOPNOTSUPP; } =20 - if (!ro->connected && !msg->msg_name) - return -EDESTADDRREQ; - else if (ro->connected && msg->msg_name) - return -EISCONN; + if (msg->msg_name) { + if (ro->connected) + return -EISCONN; + if (msg->msg_namelen < IEEE802154_MIN_NAMELEN) + return -EINVAL; + err =3D ieee802154_sockaddr_check_size(daddr, msg->msg_namelen); + if (err < 0) + return err; + ieee802154_addr_from_sa(&dst_addr, &daddr->addr); + } else { + if (!ro->connected) + return -EDESTADDRREQ; + dst_addr =3D ro->dst_addr; + } =20 if (!ro->bound) dev =3D dev_getfirstbyhwtype(sock_net(sk), ARPHRD_IEEE802154); @@ -656,16 +670,6 @@ static int dgram_sendmsg(struct sock *sk, struct msghd= r *msg, size_t size) cb =3D mac_cb_init(skb); cb->type =3D IEEE802154_FC_TYPE_DATA; cb->ackreq =3D ro->want_ack; - - if (msg->msg_name) { - DECLARE_SOCKADDR(struct sockaddr_ieee802154*, - daddr, msg->msg_name); - - ieee802154_addr_from_sa(&dst_addr, &daddr->addr); - } else { - dst_addr =3D ro->dst_addr; - } - cb->secen =3D ro->secen; cb->secen_override =3D ro->secen_override; cb->seclevel =3D ro->seclevel; --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4372C433FE for ; Thu, 13 Oct 2022 17:52:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229618AbiJMRwr (ORCPT ); Thu, 13 Oct 2022 13:52:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229586AbiJMRwo (ORCPT ); Thu, 13 Oct 2022 13:52:44 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00AA414D1CF; Thu, 13 Oct 2022 10:52:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 91D1DB8201C; Thu, 13 Oct 2022 17:52:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 05F19C433D6; Thu, 13 Oct 2022 17:52:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683561; bh=Oo5dzfgUvi7RFuvhID2RTEtBjZh0y9xtz/tZcCFnyi8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=exr4gMM5hmcE0SgFOcXvz2+F9SDRrPGJXPHy3WxH0LVYLcEYNIEyP545PjGCfIdU2 Y4O9od5kwd8XbU+XjuVMRHXieDJMQfdgUhRmXlA0gHyepHJwkMHkesNwCr8/T+E5Ud XOW/8MHa8ls6kYivy6KI0Cq63wWqV2HwVDndgMkw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lukas Straub , Richard Weinberger , Sasha Levin , Randy Dunlap Subject: [PATCH 5.4 10/38] um: Cleanup syscall_handler_t cast in syscalls_32.h Date: Thu, 13 Oct 2022 19:52:11 +0200 Message-Id: <20221013175144.611796545@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lukas Straub [ Upstream commit 61670b4d270c71219def1fbc9441debc2ac2e6e9 ] Like in f4f03f299a56ce4d73c5431e0327b3b6cb55ebb9 "um: Cleanup syscall_handler_t definition/cast, fix warning", remove the cast to to fix the compiler warning. Signed-off-by: Lukas Straub Acked-by: Randy Dunlap # build-tested Signed-off-by: Richard Weinberger Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- arch/x86/um/shared/sysdep/syscalls_32.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/x86/um/shared/sysdep/syscalls_32.h b/arch/x86/um/shared/s= ysdep/syscalls_32.h index 68fd2cf526fd..f6e9f84397e7 100644 --- a/arch/x86/um/shared/sysdep/syscalls_32.h +++ b/arch/x86/um/shared/sysdep/syscalls_32.h @@ -6,10 +6,9 @@ #include #include =20 -typedef long syscall_handler_t(struct pt_regs); +typedef long syscall_handler_t(struct syscall_args); =20 extern syscall_handler_t *sys_call_table[]; =20 #define EXECUTE_SYSCALL(syscall, regs) \ - ((long (*)(struct syscall_args)) \ - (*sys_call_table[syscall]))(SYSCALL_ARGS(®s->regs)) + ((*sys_call_table[syscall]))(SYSCALL_ARGS(®s->regs)) --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1623BC433FE for ; Thu, 13 Oct 2022 17:52:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229665AbiJMRwx (ORCPT ); Thu, 13 Oct 2022 13:52:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53484 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229555AbiJMRwq (ORCPT ); Thu, 13 Oct 2022 13:52:46 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 701A714FD20; Thu, 13 Oct 2022 10:52:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EA8B6618CF; Thu, 13 Oct 2022 17:52:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0277DC433D6; Thu, 13 Oct 2022 17:52:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683564; bh=FMtJbvUlcZMfZJsHs+zcMqbDLnAq+to6DJYsgnmO13c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rPPMu4GQ7M8hKWkMuimnzAN7vmzkLRDGYwd+h/dHQbCPHtn7Mqor5u/BXGFbPFzVk psxkz0q0NfdmP3Hm3GoRPerHoVxYi3R1zFWvJ+8hChP8MQJy34ZfXQEn58QQa+mukZ qQ/1GjVOfIX3RPp5OnBxgdfPWhJRCVXezbHzBYuM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lukas Straub , Richard Weinberger , Sasha Levin , Randy Dunlap Subject: [PATCH 5.4 11/38] um: Cleanup compiler warning in arch/x86/um/tls_32.c Date: Thu, 13 Oct 2022 19:52:12 +0200 Message-Id: <20221013175144.640705949@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lukas Straub [ Upstream commit d27fff3499671dc23a08efd01cdb8b3764a391c4 ] arch.tls_array is statically allocated so checking for NULL doesn't make sense. This causes the compiler warning below. Remove the checks to silence these warnings. ../arch/x86/um/tls_32.c: In function 'get_free_idx': ../arch/x86/um/tls_32.c:68:13: warning: the comparison will always evaluate= as 'true' for the address of 'tls_array' will never be NULL [-Waddress] 68 | if (!t->arch.tls_array) | ^ In file included from ../arch/x86/um/asm/processor.h:10, from ../include/linux/rcupdate.h:30, from ../include/linux/rculist.h:11, from ../include/linux/pid.h:5, from ../include/linux/sched.h:14, from ../arch/x86/um/tls_32.c:7: ../arch/x86/um/asm/processor_32.h:22:31: note: 'tls_array' declared here 22 | struct uml_tls_struct tls_array[GDT_ENTRY_TLS_ENTRIES]; | ^~~~~~~~~ ../arch/x86/um/tls_32.c: In function 'get_tls_entry': ../arch/x86/um/tls_32.c:243:13: warning: the comparison will always evaluat= e as 'true' for the address of 'tls_array' will never be NULL [-Waddress] 243 | if (!t->arch.tls_array) | ^ ../arch/x86/um/asm/processor_32.h:22:31: note: 'tls_array' declared here 22 | struct uml_tls_struct tls_array[GDT_ENTRY_TLS_ENTRIES]; | ^~~~~~~~~ Signed-off-by: Lukas Straub Acked-by: Randy Dunlap # build-tested Signed-off-by: Richard Weinberger Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- arch/x86/um/tls_32.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/arch/x86/um/tls_32.c b/arch/x86/um/tls_32.c index ac8eee093f9c..66162eafd8e8 100644 --- a/arch/x86/um/tls_32.c +++ b/arch/x86/um/tls_32.c @@ -65,9 +65,6 @@ static int get_free_idx(struct task_struct* task) struct thread_struct *t =3D &task->thread; int idx; =20 - if (!t->arch.tls_array) - return GDT_ENTRY_TLS_MIN; - for (idx =3D 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++) if (!t->arch.tls_array[idx].present) return idx + GDT_ENTRY_TLS_MIN; @@ -240,9 +237,6 @@ static int get_tls_entry(struct task_struct *task, stru= ct user_desc *info, { struct thread_struct *t =3D &task->thread; =20 - if (!t->arch.tls_array) - goto clear; - if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; =20 --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57FB2C4332F for ; Thu, 13 Oct 2022 17:52:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229739AbiJMRw4 (ORCPT ); Thu, 13 Oct 2022 13:52:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53508 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229560AbiJMRwu (ORCPT ); Thu, 13 Oct 2022 13:52:50 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ECB2214FD34; Thu, 13 Oct 2022 10:52:48 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5742A618F7; Thu, 13 Oct 2022 17:52:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2934EC433C1; Thu, 13 Oct 2022 17:52:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683567; bh=ib1lQCV01pXW8JO0BmnZksOwhGMo3P498BUfkCHG5/U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XVDC6UKUI7MjyaU5NMvDqjmIHvRW5vvSmZoWjcGHrpNP7CIctJRN6vv1zjJID1Vqi hPPmRNPPmlUq41jvOZDQtdGImf07cl2LXOxiNf+gW3fROxUolu1Pgq/eyNvMEsF1FR 2z3Q0CpZ7Kcqap4ZhYrsosiZd+Ag1vivAV3Mu23Y= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Gow , Lukas Straub , Richard Weinberger , Sasha Levin , Randy Dunlap Subject: [PATCH 5.4 12/38] arch: um: Mark the stack non-executable to fix a binutils warning Date: Thu, 13 Oct 2022 19:52:13 +0200 Message-Id: <20221013175144.682353616@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: David Gow [ Upstream commit bd71558d585ac61cfd799db7f25e78dca404dd7a ] Since binutils 2.39, ld will print a warning if any stack section is executable, which is the default for stack sections on files without a .note.GNU-stack section. This was fixed for x86 in commit ffcf9c5700e4 ("x86: link vdso and boot wit= h -z noexecstack --no-warn-rwx-segments"), but remained broken for UML, resulting in several warnings: /usr/bin/ld: warning: arch/x86/um/vdso/vdso.o: missing .note.GNU-stack sect= ion implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a fu= ture version of the linker /usr/bin/ld: warning: .tmp_vmlinux.kallsyms1 has a LOAD segment with RWX pe= rmissions /usr/bin/ld: warning: .tmp_vmlinux.kallsyms1.o: missing .note.GNU-stack sec= tion implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a fu= ture version of the linker /usr/bin/ld: warning: .tmp_vmlinux.kallsyms2 has a LOAD segment with RWX pe= rmissions /usr/bin/ld: warning: .tmp_vmlinux.kallsyms2.o: missing .note.GNU-stack sec= tion implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a fu= ture version of the linker /usr/bin/ld: warning: vmlinux has a LOAD segment with RWX permissions Link both the VDSO and vmlinux with -z noexecstack, fixing the warnings about .note.GNU-stack sections. In addition, pass --no-warn-rwx-segments to dodge the remaining warnings about LOAD segments with RWX permissions in the kallsyms objects. (Note that this flag is apparently not available on lld, so hide it behind a test for BFD, which is what the x86 patch does.) Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/co= mmit/?id=3Dffcf9c5700e49c0aee42dcba9a12ba21338e8136 Link: https://sourceware.org/git/?p=3Dbinutils-gdb.git;a=3Dcommit;h=3Dba951= afb99912da01a6e8434126b8fac7aa75107 Signed-off-by: David Gow Reviewed-by: Lukas Straub Tested-by: Lukas Straub Acked-by: Randy Dunlap # build-tested Signed-off-by: Richard Weinberger Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- arch/um/Makefile | 8 ++++++++ arch/x86/um/vdso/Makefile | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/um/Makefile b/arch/um/Makefile index 275f5ffdf6f0..773120be0f56 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile @@ -132,10 +132,18 @@ export LDS_ELF_FORMAT :=3D $(ELF_FORMAT) # The wrappers will select whether using "malloc" or the kernel allocator. LINK_WRAPS =3D -Wl,--wrap,malloc -Wl,--wrap,free -Wl,--wrap,calloc =20 +# Avoid binutils 2.39+ warnings by marking the stack non-executable and +# ignorning warnings for the kallsyms sections. +LDFLAGS_EXECSTACK =3D -z noexecstack +ifeq ($(CONFIG_LD_IS_BFD),y) +LDFLAGS_EXECSTACK +=3D $(call ld-option,--no-warn-rwx-segments) +endif + LD_FLAGS_CMDLINE =3D $(foreach opt,$(KBUILD_LDFLAGS),-Wl,$(opt)) =20 # Used by link-vmlinux.sh which has special support for um link export CFLAGS_vmlinux :=3D $(LINK-y) $(LINK_WRAPS) $(LD_FLAGS_CMDLINE) +export LDFLAGS_vmlinux :=3D $(LDFLAGS_EXECSTACK) =20 # When cleaning we don't include .config, so we don't include # TT or skas makefiles and don't clean skas_ptregs.h. diff --git a/arch/x86/um/vdso/Makefile b/arch/x86/um/vdso/Makefile index 0caddd6acb22..bec115036f87 100644 --- a/arch/x86/um/vdso/Makefile +++ b/arch/x86/um/vdso/Makefile @@ -62,7 +62,7 @@ quiet_cmd_vdso =3D VDSO $@ -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@' =20 -VDSO_LDFLAGS =3D -fPIC -shared -Wl,--hash-style=3Dsysv +VDSO_LDFLAGS =3D -fPIC -shared -Wl,--hash-style=3Dsysv -z noexecstack GCOV_PROFILE :=3D n =20 # --=20 2.35.1 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F3A5C433FE for ; Thu, 13 Oct 2022 17:53:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229764AbiJMRxA (ORCPT ); Thu, 13 Oct 2022 13:53:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53694 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229693AbiJMRwx (ORCPT ); Thu, 13 Oct 2022 13:52:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EED7B14FD2D; Thu, 13 Oct 2022 10:52:51 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7633C618F7; Thu, 13 Oct 2022 17:52:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7EC6EC433D6; Thu, 13 Oct 2022 17:52:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683570; bh=xxDHkhWXn9LWoUKnTOuFYR63Zphxmul0hUMh47XisPY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FNZxgvDJSbVmp7S973wGc2l1ts/ixGzyL24z9QwwTW5kbnNqdX9SGCi2SpVKPUtsD Nc+k+XY34RfX6wlUygens3k0XqDIXSHnd+ZaEKbYo4Jo3fK+uP0WDh94qk5MicNcqU RpTXo+I189QZH1rI+UouwDOYvkIdV30Y7EIVHH/A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Dmitry Vyukov" , stable , syzbot+23f57c5ae902429285d7@syzkaller.appspotmail.com, Tadeusz Struk , PaX Team Subject: [PATCH 5.4 13/38] usb: mon: make mmapped memory read only Date: Thu, 13 Oct 2022 19:52:14 +0200 Message-Id: <20221013175144.715255137@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Tadeusz Struk commit a659daf63d16aa883be42f3f34ff84235c302198 upstream. Syzbot found an issue in usbmon module, where the user space client can corrupt the monitor's internal memory, causing the usbmon module to crash the kernel with segfault, UAF, etc. The reproducer mmaps the /dev/usbmon memory to user space, and overwrites it with arbitrary data, which causes all kinds of issues. Return an -EPERM error from mon_bin_mmap() if the flag VM_WRTIE is set. Also clear VM_MAYWRITE to make it impossible to change it to writable later. Cc: "Dmitry Vyukov" Cc: stable Fixes: 6f23ee1fefdc ("USB: add binary API to usbmon") Suggested-by: PaX Team # for the VM_MAYRITE portion Link: https://syzkaller.appspot.com/bug?id=3D2eb1f35d6525fa4a74d75b4244971e= 5b1411c95a Reported-by: syzbot+23f57c5ae902429285d7@syzkaller.appspotmail.com Signed-off-by: Tadeusz Struk Link: https://lore.kernel.org/r/20220919215957.205681-1-tadeusz.struk@linar= o.org Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/usb/mon/mon_bin.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/usb/mon/mon_bin.c +++ b/drivers/usb/mon/mon_bin.c @@ -1268,6 +1268,11 @@ static int mon_bin_mmap(struct file *fil { /* don't do anything here: "fault" will set up page table entries */ vma->vm_ops =3D &mon_bin_vm_ops; + + if (vma->vm_flags & VM_WRITE) + return -EPERM; + + vma->vm_flags &=3D ~VM_MAYWRITE; vma->vm_flags |=3D VM_DONTEXPAND | VM_DONTDUMP; vma->vm_private_data =3D filp->private_data; mon_bin_vma_open(vma); From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD5A9C433FE for ; Thu, 13 Oct 2022 17:53:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229734AbiJMRxN (ORCPT ); Thu, 13 Oct 2022 13:53:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229710AbiJMRxG (ORCPT ); Thu, 13 Oct 2022 13:53:06 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AEFFA14FD3C; Thu, 13 Oct 2022 10:52:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EEE7FB82023; Thu, 13 Oct 2022 17:52:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 447A7C4347C; Thu, 13 Oct 2022 17:52:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683573; bh=iAr2bdd55JyX61KwNHcOrbz7/shgwLEETzjHoF0LZbA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vkD/kPu/zaVJYbbqnuKfNB1u+HTy0EOiOhF1J7C4spIryl/CUhndR5r/7HtQSBVWr mseEuMl3cto5SAa0pR3lsLM/tCMv89uELAJEwmUARtaTSl6ysce727lqvB4KxIHmA2 rSLnjVo4tIcne+GqC11E98PmxqdXUBt8/BqNHRgM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johan Hovold Subject: [PATCH 5.4 14/38] USB: serial: ftdi_sio: fix 300 bps rate for SIO Date: Thu, 13 Oct 2022 19:52:15 +0200 Message-Id: <20221013175144.747770047@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Johan Hovold commit 7bd7ad3c310cd6766f170927381eea0aa6f46c69 upstream. The 300 bps rate of SIO devices has been mapped to 9600 bps since 2003... Let's fix the regression. Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/usb/serial/ftdi_sio.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -1320,8 +1320,7 @@ static u32 get_ftdi_divisor(struct tty_s case 38400: div_value =3D ftdi_sio_b38400; break; case 57600: div_value =3D ftdi_sio_b57600; break; case 115200: div_value =3D ftdi_sio_b115200; break; - } /* baud */ - if (div_value =3D=3D 0) { + default: dev_dbg(dev, "%s - Baudrate (%d) requested is not supported\n", __func__, baud); div_value =3D ftdi_sio_b9600; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 622C5C433FE for ; Thu, 13 Oct 2022 17:57:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230207AbiJMR5F (ORCPT ); Thu, 13 Oct 2022 13:57:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230117AbiJMR4V (ORCPT ); Thu, 13 Oct 2022 13:56:21 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21C9B65DE; Thu, 13 Oct 2022 10:54:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A3716B82025; Thu, 13 Oct 2022 17:54:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 09CC7C433D7; Thu, 13 Oct 2022 17:54:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683667; bh=3WroA/4vqnn9uePZj6BBoC3cuLg33kruPSiHg3MggMw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kFLezIXUy8bQ46Bm/oP7wYIlS52gtIPRyWP8BfxaDBO6iywh6vb5mq9/3nrCn8dm9 XpZAjov2uOa2DoDUC12IA/lhWIpyBzkKkQHvtuuZk6E6SfAgrFCa83a2lvAFDDwzF2 /ks5LMLchM/59yGkx6lGOYqMSWcPIU4uUchHGNfI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, ChanWoo Lee , Linus Walleij , Ulf Hansson , Brian Norris Subject: [PATCH 5.4 15/38] mmc: core: Replace with already defined values for readability Date: Thu, 13 Oct 2022 19:52:16 +0200 Message-Id: <20221013175144.783104209@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: ChanWoo Lee commit e427266460826bea21b70f9b2bb29decfb2c2620 upstream. SD_ROCR_S18A is already defined and is used to check the rocr value, so let's replace with already defined values for readability. Signed-off-by: ChanWoo Lee Reviewed-by: Linus Walleij Link: https://lore.kernel.org/r/20220706004840.24812-1-cw9316.lee@samsung.c= om Signed-off-by: Ulf Hansson Signed-off-by: Brian Norris Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/mmc/core/sd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -799,7 +799,7 @@ try_again: * the CCS bit is set as well. We deliberately deviate from the spec in * regards to this, which allows UHS-I to be supported for SDSC cards. */ - if (!mmc_host_is_spi(host) && rocr && (*rocr & 0x01000000)) { + if (!mmc_host_is_spi(host) && rocr && (*rocr & SD_ROCR_S18A)) { err =3D mmc_set_uhs_voltage(host, pocr); if (err =3D=3D -EAGAIN) { retries--; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DBC7C4332F for ; Thu, 13 Oct 2022 17:54:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230021AbiJMRyh (ORCPT ); Thu, 13 Oct 2022 13:54:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229916AbiJMRxx (ORCPT ); Thu, 13 Oct 2022 13:53:53 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87236152029; Thu, 13 Oct 2022 10:53:25 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9BC8DB82026; Thu, 13 Oct 2022 17:53:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 14516C433D7; Thu, 13 Oct 2022 17:53:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683602; bh=beHM6p8L43oHqLXfN/3Q+tAnkkBD31uvAhb+FMk75Sw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IbhuCf5O48Ts04StuFvclg516afriUPHgBLa2sIrpWscDXUz9DlAp5qYT2+OU0dbM 6eyQhSnXLeOSb4qpok/ZzQf85MiIqWZ+GzjSyw4ohL18ctLNS/c+TBOK9alliLcJbj pRWsDs5tODs1yFTEHMIsGaYCuY8z5C2wafIRauxA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Brian Norris , Guenter Roeck , Ulf Hansson Subject: [PATCH 5.4 16/38] mmc: core: Terminate infinite loop in SD-UHS voltage switch Date: Thu, 13 Oct 2022 19:52:17 +0200 Message-Id: <20221013175144.817058806@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Brian Norris commit e9233917a7e53980664efbc565888163c0a33c3f upstream. This loop intends to retry a max of 10 times, with some implicit termination based on the SD_{R,}OCR_S18A bit. Unfortunately, the termination condition depends on the value reported by the SD card (*rocr), which may or may not correctly reflect what we asked it to do. Needless to say, it's not wise to rely on the card doing what we expect; we should at least terminate the loop regardless. So, check both the input and output values, so we ensure we will terminate regardless of the SD card behavior. Note that SDIO learned a similar retry loop in commit 0797e5f1453b ("mmc: core: Fixup signal voltage switch"), but that used the 'ocr' result, and so the current pre-terminating condition looks like: rocr & ocr & R4_18V_PRESENT (i.e., it doesn't have the same bug.) This addresses a number of crash reports seen on ChromeOS that look like the following: ... // lots of repeated: ... <4>[13142.846061] mmc1: Skipping voltage switch <4>[13143.406087] mmc1: Skipping voltage switch <4>[13143.964724] mmc1: Skipping voltage switch <4>[13144.526089] mmc1: Skipping voltage switch <4>[13145.086088] mmc1: Skipping voltage switch <4>[13145.645941] mmc1: Skipping voltage switch <3>[13146.153969] INFO: task halt:30352 blocked for more than 122 secon= ds. ... Fixes: f2119df6b764 ("mmc: sd: add support for signal voltage switch proced= ure") Cc: Signed-off-by: Brian Norris Reviewed-by: Guenter Roeck Link: https://lore.kernel.org/r/20220914014010.2076169-1-briannorris@chromi= um.org Signed-off-by: Ulf Hansson Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/mmc/core/sd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -799,7 +799,8 @@ try_again: * the CCS bit is set as well. We deliberately deviate from the spec in * regards to this, which allows UHS-I to be supported for SDSC cards. */ - if (!mmc_host_is_spi(host) && rocr && (*rocr & SD_ROCR_S18A)) { + if (!mmc_host_is_spi(host) && (ocr & SD_OCR_S18R) && + rocr && (*rocr & SD_ROCR_S18A)) { err =3D mmc_set_uhs_voltage(host, pocr); if (err =3D=3D -EAGAIN) { retries--; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FC3CC4332F for ; Thu, 13 Oct 2022 17:55:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229541AbiJMRzn (ORCPT ); Thu, 13 Oct 2022 13:55:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230026AbiJMRyk (ORCPT ); Thu, 13 Oct 2022 13:54:40 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5482E152004; Thu, 13 Oct 2022 10:53:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CC5EB618FE; Thu, 13 Oct 2022 17:53:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D8C34C433C1; Thu, 13 Oct 2022 17:53:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683633; bh=Nrjzs/H2egeDQFrckuWu56rSL09kwzfFao0QMA0ZHHY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=P7J3VScl+FWfKb95ama6N+qW6QeSyJOBIGtLQ5OehRDMdXXYxv8YI+GF7es1NXBfY qZrKGblkD3nD0/+uTZEfKqYVrUEkF1X5jXgKIGpkakHPH/wDaw0UKOo1RdHJ0jtG5D 7+hm0d2G9zijKDLyEblmEDUZzgcci7uDbqh7wDko= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Krzysztof Kozlowski , Stephen Boyd , Bjorn Andersson , Andrew Chernyakov Subject: [PATCH 5.4 17/38] rpmsg: qcom: glink: replace strncpy() with strscpy_pad() Date: Thu, 13 Oct 2022 19:52:18 +0200 Message-Id: <20221013175144.845054740@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Krzysztof Kozlowski commit 766279a8f85df32345dbda03b102ca1ee3d5ddea upstream. The use of strncpy() is considered deprecated for NUL-terminated strings[1]. Replace strncpy() with strscpy_pad(), to keep existing pad-behavior of strncpy, similarly to commit 08de420a8014 ("rpmsg: glink: Replace strncpy() with strscpy_pad()"). This fixes W=3D1 warning: In function =E2=80=98qcom_glink_rx_close=E2=80=99, inlined from =E2=80=98qcom_glink_work=E2=80=99 at ../drivers/rpmsg/qcom= _glink_native.c:1638:4: drivers/rpmsg/qcom_glink_native.c:1549:17: warning: =E2=80=98strncpy=E2= =80=99 specified bound 32 equals destination size [-Wstringop-truncation] 1549 | strncpy(chinfo.name, channel->name, sizeof(chinfo= .name)); [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-= on-nul-terminated-strings Signed-off-by: Krzysztof Kozlowski Reviewed-by: Stephen Boyd Signed-off-by: Bjorn Andersson Link: https://lore.kernel.org/r/20220519073330.7187-1-krzysztof.kozlowski@l= inaro.org Signed-off-by: Andrew Chernyakov Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/rpmsg/qcom_glink_native.c | 2 +- drivers/rpmsg/qcom_smd.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/drivers/rpmsg/qcom_glink_native.c +++ b/drivers/rpmsg/qcom_glink_native.c @@ -1472,7 +1472,7 @@ static void qcom_glink_rx_close(struct q cancel_work_sync(&channel->intent_work); =20 if (channel->rpdev) { - strncpy(chinfo.name, channel->name, sizeof(chinfo.name)); + strscpy_pad(chinfo.name, channel->name, sizeof(chinfo.name)); chinfo.src =3D RPMSG_ADDR_ANY; chinfo.dst =3D RPMSG_ADDR_ANY; =20 --- a/drivers/rpmsg/qcom_smd.c +++ b/drivers/rpmsg/qcom_smd.c @@ -1073,7 +1073,7 @@ static int qcom_smd_create_device(struct =20 /* Assign public information to the rpmsg_device */ rpdev =3D &qsdev->rpdev; - strncpy(rpdev->id.name, channel->name, RPMSG_NAME_SIZE); + strscpy_pad(rpdev->id.name, channel->name, RPMSG_NAME_SIZE); rpdev->src =3D RPMSG_ADDR_ANY; rpdev->dst =3D RPMSG_ADDR_ANY; =20 @@ -1304,7 +1304,7 @@ static void qcom_channel_state_worker(st =20 spin_unlock_irqrestore(&edge->channels_lock, flags); =20 - strncpy(chinfo.name, channel->name, sizeof(chinfo.name)); + strscpy_pad(chinfo.name, channel->name, sizeof(chinfo.name)); chinfo.src =3D RPMSG_ADDR_ANY; chinfo.dst =3D RPMSG_ADDR_ANY; rpmsg_unregister_device(&edge->dev, &chinfo); From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C9BBC4332F for ; Thu, 13 Oct 2022 17:56:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230158AbiJMR4f (ORCPT ); Thu, 13 Oct 2022 13:56:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229777AbiJMR4K (ORCPT ); Thu, 13 Oct 2022 13:56:10 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E636152008; Thu, 13 Oct 2022 10:54:12 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9460EB8201E; Thu, 13 Oct 2022 17:54:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 03467C433C1; Thu, 13 Oct 2022 17:54:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683647; bh=F//YHv1bkUtABcaNo0CCRonpfHuEaxZGVHMrMkrR4lY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hVEkAv5RbtcEzUOnsrXp6OanYVPGI1+DPzEHa2nEXJT2XI1MlUT62Cpv3IDG7I8T1 To+5X74cT4mhCNUxNY3A6WZbqmAjSirA7gmwefvoCGlCRV5Z00p0iGqSeMTo+ScZaR yb8v9g8zV/NM77JuPddEcDUQsXKUSzUHuM/tOl4k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ryusuke Konishi , syzbot+2b32eb36c1a825b7a74c@syzkaller.appspotmail.com, Tetsuo Handa , Andrew Morton Subject: [PATCH 5.4 18/38] nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() Date: Thu, 13 Oct 2022 19:52:19 +0200 Message-Id: <20221013175144.880820665@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ryusuke Konishi commit 21a87d88c2253350e115029f14fe2a10a7e6c856 upstream. If the i_mode field in inode of metadata files is corrupted on disk, it can cause the initialization of bmap structure, which should have been called from nilfs_read_inode_common(), not to be called. This causes a lockdep warning followed by a NULL pointer dereference at nilfs_bmap_lookup_at_level(). This patch fixes these issues by adding a missing sanitiy check for the i_mode field of metadata file's inode. Link: https://lkml.kernel.org/r/20221002030804.29978-1-konishi.ryusuke@gmai= l.com Signed-off-by: Ryusuke Konishi Reported-by: syzbot+2b32eb36c1a825b7a74c@syzkaller.appspotmail.com Reported-by: Tetsuo Handa Tested-by: Ryusuke Konishi Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- fs/nilfs2/inode.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/nilfs2/inode.c +++ b/fs/nilfs2/inode.c @@ -451,6 +451,8 @@ int nilfs_read_inode_common(struct inode inode->i_atime.tv_nsec =3D le32_to_cpu(raw_inode->i_mtime_nsec); inode->i_ctime.tv_nsec =3D le32_to_cpu(raw_inode->i_ctime_nsec); inode->i_mtime.tv_nsec =3D le32_to_cpu(raw_inode->i_mtime_nsec); + if (nilfs_is_metadata_file_inode(inode) && !S_ISREG(inode->i_mode)) + return -EIO; /* this inode is for metadata and corrupted */ if (inode->i_nlink =3D=3D 0) return -ESTALE; /* this inode is deleted */ From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 478A8C4332F for ; Thu, 13 Oct 2022 17:56:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229956AbiJMR4X (ORCPT ); Thu, 13 Oct 2022 13:56:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229976AbiJMRzl (ORCPT ); Thu, 13 Oct 2022 13:55:41 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1C849157882; Thu, 13 Oct 2022 10:54:16 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 4FEFDB82023; Thu, 13 Oct 2022 17:54:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B74D2C433D6; Thu, 13 Oct 2022 17:54:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683650; bh=4/0gbWRoGgXhcpCItadg29FCqoOIDIWdJPHkOeinRzA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=A63xl/U15MfZ+RoEbXWcXdnZ24yR8N6RM+5J0n7O0pvIT89bPAv5LkIt+XgKaAZZA 6kOkgOc8GQWMQMS3A+W3Vae6qZlo21QTOKg2UD7xM8SWE+Cbv8W/GvBwGKnBkU8+Tx cLpNSohdA3BhODyik6jxiNyyi+7VF1r1cIOTfDQk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ryusuke Konishi , syzbot+7381dc4ad60658ca4c05@syzkaller.appspotmail.com, Andrew Morton Subject: [PATCH 5.4 19/38] nilfs2: fix leak of nilfs_root in case of writer thread creation failure Date: Thu, 13 Oct 2022 19:52:20 +0200 Message-Id: <20221013175144.915194021@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ryusuke Konishi commit d0d51a97063db4704a5ef6bc978dddab1636a306 upstream. If nilfs_attach_log_writer() failed to create a log writer thread, it frees a data structure of the log writer without any cleanup. After commit e912a5b66837 ("nilfs2: use root object to get ifile"), this causes a leak of struct nilfs_root, which started to leak an ifile metadata inode and a kobject on that struct. In addition, if the kernel is booted with panic_on_warn, the above ifile metadata inode leak will cause the following panic when the nilfs2 kernel module is removed: kmem_cache_destroy nilfs2_inode_cache: Slab cache still has objects when called from nilfs_destroy_cachep+0x16/0x3a [nilfs2] WARNING: CPU: 8 PID: 1464 at mm/slab_common.c:494 kmem_cache_destroy+0x13= 8/0x140 ... RIP: 0010:kmem_cache_destroy+0x138/0x140 Code: 00 20 00 00 e8 a9 55 d8 ff e9 76 ff ff ff 48 8b 53 60 48 c7 c6 20 7= 0 65 86 48 c7 c7 d8 69 9c 86 48 8b 4c 24 28 e8 ef 71 c7 00 <0f> 0b e9 53 ff= ff ff c3 48 81 ff ff 0f 00 00 77 03 31 c0 c3 53 48 ... Call Trace: ? nilfs_palloc_freev.cold.24+0x58/0x58 [nilfs2] nilfs_destroy_cachep+0x16/0x3a [nilfs2] exit_nilfs_fs+0xa/0x1b [nilfs2] __x64_sys_delete_module+0x1d9/0x3a0 ? __sanitizer_cov_trace_pc+0x1a/0x50 ? syscall_trace_enter.isra.19+0x119/0x190 do_syscall_64+0x34/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd ... Kernel panic - not syncing: panic_on_warn set ... This patch fixes these issues by calling nilfs_detach_log_writer() cleanup function if spawning the log writer thread fails. Link: https://lkml.kernel.org/r/20221007085226.57667-1-konishi.ryusuke@gmai= l.com Fixes: e912a5b66837 ("nilfs2: use root object to get ifile") Signed-off-by: Ryusuke Konishi Reported-by: syzbot+7381dc4ad60658ca4c05@syzkaller.appspotmail.com Tested-by: Ryusuke Konishi Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- fs/nilfs2/segment.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -2786,10 +2786,9 @@ int nilfs_attach_log_writer(struct super inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL); =20 err =3D nilfs_segctor_start_thread(nilfs->ns_writer); - if (err) { - kfree(nilfs->ns_writer); - nilfs->ns_writer =3D NULL; - } + if (unlikely(err)) + nilfs_detach_log_writer(sb); + return err; } From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 480A0C433FE for ; Thu, 13 Oct 2022 17:56:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230137AbiJMR4T (ORCPT ); Thu, 13 Oct 2022 13:56:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229891AbiJMRzS (ORCPT ); Thu, 13 Oct 2022 13:55:18 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B534F15B30E; Thu, 13 Oct 2022 10:54:19 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 88CE4618DE; Thu, 13 Oct 2022 17:54:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 908D7C433D6; Thu, 13 Oct 2022 17:54:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683652; bh=5/+T7+Hbc+gs+Q2MxLjLyv7qCijM55C8bgamH/I/2XQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bkxIvt6syKoVpL/ILhwyLZLofbasUrbwc2JM1zdSaVeYrkmWpDJvoPJZol5RMTPTU Xyd/BZ1nlsB3U8SORsaBjrfbUBASeLung3tRPVGCSqI16dx2JWc4YaBbMJi47dn8J8 jOfylAd8/wq1OXTTKs7znb/clREHbAfVJf3XWN9g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ryusuke Konishi , syzbot+fbb3e0b24e8dae5a16ee@syzkaller.appspotmail.com, Andrew Morton Subject: [PATCH 5.4 20/38] nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure Date: Thu, 13 Oct 2022 19:52:21 +0200 Message-Id: <20221013175144.950270355@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ryusuke Konishi commit 723ac751208f6d6540191689cfbf6c77135a7a1b upstream. If creation or finalization of a checkpoint fails due to anomalies in the checkpoint metadata on disk, a kernel warning is generated. This patch replaces the WARN_ONs by nilfs_error, so that a kernel, booted with panic_on_warn, does not panic. A nilfs_error is appropriate here to handle the abnormal filesystem condition. This also replaces the detected error codes with an I/O error so that neither of the internal error codes is returned to callers. Link: https://lkml.kernel.org/r/20220929123330.19658-1-konishi.ryusuke@gmai= l.com Signed-off-by: Ryusuke Konishi Reported-by: syzbot+fbb3e0b24e8dae5a16ee@syzkaller.appspotmail.com Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- fs/nilfs2/segment.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -880,9 +880,11 @@ static int nilfs_segctor_create_checkpoi nilfs_mdt_mark_dirty(nilfs->ns_cpfile); nilfs_cpfile_put_checkpoint( nilfs->ns_cpfile, nilfs->ns_cno, bh_cp); - } else - WARN_ON(err =3D=3D -EINVAL || err =3D=3D -ENOENT); - + } else if (err =3D=3D -EINVAL || err =3D=3D -ENOENT) { + nilfs_error(sci->sc_super, + "checkpoint creation failed due to metadata corruption."); + err =3D -EIO; + } return err; } =20 @@ -896,7 +898,11 @@ static int nilfs_segctor_fill_in_checkpo err =3D nilfs_cpfile_get_checkpoint(nilfs->ns_cpfile, nilfs->ns_cno, 0, &raw_cp, &bh_cp); if (unlikely(err)) { - WARN_ON(err =3D=3D -EINVAL || err =3D=3D -ENOENT); + if (err =3D=3D -EINVAL || err =3D=3D -ENOENT) { + nilfs_error(sci->sc_super, + "checkpoint finalization failed due to metadata corruption."); + err =3D -EIO; + } goto failed_ibh; } raw_cp->cp_snapshot_list.ssl_next =3D 0; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0975C43217 for ; Thu, 13 Oct 2022 17:56:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230144AbiJMR41 (ORCPT ); Thu, 13 Oct 2022 13:56:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230030AbiJMRz6 (ORCPT ); Thu, 13 Oct 2022 13:55:58 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D5801578B0; Thu, 13 Oct 2022 10:54:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 6DB90CE22D9; Thu, 13 Oct 2022 17:54:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61DE3C433D7; Thu, 13 Oct 2022 17:54:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683655; bh=lRzm0vRi2eUxz/z9bhopeMlcNJ3Sr4f8L3W4+Q8GECw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RyX0i+z6+RTN7F9EcBTkE9icI78ddBeSE24xO7rY2PhbYc+hq4Z4Nn+eqjFoUgM5m BZjtHqMJy0LDbBpwFRGGIHiaZdZe1HojiIYRn0/d/PIeJJJONkxLL/PkLF5MjhG9Tw knBWPnMmFnCMl7U3iHzvSTlYzxWS1s4jaXCZ4iuU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hu Weiwen , Xiubo Li , Ilya Dryomov Subject: [PATCH 5.4 21/38] ceph: dont truncate file in atomic_open Date: Thu, 13 Oct 2022 19:52:22 +0200 Message-Id: <20221013175144.981708426@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Hu Weiwen commit 7cb9994754f8a36ae9e5ec4597c5c4c2d6c03832 upstream. Clear O_TRUNC from the flags sent in the MDS create request. `atomic_open' is called before permission check. We should not do any modification to the file here. The caller will do the truncation afterward. Fixes: 124e68e74099 ("ceph: file operations") Signed-off-by: Hu Weiwen Reviewed-by: Xiubo Li Signed-off-by: Ilya Dryomov [Xiubo: fixed a trivial conflict for 5.10 backport] Signed-off-by: Xiubo Li Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- fs/ceph/file.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -452,6 +452,12 @@ int ceph_atomic_open(struct inode *dir, if (dentry->d_name.len > NAME_MAX) return -ENAMETOOLONG; =20 + /* + * Do not truncate the file, since atomic_open is called before the + * permission check. The caller will do the truncation afterward. + */ + flags &=3D ~O_TRUNC; + if (flags & O_CREAT) { if (ceph_quota_is_max_files_exceeded(dir)) return -EDQUOT; @@ -490,9 +496,7 @@ int ceph_atomic_open(struct inode *dir, =20 req->r_parent =3D dir; set_bit(CEPH_MDS_R_PARENT_LOCKED, &req->r_req_flags); - err =3D ceph_mdsc_do_request(mdsc, - (flags & (O_CREAT|O_TRUNC)) ? dir : NULL, - req); + err =3D ceph_mdsc_do_request(mdsc, (flags & O_CREAT) ? dir : NULL, req); err =3D ceph_handle_snapdir(req, dentry, err); if (err) goto out_req; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 907B4C4332F for ; Thu, 13 Oct 2022 17:56:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230150AbiJMR43 (ORCPT ); Thu, 13 Oct 2022 13:56:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230040AbiJMR4G (ORCPT ); Thu, 13 Oct 2022 13:56:06 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8496A15383D; Thu, 13 Oct 2022 10:54:23 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 18253B82024; Thu, 13 Oct 2022 17:54:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C327C433C1; Thu, 13 Oct 2022 17:54:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683658; bh=Sf4p/I5+I0rasfxMUpNRv3gda7JlSUROFiBRNveWqCk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DDrYy4FRIRqSLvsPyDbO2nH1ip4qdmr6ON4PUWD8/TG6O6X3FRj0+BFpBs7ZNyfXQ AS95eH7kUtTiFM56E34BmanF9224KN/5DbTlLgQ1nuKyM4LYk6kMoyeqj2njrY50OA hHSQdCe6GZy/Cak1Dpffnb/eVnqrOeXKxEpNSn0Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Jason A. Donenfeld" Subject: [PATCH 5.4 22/38] random: clamp credited irq bits to maximum mixed Date: Thu, 13 Oct 2022 19:52:23 +0200 Message-Id: <20221013175145.009920659@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Jason A. Donenfeld commit e78a802a7b4febf53f2a92842f494b01062d85a8 upstream. Since the most that's mixed into the pool is sizeof(long)*2, don't credit more than that many bytes of entropy. Fixes: e3e33fc2ea7f ("random: do not use input pool from hard IRQs") Cc: stable@vger.kernel.org Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/char/random.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -976,7 +976,7 @@ static void mix_interrupt_randomness(str local_irq_enable(); =20 mix_pool_bytes(pool, sizeof(pool)); - credit_init_bits(max(1u, (count & U16_MAX) / 64)); + credit_init_bits(clamp_t(unsigned int, (count & U16_MAX) / 64, 1, sizeof(= pool) * 8)); =20 memzero_explicit(pool, sizeof(pool)); } From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 031CEC433FE for ; Thu, 13 Oct 2022 17:56:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230121AbiJMR44 (ORCPT ); Thu, 13 Oct 2022 13:56:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54128 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229594AbiJMR4U (ORCPT ); Thu, 13 Oct 2022 13:56:20 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DECAF17E1F; Thu, 13 Oct 2022 10:54:50 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 61FEB618D1; Thu, 13 Oct 2022 17:54:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6E192C433D6; Thu, 13 Oct 2022 17:54:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683661; bh=koIdHHm+RAcdg+P8y3HCy0PZ6vMhhsEEGVCvN5v35k4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zYSBJDhem2QnnVy+0pjHqarrKxwC4hcqxS7PCwOZEbKRfzcIjmDBHqHbUXNUdOs3e f+L4qcctJB4V6JLvemzlLwOSD7Yajo5L/RkmjLVxMVvqqgIUNIzLzIY+zjNOpDbXZi Cc6DHqikeesBlB3THOkxCVagW9josRkm38mJnOig= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Takashi Iwai , Hans de Goede Subject: [PATCH 5.4 23/38] ALSA: hda: Fix position reporting on Poulsbo Date: Thu, 13 Oct 2022 19:52:24 +0200 Message-Id: <20221013175145.039231243@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Takashi Iwai commit 56e696c0f0c71b77fff921fc94b58a02f0445b2c upstream. Hans reported that his Sony VAIO VPX11S1E showed the broken sound behavior at the start of the stream for a couple of seconds, and it turned out that the position_fix=3D1 option fixes the issue. It implies that the position reporting is inaccurate, and very likely hitting on all Poulsbo devices. The patch applies the workaround for Poulsbo generically to switch to LPIB mode instead of the default position buffer. Reported-and-tested-by: Hans de Goede Cc: Link: https://lore.kernel.org/r/3e8697e1-87c6-7a7b-d2e8-b21f1d2f181b@redhat= .com Link: https://lore.kernel.org/r/20221001142124.7241-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- sound/pci/hda/hda_intel.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/sound/pci/hda/hda_intel.c +++ b/sound/pci/hda/hda_intel.c @@ -2532,7 +2532,8 @@ static const struct pci_device_id azx_id .driver_data =3D AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_NOPM }, /* Poulsbo */ { PCI_DEVICE(0x8086, 0x811b), - .driver_data =3D AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_BASE }, + .driver_data =3D AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_BASE | + AZX_DCAPS_POSFIX_LPIB }, /* Oaktrail */ { PCI_DEVICE(0x8086, 0x080a), .driver_data =3D AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_BASE }, From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 757B8C4332F for ; Thu, 13 Oct 2022 17:57:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230060AbiJMR5R (ORCPT ); Thu, 13 Oct 2022 13:57:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230008AbiJMR4e (ORCPT ); Thu, 13 Oct 2022 13:56:34 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F00DC3A4AB; Thu, 13 Oct 2022 10:54:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id DC964B82026; Thu, 13 Oct 2022 17:54:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 375CDC43146; Thu, 13 Oct 2022 17:54:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683664; bh=OEVHSmyP6ry9HP1rzqnCniac1P21E4uC7zWTb3gHzHk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fbXUTaGXXlvaTdVPsC/IIwX3f1g+QcbOttriTCuRE6krHQyUIwy7e74NoMX8H9oFA P/crnrM1QwY0WWsISa68tEJy1WJhm6Py78aVOTXvxyHQ/x6xTpXUOSQRYu/Nt6mNdT Hyo27Tz45xHe/89FK7i1JYmy5S/0DZj5tFw0OMmw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Aditya Garg , Samuel Jiang , Orlando Chamberlain , Mimi Zohar Subject: [PATCH 5.4 24/38] efi: Correct Macmini DMI match in uefi cert quirk Date: Thu, 13 Oct 2022 19:52:25 +0200 Message-Id: <20221013175145.067376295@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Orlando Chamberlain commit bab715bdaa9ebf28d99a6d1efb2704a30125e96d upstream. It turns out Apple doesn't capitalise the "mini" in "Macmini" in DMI, which is inconsistent with other model line names. Correct the capitalisation of Macmini in the quirk for skipping loading platform certs on T2 Macs. Currently users get: Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Samuel Jiang Tested-by: Shuah Khan Tested-by: Sudip Mukherjee ------------[ cut here ]------------ [Firmware Bug]: Page fault caused by firmware at PA: 0xffffa30640054000 WARNING: CPU: 1 PID: 8 at arch/x86/platform/efi/quirks.c:735 efi_crash_grac= efully_on_page_fault+0x55/0xe0 Modules linked in: CPU: 1 PID: 8 Comm: kworker/u12:0 Not tainted 5.18.14-arch1-2-t2 #1 4535eb3= fc40fd08edab32a509fbf4c9bc52d111e Hardware name: Apple Inc. Macmini8,1/Mac-7BA5B2DFE22DDD8C, BIOS 1731.120.10= .0.0 (iBridge: 19.16.15071.0.0,0) 04/24/2022 Workqueue: efi_rts_wq efi_call_rts ... ---[ end trace 0000000000000000 ]--- efi: Froze efi_rts_wq and disabled EFI Runtime Services integrity: Couldn't get size: 0x8000000000000015 integrity: MODSIGN: Couldn't get UEFI db list efi: EFI Runtime Services are disabled! integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get UEFI dbx list Fixes: 155ca952c7ca ("efi: Do not import certificates from UEFI Secure Boot= for T2 Macs") Cc: stable@vger.kernel.org Cc: Aditya Garg Tested-by: Samuel Jiang Signed-off-by: Orlando Chamberlain Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman --- security/integrity/platform_certs/load_uefi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -30,7 +30,7 @@ static const struct dmi_system_id uefi_s { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,1") }, { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,2") }, { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir9,1") }, - { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacMini8,1") }, + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "Macmini8,1") }, { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") }, { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") }, { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") }, From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE4CFC43217 for ; Thu, 13 Oct 2022 17:55:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229798AbiJMRzL (ORCPT ); Thu, 13 Oct 2022 13:55:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54738 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229968AbiJMRyV (ORCPT ); Thu, 13 Oct 2022 13:54:21 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7266153817; Thu, 13 Oct 2022 10:53:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 633D6B82025; Thu, 13 Oct 2022 17:53:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CB7FAC433C1; Thu, 13 Oct 2022 17:53:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683605; bh=noRvJC0nVSYY32afoEmpgXwbaIEjxRMiF+BbGEX269k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wG67tqKxeI2/D3k3e/8VSsvN2nW8QEnk7CXXCgp1x1+dHVvJsD1fi0Xb9ssgClANC 5LqEUh8GTSQjcx8c9xBNDrVdy+aQY5fidF32Rmuj1S+yPEON4j7WDUsRlMfUI50Xkh BTbMOPkJ6fX55QsJFnsacTIgYdw0l3rfVVZjxY5o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, "James E.J. Bottomley" , "Martin K. Petersen" , Dan Carpenter , hdthky , Linus Torvalds Subject: [PATCH 5.4 25/38] scsi: stex: Properly zero out the passthrough command structure Date: Thu, 13 Oct 2022 19:52:26 +0200 Message-Id: <20221013175145.100366344@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Linus Torvalds commit 6022f210461fef67e6e676fd8544ca02d1bcfa7a upstream. The passthrough structure is declared off of the stack, so it needs to be set to zero before copied back to userspace to prevent any unintentional data leakage. Switch things to be statically allocated which will fill the unused fields with 0 automatically. Link: https://lore.kernel.org/r/YxrjN3OOw2HHl9tx@kroah.com Cc: stable@kernel.org Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: Dan Carpenter Reported-by: hdthky Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/scsi/stex.c | 17 +++++++++-------- include/scsi/scsi_cmnd.h | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) --- a/drivers/scsi/stex.c +++ b/drivers/scsi/stex.c @@ -668,16 +668,17 @@ stex_queuecommand_lck(struct scsi_cmnd * return 0; case PASSTHRU_CMD: if (cmd->cmnd[1] =3D=3D PASSTHRU_GET_DRVVER) { - struct st_drvver ver; + const struct st_drvver ver =3D { + .major =3D ST_VER_MAJOR, + .minor =3D ST_VER_MINOR, + .oem =3D ST_OEM, + .build =3D ST_BUILD_VER, + .signature[0] =3D PASSTHRU_SIGNATURE, + .console_id =3D host->max_id - 1, + .host_no =3D hba->host->host_no, + }; size_t cp_len =3D sizeof(ver); =20 - ver.major =3D ST_VER_MAJOR; - ver.minor =3D ST_VER_MINOR; - ver.oem =3D ST_OEM; - ver.build =3D ST_BUILD_VER; - ver.signature[0] =3D PASSTHRU_SIGNATURE; - ver.console_id =3D host->max_id - 1; - ver.host_no =3D hba->host->host_no; cp_len =3D scsi_sg_copy_from_buffer(cmd, &ver, cp_len); cmd->result =3D sizeof(ver) =3D=3D cp_len ? DID_OK << 16 | COMMAND_COMPLETE << 8 : --- a/include/scsi/scsi_cmnd.h +++ b/include/scsi/scsi_cmnd.h @@ -204,7 +204,7 @@ static inline int scsi_get_resid(struct for_each_sg(scsi_sglist(cmd), sg, nseg, __i) =20 static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd, - void *buf, int buflen) + const void *buf, int buflen) { return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd), buf, buflen); From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59470C43217 for ; Thu, 13 Oct 2022 17:54:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230005AbiJMRyZ (ORCPT ); Thu, 13 Oct 2022 13:54:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229873AbiJMRxq (ORCPT ); Thu, 13 Oct 2022 13:53:46 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8679F152036; Thu, 13 Oct 2022 10:53:29 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7FA28618F6; Thu, 13 Oct 2022 17:53:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90889C433C1; Thu, 13 Oct 2022 17:53:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683607; bh=xm4dJk+a4xXbTCFuEdRLmVRDxS983Q+yBTlQeFFvqXU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Cx7IJILNThn8KiT5Gxl2hO1kj1mLvmrKiPKhPUSlcfG63EEzikEzXl6Jd/T7ydQPL 4zgzWkxY179bWveUbHfRsy6fd51QawMThE5NpO977JjrO3j279Kr9eq7EFbTFdqY5t jOnnCRt/GehoRfFRYC8qAezOiDm+PuE9/mND8a1I= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Frank Wunderlich , Johan Hovold Subject: [PATCH 5.4 26/38] USB: serial: qcserial: add new usb-id for Dell branded EM7455 Date: Thu, 13 Oct 2022 19:52:27 +0200 Message-Id: <20221013175145.130342857@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Frank Wunderlich commit eee48781ea199e32c1d0c4732641c494833788ca upstream. Add support for Dell 5811e (EM7455) with USB-id 0x413c:0x81c2. Signed-off-by: Frank Wunderlich Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/usb/serial/qcserial.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/usb/serial/qcserial.c +++ b/drivers/usb/serial/qcserial.c @@ -177,6 +177,7 @@ static const struct usb_device_id id_tab {DEVICE_SWI(0x413c, 0x81b3)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobi= le Broadband Card (rev3) */ {DEVICE_SWI(0x413c, 0x81b5)}, /* Dell Wireless 5811e QDL */ {DEVICE_SWI(0x413c, 0x81b6)}, /* Dell Wireless 5811e QDL */ + {DEVICE_SWI(0x413c, 0x81c2)}, /* Dell Wireless 5811e */ {DEVICE_SWI(0x413c, 0x81cb)}, /* Dell Wireless 5816e QDL */ {DEVICE_SWI(0x413c, 0x81cc)}, /* Dell Wireless 5816e */ {DEVICE_SWI(0x413c, 0x81cf)}, /* Dell Wireless 5819 */ From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96DECC4332F for ; Thu, 13 Oct 2022 17:54:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229954AbiJMRyp (ORCPT ); Thu, 13 Oct 2022 13:54:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229990AbiJMRyJ (ORCPT ); Thu, 13 Oct 2022 13:54:09 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A019B15789C; Thu, 13 Oct 2022 10:53:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 04A89B82022; Thu, 13 Oct 2022 17:53:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5BCF5C433D6; Thu, 13 Oct 2022 17:53:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683610; bh=JaS9pWfJgg7MfTSQcs82nTtNJD73Ta9aTXlVgOCy1lo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ej8ydLtDB5txaQ02C8CIW6BuniItj2L4ubeSx+0QKm1Fd/O1SFTxqJke4+RAkzAb9 jsE+poKjuslRyutaRunVBQGA2hUPrZp+0QvGTJVaoh6C782Gv2gWO/Fulwz3uUkJdC 3mAcVJoBMQ3Fwoz3AzQbS/7mGYqjicPYrSycAf6o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Guozihua , Zhongguohua , Al Viro , Theodore Tso , Andrew Lutomirski , "Jason A. Donenfeld" Subject: [PATCH 5.4 27/38] random: restore O_NONBLOCK support Date: Thu, 13 Oct 2022 19:52:28 +0200 Message-Id: <20221013175145.161005886@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Jason A. Donenfeld commit cd4f24ae9404fd31fc461066e57889be3b68641b upstream. Prior to 5.6, when /dev/random was opened with O_NONBLOCK, it would return -EAGAIN if there was no entropy. When the pools were unified in 5.6, this was lost. The post 5.6 behavior of blocking until the pool is initialized, and ignoring O_NONBLOCK in the process, went unnoticed, with no reports about the regression received for two and a half years. However, eventually this indeed did break somebody's userspace. So we restore the old behavior, by returning -EAGAIN if the pool is not initialized. Unlike the old /dev/random, this can only occur during early boot, after which it never blocks again. In order to make this O_NONBLOCK behavior consistent with other expectations, also respect users reading with preadv2(RWF_NOWAIT) and similar. Fixes: 30c08efec888 ("random: make /dev/random be almost like /dev/urandom") Reported-by: Guozihua Reported-by: Zhongguohua Cc: Al Viro Cc: Theodore Ts'o Cc: Andrew Lutomirski Cc: stable@vger.kernel.org Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/char/mem.c | 4 ++-- drivers/char/random.c | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -953,8 +953,8 @@ static const struct memdev { #endif [5] =3D { "zero", 0666, &zero_fops, 0 }, [7] =3D { "full", 0666, &full_fops, 0 }, - [8] =3D { "random", 0666, &random_fops, 0 }, - [9] =3D { "urandom", 0666, &urandom_fops, 0 }, + [8] =3D { "random", 0666, &random_fops, FMODE_NOWAIT }, + [9] =3D { "urandom", 0666, &urandom_fops, FMODE_NOWAIT }, #ifdef CONFIG_PRINTK [11] =3D { "kmsg", 0644, &kmsg_fops, 0 }, #endif --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1294,6 +1294,11 @@ static ssize_t random_read_iter(struct k { int ret; =20 + if (!crng_ready() && + ((kiocb->ki_flags & IOCB_NOWAIT) || + (kiocb->ki_filp->f_flags & O_NONBLOCK))) + return -EAGAIN; + ret =3D wait_for_random_bytes(); if (ret !=3D 0) return ret; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F0F5C4332F for ; Thu, 13 Oct 2022 17:54:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230016AbiJMRyd (ORCPT ); Thu, 13 Oct 2022 13:54:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229910AbiJMRxx (ORCPT ); Thu, 13 Oct 2022 13:53:53 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FBDD1578A5; Thu, 13 Oct 2022 10:53:37 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B8364B8202A; Thu, 13 Oct 2022 17:53:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18306C433D6; Thu, 13 Oct 2022 17:53:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683613; bh=HvNQLbDFpQyKb6hj8OG6baMZ1QDProYxanDCjhbgJvM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LYpzQvrHqKKswL1ykGZbffQ/vLIZRRRQrBwgzn52fw0E8sqzGWDLPwQinKYo7eRNO YBiMMUf4rNTYit62e7Alrv91POQOq4UIlYd/ItUHhQSsrT4m+JcwCMXmRYgIKPdgRV FDGiLBW2NpuGhGOpHwGJft9Z610RsvezVxS+P86M= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sebastian Andrzej Siewior , "Jason A. Donenfeld" Subject: [PATCH 5.4 28/38] random: avoid reading two cache lines on irq randomness Date: Thu, 13 Oct 2022 19:52:29 +0200 Message-Id: <20221013175145.189973572@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Jason A. Donenfeld commit 9ee0507e896b45af6d65408c77815800bce30008 upstream. In order to avoid reading and dirtying two cache lines on every IRQ, move the work_struct to the bottom of the fast_pool struct. add_ interrupt_randomness() always touches .pool and .count, which are currently split, because .mix pushes everything down. Instead, move .mix to the bottom, so that .pool and .count are always in the first cache line, since .mix is only accessed when the pool is full. Fixes: 58340f8e952b ("random: defer fast pool mixing to worker") Reviewed-by: Sebastian Andrzej Siewior Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/char/random.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -890,10 +890,10 @@ void __init add_bootloader_randomness(co } =20 struct fast_pool { - struct work_struct mix; unsigned long pool[4]; unsigned long last; unsigned int count; + struct work_struct mix; }; =20 static DEFINE_PER_CPU(struct fast_pool, irq_randomness) =3D { From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1368C433FE for ; Thu, 13 Oct 2022 17:55:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229831AbiJMRzB (ORCPT ); Thu, 13 Oct 2022 13:55:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229964AbiJMRyU (ORCPT ); Thu, 13 Oct 2022 13:54:20 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1CC415202F; Thu, 13 Oct 2022 10:53:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D873B618D1; Thu, 13 Oct 2022 17:53:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB499C433D6; Thu, 13 Oct 2022 17:53:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683616; bh=0BtEtaqo1qvb6/8NaIqhM/IATK+MTO39ghHl/kvdoIo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2eM8UAusqdBoFabJxlaUeyAZO3FpPOKEsm3xOpztAHqMgCkfBtkMCy4eEX2mBb+YD yAC3uuuSkcXgCE649n9fS1U7rOrUlywIl1ULra86PYdSMX7lk+PS5bSkEwWh2tIeo8 VcWxbOOHqeE64uZO6RsGBDh2U/T+FHFWjayQ0Ot8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sherry Yang , Paul Webb , Phillip Goerl , Jack Vogel , Nicky Veitch , Colm Harrington , Ramanan Govindarajan , Sebastian Andrzej Siewior , Dominik Brodowski , Tejun Heo , Sultan Alsawaf , "Jason A. Donenfeld" Subject: [PATCH 5.4 29/38] random: use expired timer rather than wq for mixing fast pool Date: Thu, 13 Oct 2022 19:52:30 +0200 Message-Id: <20221013175145.219916046@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jason A. Donenfeld commit 748bc4dd9e663f23448d8ad7e58c011a67ea1eca upstream. Previously, the fast pool was dumped into the main pool periodically in the fast pool's hard IRQ handler. This worked fine and there weren't problems with it, until RT came around. Since RT converts spinlocks into sleeping locks, problems cropped up. Rather than switching to raw spinlocks, the RT developers preferred we make the transformation from originally doing: do_some_stuff() spin_lock() do_some_other_stuff() spin_unlock() to doing: do_some_stuff() queue_work_on(some_other_stuff_worker) This is an ordinary pattern done all over the kernel. However, Sherry noticed a 10% performance regression in qperf TCP over a 40gbps InfiniBand card. Quoting her message: > MT27500 Family [ConnectX-3] cards: > Infiniband device 'mlx4_0' port 1 status: > default gid: fe80:0000:0000:0000:0010:e000:0178:9eb1 > base lid: 0x6 > sm lid: 0x1 > state: 4: ACTIVE > phys state: 5: LinkUp > rate: 40 Gb/sec (4X QDR) > link_layer: InfiniBand > > Cards are configured with IP addresses on private subnet for IPoIB > performance testing. > Regression identified in this bug is in TCP latency in this stack as repo= rted > by qperf tcp_lat metric: > > We have one system listen as a qperf server: > [root@yourQperfServer ~]# qperf > > Have the other system connect to qperf server as a client (in this > case, it=E2=80=99s X7 server with Mellanox card): > [root@yourQperfClient ~]# numactl -m0 -N0 qperf 20.20.20.101 -v -uu -ub -= -time 60 --wait_server 20 -oo msg_size:4K:1024K:*2 tcp_lat Rather than incur the scheduling latency from queue_work_on, we can instead switch to running on the next timer tick, on the same core. This also batches things a bit more -- once per jiffy -- which is okay now that mix_interrupt_randomness() can credit multiple bits at once. Reported-by: Sherry Yang Tested-by: Paul Webb Cc: Sherry Yang Cc: Phillip Goerl Cc: Jack Vogel Cc: Nicky Veitch Cc: Colm Harrington Cc: Ramanan Govindarajan Cc: Sebastian Andrzej Siewior Cc: Dominik Brodowski Cc: Tejun Heo Cc: Sultan Alsawaf Cc: stable@vger.kernel.org Fixes: 58340f8e952b ("random: defer fast pool mixing to worker") Signed-off-by: Jason A. Donenfeld Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/char/random.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -893,17 +893,20 @@ struct fast_pool { unsigned long pool[4]; unsigned long last; unsigned int count; - struct work_struct mix; + struct timer_list mix; }; =20 +static void mix_interrupt_randomness(struct timer_list *work); + static DEFINE_PER_CPU(struct fast_pool, irq_randomness) =3D { #ifdef CONFIG_64BIT #define FASTMIX_PERM SIPHASH_PERMUTATION - .pool =3D { SIPHASH_CONST_0, SIPHASH_CONST_1, SIPHASH_CONST_2, SIPHASH_CO= NST_3 } + .pool =3D { SIPHASH_CONST_0, SIPHASH_CONST_1, SIPHASH_CONST_2, SIPHASH_CO= NST_3 }, #else #define FASTMIX_PERM HSIPHASH_PERMUTATION - .pool =3D { HSIPHASH_CONST_0, HSIPHASH_CONST_1, HSIPHASH_CONST_2, HSIPHAS= H_CONST_3 } + .pool =3D { HSIPHASH_CONST_0, HSIPHASH_CONST_1, HSIPHASH_CONST_2, HSIPHAS= H_CONST_3 }, #endif + .mix =3D __TIMER_INITIALIZER(mix_interrupt_randomness, 0) }; =20 /* @@ -945,7 +948,7 @@ int __cold random_online_cpu(unsigned in } #endif =20 -static void mix_interrupt_randomness(struct work_struct *work) +static void mix_interrupt_randomness(struct timer_list *work) { struct fast_pool *fast_pool =3D container_of(work, struct fast_pool, mix); /* @@ -999,10 +1002,11 @@ void add_interrupt_randomness(int irq) if (new_count < 1024 && !time_is_before_jiffies(fast_pool->last + HZ)) return; =20 - if (unlikely(!fast_pool->mix.func)) - INIT_WORK(&fast_pool->mix, mix_interrupt_randomness); fast_pool->count |=3D MIX_INFLIGHT; - queue_work_on(raw_smp_processor_id(), system_highpri_wq, &fast_pool->mix); + if (!timer_pending(&fast_pool->mix)) { + fast_pool->mix.expires =3D jiffies; + add_timer_on(&fast_pool->mix, raw_smp_processor_id()); + } } EXPORT_SYMBOL_GPL(add_interrupt_randomness); =20 From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BB2FC43217 for ; Thu, 13 Oct 2022 17:55:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230071AbiJMRzQ (ORCPT ); Thu, 13 Oct 2022 13:55:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229598AbiJMRyW (ORCPT ); Thu, 13 Oct 2022 13:54:22 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E270E153822; Thu, 13 Oct 2022 10:53:40 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 49B74B82027; Thu, 13 Oct 2022 17:53:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A2F7EC433C1; Thu, 13 Oct 2022 17:53:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683619; bh=WEU/V6yUqcLwlBqafS/sykJNxIhTvpGHL4PIA3PDpfc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q/cqW2dILi5GmUtEx73zGuX9gc+kltSmrwcHmCXYnHFjGa5gGr9fioQvUb7gcttzh CdXwnl1qZheM+eWqmGAcPERpNGTb7F2EmWHD+t/+8MKbwMHoTsjk1Lyy+JpFGj3d5q hyFZqGKT61+ET3RC5zd8ssdYIB9USH1Aftnh1bMQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Soenke Huster , Kees Cook , Johannes Berg Subject: [PATCH 5.4 30/38] wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() Date: Thu, 13 Oct 2022 19:52:31 +0200 Message-Id: <20221013175145.247744750@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Johannes Berg commit aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d upstream. In the copy code of the elements, we do the following calculation to reach the end of the MBSSID element: /* copy the IEs after MBSSID */ cpy_len =3D mbssid[1] + 2; This looks fine, however, cpy_len is a u8, the same as mbssid[1], so the addition of two can overflow. In this case the subsequent memcpy() will overflow the allocated buffer, since it copies 256 bytes too much due to the way the allocation and memcpy() sizes are calculated. Fix this by using size_t for the cpy_len variable. This fixes CVE-2022-41674. Reported-by: Soenke Huster Tested-by: Soenke Huster Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in sc= anning") Reviewed-by: Kees Cook Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/wireless/scan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1717,7 +1717,7 @@ cfg80211_update_notlisted_nontrans(struc size_t new_ie_len; struct cfg80211_bss_ies *new_ies; const struct cfg80211_bss_ies *old; - u8 cpy_len; + size_t cpy_len; =20 lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock); From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1566FC4332F for ; Thu, 13 Oct 2022 17:54:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230029AbiJMRyz (ORCPT ); Thu, 13 Oct 2022 13:54:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229957AbiJMRyO (ORCPT ); Thu, 13 Oct 2022 13:54:14 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B9511578A7; Thu, 13 Oct 2022 10:53:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4BB0F618F4; Thu, 13 Oct 2022 17:53:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5A779C433C1; Thu, 13 Oct 2022 17:53:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683621; bh=dJKQV479mGlFMVR1hzi8I2tjgh9+4htqItrDF5VQ4ek=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=v2+3Zs1IkmC1nJT4fgWWe9u1oeoahODz34pUpCO0c6yqVHhdr2I0+LS2WwraeaQfD OyN2fJWu398ydWVLFc5Me9cE264SGl/DX1znOyHXHn7n3hs1Vyiea2el5g1kOVGYhA SLCacRSOBqgEn5doFm3ZnMQqmwN+pGFnNxOCop7Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kees Cook , Johannes Berg Subject: [PATCH 5.4 31/38] wifi: cfg80211/mac80211: reject bad MBSSID elements Date: Thu, 13 Oct 2022 19:52:32 +0200 Message-Id: <20221013175145.279415764@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Johannes Berg commit 8f033d2becc24aa6bfd2a5c104407963560caabc upstream. Per spec, the maximum value for the MaxBSSID ('n') indicator is 8, and the minimum is 1 since a multiple BSSID set with just one BSSID doesn't make sense (the # of BSSIDs is limited by 2^n). Limit this in the parsing in both cfg80211 and mac80211, rejecting any elements with an invalid value. This fixes potentially bad shifts in the processing of these inside the cfg80211_gen_new_bssid() function later. I found this during the investigation of CVE-2022-41674 fixed by the previous patch. Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in sc= anning") Fixes: 78ac51f81532 ("mac80211: support multi-bssid") Reviewed-by: Kees Cook Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/mac80211/util.c | 2 ++ net/wireless/scan.c | 2 ++ 2 files changed, 4 insertions(+) --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -1289,6 +1289,8 @@ static size_t ieee802_11_find_bssid_prof for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, start, len) { if (elem->datalen < 2) continue; + if (elem->data[0] < 1 || elem->data[0] > 8) + continue; =20 for_each_element(sub, elem->data + 1, elem->datalen - 1) { u8 new_bssid[ETH_ALEN]; --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1582,6 +1582,8 @@ static void cfg80211_parse_mbssid_data(s for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, ie, ielen) { if (elem->datalen < 4) continue; + if (elem->data[0] < 1 || (int)elem->data[0] > 8) + continue; for_each_element(sub, elem->data + 1, elem->datalen - 1) { u8 profile_len; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EBD42C433FE for ; Thu, 13 Oct 2022 17:55:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230091AbiJMRzg (ORCPT ); Thu, 13 Oct 2022 13:55:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229889AbiJMRyY (ORCPT ); Thu, 13 Oct 2022 13:54:24 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9EF9114FD27; Thu, 13 Oct 2022 10:53:47 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A476AB82022; Thu, 13 Oct 2022 17:53:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 19B77C433C1; Thu, 13 Oct 2022 17:53:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683624; bh=4i4bGpQbrfxPFjyQlwZKPo4OoBFe09RvpTK42I5SAjU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0XbWywXVsN+Gf1BTrUCoUCFtlATFigIIt3bAMi1/I2MszT+5PS0js8qLk3MwhbzX/ Xb4kaw5H8l7L4zA9ckR+o10iR8K/WGS/WwPgCHdxhQwqNQQ6aRVqohaD+KbWxCLt1C ItCgd6VIGlMFwoG7RLIiXDb8XSNAasUZYbeZvr5A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Soenke Huster , Johannes Berg Subject: [PATCH 5.4 32/38] wifi: cfg80211: ensure length byte is present before access Date: Thu, 13 Oct 2022 19:52:33 +0200 Message-Id: <20221013175145.309108696@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Johannes Berg commit 567e14e39e8f8c6997a1378bc3be615afca86063 upstream. When iterating the elements here, ensure the length byte is present before checking it to see if the entire element will fit into the buffer. Longer term, we should rewrite this code using the type-safe element iteration macros that check all of this. Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in sc= anning") Reported-by: Soenke Huster Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/wireless/scan.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -265,7 +265,8 @@ static size_t cfg80211_gen_new_ie(const tmp_old =3D cfg80211_find_ie(WLAN_EID_SSID, ie, ielen); tmp_old =3D (tmp_old) ? tmp_old + tmp_old[1] + 2 : ie; =20 - while (tmp_old + tmp_old[1] + 2 - ie <=3D ielen) { + while (tmp_old + 2 - ie <=3D ielen && + tmp_old + tmp_old[1] + 2 - ie <=3D ielen) { if (tmp_old[0] =3D=3D 0) { tmp_old++; continue; @@ -325,7 +326,8 @@ static size_t cfg80211_gen_new_ie(const * copied to new ie, skip ssid, capability, bssid-index ie */ tmp_new =3D sub_copy; - while (tmp_new + tmp_new[1] + 2 - sub_copy <=3D subie_len) { + while (tmp_new + 2 - sub_copy <=3D subie_len && + tmp_new + tmp_new[1] + 2 - sub_copy <=3D subie_len) { if (!(tmp_new[0] =3D=3D WLAN_EID_NON_TX_BSSID_CAP || tmp_new[0] =3D=3D WLAN_EID_SSID)) { memcpy(pos, tmp_new, tmp_new[1] + 2); From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F90AC4332F for ; Thu, 13 Oct 2022 17:55:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230084AbiJMRzb (ORCPT ); Thu, 13 Oct 2022 13:55:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230004AbiJMRyY (ORCPT ); Thu, 13 Oct 2022 13:54:24 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1651115380F; Thu, 13 Oct 2022 10:53:49 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A5AB4B82025; Thu, 13 Oct 2022 17:53:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F1CD3C433D6; Thu, 13 Oct 2022 17:53:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683627; bh=1Ll6/7ocjbBrCFkgVE7FHQn8nDSrcLDqlbjznr3zqsM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=N3CEH3Ud/FqaCW7otzq54DeAQqg02A6VJUkwRg8/zaUp8YlUMjTbA3Ttsgu26Q0GR t1K8nopVwPWDaAKid8dRiSpkbPcB6PJaKsfSs566eEHDzgKjjo/zef/x86FMqfLlzz K4HmwBYiLPGpbpLshsozM/WvfAQDU8sBaTQoRzY0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?S=C3=B6nke=20Huster?= , Johannes Berg Subject: [PATCH 5.4 33/38] wifi: cfg80211: fix BSS refcounting bugs Date: Thu, 13 Oct 2022 19:52:34 +0200 Message-Id: <20221013175145.345782325@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit 0b7808818cb9df6680f98996b8e9a439fa7bcc2f upstream. There are multiple refcounting bugs related to multi-BSSID: - In bss_ref_get(), if the BSS has a hidden_beacon_bss, then the bss pointer is overwritten before checking for the transmitted BSS, which is clearly wrong. Fix this by using the bss_from_pub() macro. - In cfg80211_bss_update() we copy the transmitted_bss pointer from tmp into new, but then if we release new, we'll unref it erroneously. We already set the pointer and ref it, but need to NULL it since it was copied from the tmp data. - In cfg80211_inform_single_bss_data(), if adding to the non- transmitted list fails, we unlink the BSS and yet still we return it, but this results in returning an entry without a reference. We shouldn't return it anyway if it was broken enough to not get added there. This fixes CVE-2022-42720. Reported-by: S=C3=B6nke Huster Tested-by: S=C3=B6nke Huster Fixes: a3584f56de1c ("cfg80211: Properly track transmitting and non-transmi= tting BSS") Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/wireless/scan.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -104,18 +104,12 @@ static inline void bss_ref_get(struct cf lockdep_assert_held(&rdev->bss_lock); =20 bss->refcount++; - if (bss->pub.hidden_beacon_bss) { - bss =3D container_of(bss->pub.hidden_beacon_bss, - struct cfg80211_internal_bss, - pub); - bss->refcount++; - } - if (bss->pub.transmitted_bss) { - bss =3D container_of(bss->pub.transmitted_bss, - struct cfg80211_internal_bss, - pub); - bss->refcount++; - } + + if (bss->pub.hidden_beacon_bss) + bss_from_pub(bss->pub.hidden_beacon_bss)->refcount++; + + if (bss->pub.transmitted_bss) + bss_from_pub(bss->pub.transmitted_bss)->refcount++; } =20 static inline void bss_ref_put(struct cfg80211_registered_device *rdev, @@ -1233,6 +1227,8 @@ cfg80211_bss_update(struct cfg80211_regi new->refcount =3D 1; INIT_LIST_HEAD(&new->hidden_list); INIT_LIST_HEAD(&new->pub.nontrans_list); + /* we'll set this later if it was non-NULL */ + new->pub.transmitted_bss =3D NULL; =20 if (rcu_access_pointer(tmp->pub.proberesp_ies)) { hidden =3D rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN); @@ -1462,10 +1458,15 @@ cfg80211_inform_single_bss_data(struct w spin_lock_bh(&rdev->bss_lock); if (cfg80211_add_nontrans_list(non_tx_data->tx_bss, &res->pub)) { - if (__cfg80211_unlink_bss(rdev, res)) + if (__cfg80211_unlink_bss(rdev, res)) { rdev->bss_generation++; + res =3D NULL; + } } spin_unlock_bh(&rdev->bss_lock); + + if (!res) + return NULL; } =20 trace_cfg80211_return_bss(&res->pub); From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FD7BC433FE for ; Thu, 13 Oct 2022 17:55:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230079AbiJMRzW (ORCPT ); Thu, 13 Oct 2022 13:55:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229927AbiJMRy1 (ORCPT ); Thu, 13 Oct 2022 13:54:27 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4606715201B; Thu, 13 Oct 2022 10:53:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B97C9B82026; Thu, 13 Oct 2022 17:53:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F790C433D6; Thu, 13 Oct 2022 17:53:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683630; bh=+hWHjzuNL4/uWC9zqXql+Q2XpFqifgfw5cukpFp5D5I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dL2+05V5FlEPwL1rk5AmL8rtqNvPxMZ/P+XwlknWhJ/Ui9QclB6OIU8FSg9RobnIl gTpxGdAolIbXR5r5/Bdj0ewZtBw7bXmiuydIRj5atBfNGSgZhbQG7yhQD7SdA9TMxN Z8nU3FYCsBEfuMdzLPErZ3Mmrag09LaxEbMvf9kE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?S=C3=B6nke=20Huster?= , Johannes Berg Subject: [PATCH 5.4 34/38] wifi: cfg80211: avoid nontransmitted BSS list corruption Date: Thu, 13 Oct 2022 19:52:35 +0200 Message-Id: <20221013175145.382242160@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit bcca852027e5878aec911a347407ecc88d6fff7f upstream. If a non-transmitted BSS shares enough information (both SSID and BSSID!) with another non-transmitted BSS of a different AP, then we can find and update it, and then try to add it to the non-transmitted BSS list. We do a search for it on the transmitted BSS, but if it's not there (but belongs to another transmitted BSS), the list gets corrupted. Since this is an erroneous situation, simply fail the list insertion in this case and free the non-transmitted BSS. This fixes CVE-2022-42721. Reported-by: S=C3=B6nke Huster Tested-by: S=C3=B6nke Huster Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in sc= anning") Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/wireless/scan.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -386,6 +386,15 @@ cfg80211_add_nontrans_list(struct cfg802 =20 rcu_read_unlock(); =20 + /* + * This is a bit weird - it's not on the list, but already on another + * one! The only way that could happen is if there's some BSSID/SSID + * shared by multiple APs in their multi-BSSID profiles, potentially + * with hidden SSID mixed in ... ignore it. + */ + if (!list_empty(&nontrans_bss->nontrans_list)) + return -EINVAL; + /* add to the list */ list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list); return 0; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4BC8C4332F for ; Thu, 13 Oct 2022 17:55:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230108AbiJMRzq (ORCPT ); Thu, 13 Oct 2022 13:55:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53568 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229936AbiJMRys (ORCPT ); Thu, 13 Oct 2022 13:54:48 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9372315B303; Thu, 13 Oct 2022 10:53:57 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8461861901; Thu, 13 Oct 2022 17:53:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 97B18C433C1; Thu, 13 Oct 2022 17:53:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683636; bh=pOLv8B3166I/rKsvitiotq67NdZbWnlOIsHPBxJaJbw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DPCa+U7/FgwPB38T3TRo9sgnqRACYdtm13J6W6XxO6nyqvYj+w0rGQkn5AZJUbS92 cN2M+uI/TVn3GRXxBzLyDTUGG6l5fJI1wtmTTgCIfkC2GLhIACgoZN/WNTSFIS8+P/ vAUWjsDcuOVhoHlDipFQLdDdwqxWf5/6D4VEVh+g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?S=C3=B6nke=20Huster?= , Johannes Berg Subject: [PATCH 5.4 35/38] wifi: mac80211_hwsim: avoid mac80211 warning on bad rate Date: Thu, 13 Oct 2022 19:52:36 +0200 Message-Id: <20221013175145.415728357@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit 1833b6f46d7e2830251a063935ab464256defe22 upstream. If the tool on the other side (e.g. wmediumd) gets confused about the rate, we hit a warning in mac80211. Silence that by effectively duplicating the check here and dropping the frame silently (in mac80211 it's dropped with the warning). Reported-by: S=C3=B6nke Huster Tested-by: S=C3=B6nke Huster Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/net/wireless/mac80211_hwsim.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3411,6 +3411,8 @@ static int hwsim_cloned_frame_received_n =20 rx_status.band =3D data2->channel->band; rx_status.rate_idx =3D nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]); + if (rx_status.rate_idx >=3D data2->hw->wiphy->bands[rx_status.band]->n_bi= trates) + goto out; rx_status.signal =3D nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]); =20 hdr =3D (void *)skb->data; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 572CFC433FE for ; Thu, 13 Oct 2022 17:55:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230114AbiJMRzu (ORCPT ); Thu, 13 Oct 2022 13:55:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54496 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229941AbiJMRyv (ORCPT ); Thu, 13 Oct 2022 13:54:51 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 113C015B331; Thu, 13 Oct 2022 10:54:01 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EDF5EB8201E; Thu, 13 Oct 2022 17:53:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5BF0FC4314A; Thu, 13 Oct 2022 17:53:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683638; bh=sSqsu/k7yCRo955wozzFH4QiJ3MfdL8o3wAU2EqhNQs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cpDXaARaAKdpMcESmUg2Ys2A4dqGbT0nS9wsTNBH7/r7PNDw+k/LgTxNq4nPC/K6Y fsWwYhI2cPlS1oTk8xSwP92Hlxd9B6+9jmTd6D84BstbnV9yo75WALu0UWScOXHIRE 9gjV6N0Veny6lEN3STF06wl5dyEw9sh/TfRv7iSw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?S=C3=B6nke=20Huster?= , Johannes Berg Subject: [PATCH 5.4 36/38] wifi: cfg80211: update hidden BSSes to avoid WARN_ON Date: Thu, 13 Oct 2022 19:52:37 +0200 Message-Id: <20221013175145.450004794@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit c90b93b5b782891ebfda49d4e5da36632fefd5d1 upstream. When updating beacon elements in a non-transmitted BSS, also update the hidden sub-entries to the same beacon elements, so that a future update through other paths won't trigger a WARN_ON(). The warning is triggered because the beacon elements in the hidden BSSes that are children of the BSS should always be the same as in the parent. Reported-by: S=C3=B6nke Huster Tested-by: S=C3=B6nke Huster Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in sc= anning") Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/wireless/scan.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1099,6 +1099,23 @@ struct cfg80211_non_tx_bss { u8 bssid_index; }; =20 +static void cfg80211_update_hidden_bsses(struct cfg80211_internal_bss *kno= wn, + const struct cfg80211_bss_ies *new_ies, + const struct cfg80211_bss_ies *old_ies) +{ + struct cfg80211_internal_bss *bss; + + /* Assign beacon IEs to all sub entries */ + list_for_each_entry(bss, &known->hidden_list, hidden_list) { + const struct cfg80211_bss_ies *ies; + + ies =3D rcu_access_pointer(bss->pub.beacon_ies); + WARN_ON(ies !=3D old_ies); + + rcu_assign_pointer(bss->pub.beacon_ies, new_ies); + } +} + static bool cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, struct cfg80211_internal_bss *known, @@ -1122,7 +1139,6 @@ cfg80211_update_known_bss(struct cfg8021 kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); } else if (rcu_access_pointer(new->pub.beacon_ies)) { const struct cfg80211_bss_ies *old; - struct cfg80211_internal_bss *bss; =20 if (known->pub.hidden_beacon_bss && !list_empty(&known->hidden_list)) { @@ -1150,16 +1166,7 @@ cfg80211_update_known_bss(struct cfg8021 if (old =3D=3D rcu_access_pointer(known->pub.ies)) rcu_assign_pointer(known->pub.ies, new->pub.beacon_ies); =20 - /* Assign beacon IEs to all sub entries */ - list_for_each_entry(bss, &known->hidden_list, hidden_list) { - const struct cfg80211_bss_ies *ies; - - ies =3D rcu_access_pointer(bss->pub.beacon_ies); - WARN_ON(ies !=3D old); - - rcu_assign_pointer(bss->pub.beacon_ies, - new->pub.beacon_ies); - } + cfg80211_update_hidden_bsses(known, new->pub.beacon_ies, old); =20 if (old) kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); @@ -1798,6 +1805,8 @@ cfg80211_update_notlisted_nontrans(struc } else { old =3D rcu_access_pointer(nontrans_bss->beacon_ies); rcu_assign_pointer(nontrans_bss->beacon_ies, new_ies); + cfg80211_update_hidden_bsses(bss_from_pub(nontrans_bss), + new_ies, old); rcu_assign_pointer(nontrans_bss->ies, new_ies); if (old) kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4753C4332F for ; Thu, 13 Oct 2022 17:55:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229803AbiJMRz4 (ORCPT ); Thu, 13 Oct 2022 13:55:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229772AbiJMRyw (ORCPT ); Thu, 13 Oct 2022 13:54:52 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3D98157444; Thu, 13 Oct 2022 10:54:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 069BB618FE; Thu, 13 Oct 2022 17:54:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A2D6C433C1; Thu, 13 Oct 2022 17:54:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683641; bh=g+EAkij6uxeZdJQTmDZsQyVUFty47C9eO7ne9ycTahQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kiKThLEg7RPtCtMj4lcY8tbQ0GfGat8ek67Np8p++GGx950GN1lWyP+YI1fEYXi2t 3OlJtbZuCe2/2DHxHN3nLpVhWfYs/en8fHuPQvi9N+GCF5IACsr1TeDsdZH43UB+yB rr0S6K2wTwLKrK7orF9zv862VUziGeNPYjuDpfm4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jasper Poppe , Jeremy Palmer , Ruineka , Cleber de Mattos Casali , Kyle Gospodnetich , Pavel Rojtberg , Dmitry Torokhov Subject: [PATCH 5.4 37/38] Input: xpad - add supported devices as contributed on github Date: Thu, 13 Oct 2022 19:52:38 +0200 Message-Id: <20221013175145.485482943@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Pavel Rojtberg commit b382c5e37344883dc97525d05f1f6b788f549985 upstream. This is based on multiple commits at https://github.com/paroj/xpad Cc: stable@vger.kernel.org Signed-off-by: Jasper Poppe Signed-off-by: Jeremy Palmer Signed-off-by: Ruineka Signed-off-by: Cleber de Mattos Casali Signed-off-by: Kyle Gospodnetich Signed-off-by: Pavel Rojtberg Link: https://lore.kernel.org/r/20220818154411.510308-2-rojtberg@gmail.com Signed-off-by: Dmitry Torokhov Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/input/joystick/xpad.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -112,6 +112,8 @@ static const struct xpad_device { u8 xtype; } xpad_device[] =3D { { 0x0079, 0x18d4, "GPD Win 2 X-Box Controller", 0, XTYPE_XBOX360 }, + { 0x03eb, 0xff01, "Wooting One (Legacy)", 0, XTYPE_XBOX360 }, + { 0x03eb, 0xff02, "Wooting Two (Legacy)", 0, XTYPE_XBOX360 }, { 0x044f, 0x0f00, "Thrustmaster Wheel", 0, XTYPE_XBOX }, { 0x044f, 0x0f03, "Thrustmaster Wheel", 0, XTYPE_XBOX }, { 0x044f, 0x0f07, "Thrustmaster, Inc. Controller", 0, XTYPE_XBOX }, @@ -242,6 +244,7 @@ static const struct xpad_device { { 0x0f0d, 0x0063, "Hori Real Arcade Pro Hayabusa (USA) Xbox One", MAP_TRI= GGERS_TO_BUTTONS, XTYPE_XBOXONE }, { 0x0f0d, 0x0067, "HORIPAD ONE", 0, XTYPE_XBOXONE }, { 0x0f0d, 0x0078, "Hori Real Arcade Pro V Kai Xbox One", MAP_TRIGGERS_TO_= BUTTONS, XTYPE_XBOXONE }, + { 0x0f0d, 0x00c5, "Hori Fighting Commander ONE", MAP_TRIGGERS_TO_BUTTONS,= XTYPE_XBOXONE }, { 0x0f30, 0x010b, "Philips Recoil", 0, XTYPE_XBOX }, { 0x0f30, 0x0202, "Joytech Advanced Controller", 0, XTYPE_XBOX }, { 0x0f30, 0x8888, "BigBen XBMiniPad Controller", 0, XTYPE_XBOX }, @@ -258,6 +261,7 @@ static const struct xpad_device { { 0x1430, 0x8888, "TX6500+ Dance Pad (first generation)", MAP_DPAD_TO_BUT= TONS, XTYPE_XBOX }, { 0x1430, 0xf801, "RedOctane Controller", 0, XTYPE_XBOX360 }, { 0x146b, 0x0601, "BigBen Interactive XBOX 360 Controller", 0, XTYPE_XBOX= 360 }, + { 0x146b, 0x0604, "Bigben Interactive DAIJA Arcade Stick", MAP_TRIGGERS_T= O_BUTTONS, XTYPE_XBOX360 }, { 0x1532, 0x0037, "Razer Sabertooth", 0, XTYPE_XBOX360 }, { 0x1532, 0x0a00, "Razer Atrox Arcade Stick", MAP_TRIGGERS_TO_BUTTONS, XT= YPE_XBOXONE }, { 0x1532, 0x0a03, "Razer Wildcat", 0, XTYPE_XBOXONE }, @@ -322,6 +326,7 @@ static const struct xpad_device { { 0x24c6, 0x5502, "Hori Fighting Stick VX Alt", MAP_TRIGGERS_TO_BUTTONS, = XTYPE_XBOX360 }, { 0x24c6, 0x5503, "Hori Fighting Edge", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XB= OX360 }, { 0x24c6, 0x5506, "Hori SOULCALIBUR V Stick", 0, XTYPE_XBOX360 }, + { 0x24c6, 0x5510, "Hori Fighting Commander ONE (Xbox 360/PC Mode)", MAP_T= RIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, { 0x24c6, 0x550d, "Hori GEM Xbox controller", 0, XTYPE_XBOX360 }, { 0x24c6, 0x550e, "Hori Real Arcade Pro V Kai 360", MAP_TRIGGERS_TO_BUTTO= NS, XTYPE_XBOX360 }, { 0x24c6, 0x551a, "PowerA FUSION Pro Controller", 0, XTYPE_XBOXONE }, @@ -331,6 +336,14 @@ static const struct xpad_device { { 0x24c6, 0x5b03, "Thrustmaster Ferrari 458 Racing Wheel", 0, XTYPE_XBOX3= 60 }, { 0x24c6, 0x5d04, "Razer Sabertooth", 0, XTYPE_XBOX360 }, { 0x24c6, 0xfafe, "Rock Candy Gamepad for Xbox 360", 0, XTYPE_XBOX360 }, + { 0x2563, 0x058d, "OneXPlayer Gamepad", 0, XTYPE_XBOX360 }, + { 0x2dc8, 0x2000, "8BitDo Pro 2 Wired Controller fox Xbox", 0, XTYPE_XBOX= ONE }, + { 0x31e3, 0x1100, "Wooting One", 0, XTYPE_XBOX360 }, + { 0x31e3, 0x1200, "Wooting Two", 0, XTYPE_XBOX360 }, + { 0x31e3, 0x1210, "Wooting Lekker", 0, XTYPE_XBOX360 }, + { 0x31e3, 0x1220, "Wooting Two HE", 0, XTYPE_XBOX360 }, + { 0x31e3, 0x1300, "Wooting 60HE (AVR)", 0, XTYPE_XBOX360 }, + { 0x31e3, 0x1310, "Wooting 60HE (ARM)", 0, XTYPE_XBOX360 }, { 0x3285, 0x0607, "Nacon GC-100", 0, XTYPE_XBOX360 }, { 0x3767, 0x0101, "Fanatec Speedster 3 Forceshock Wheel", 0, XTYPE_XBOX }, { 0xffff, 0xffff, "Chinese-made Xbox Controller", 0, XTYPE_XBOX }, @@ -416,6 +429,7 @@ static const signed short xpad_abs_trigg static const struct usb_device_id xpad_table[] =3D { { USB_INTERFACE_INFO('X', 'B', 0) }, /* X-Box USB-IF not approved class */ XPAD_XBOX360_VENDOR(0x0079), /* GPD Win 2 Controller */ + XPAD_XBOX360_VENDOR(0x03eb), /* Wooting Keyboards (Legacy) */ XPAD_XBOX360_VENDOR(0x044f), /* Thrustmaster X-Box 360 controllers */ XPAD_XBOX360_VENDOR(0x045e), /* Microsoft X-Box 360 controllers */ XPAD_XBOXONE_VENDOR(0x045e), /* Microsoft X-Box One controllers */ @@ -426,6 +440,7 @@ static const struct usb_device_id xpad_t { USB_DEVICE(0x0738, 0x4540) }, /* Mad Catz Beat Pad */ XPAD_XBOXONE_VENDOR(0x0738), /* Mad Catz FightStick TE 2 */ XPAD_XBOX360_VENDOR(0x07ff), /* Mad Catz GamePad */ + XPAD_XBOX360_VENDOR(0x0c12), /* Zeroplus X-Box 360 controllers */ XPAD_XBOX360_VENDOR(0x0e6f), /* 0x0e6f X-Box 360 controllers */ XPAD_XBOXONE_VENDOR(0x0e6f), /* 0x0e6f X-Box One controllers */ XPAD_XBOX360_VENDOR(0x0f0d), /* Hori Controllers */ @@ -446,8 +461,12 @@ static const struct usb_device_id xpad_t XPAD_XBOXONE_VENDOR(0x20d6), /* PowerA Controllers */ XPAD_XBOX360_VENDOR(0x24c6), /* PowerA Controllers */ XPAD_XBOXONE_VENDOR(0x24c6), /* PowerA Controllers */ + XPAD_XBOX360_VENDOR(0x2563), /* OneXPlayer Gamepad */ + XPAD_XBOX360_VENDOR(0x260d), /* Dareu H101 */ + XPAD_XBOXONE_VENDOR(0x2dc8), /* 8BitDo Pro 2 Wired Controller for Xbox */ XPAD_XBOXONE_VENDOR(0x2e24), /* Hyperkin Duke X-Box One pad */ XPAD_XBOX360_VENDOR(0x2f24), /* GameSir Controllers */ + XPAD_XBOX360_VENDOR(0x31e3), /* Wooting Keyboards */ XPAD_XBOX360_VENDOR(0x3285), /* Nacon GC-100 */ { } }; From nobody Tue Dec 16 12:35:48 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 188F3C4332F for ; Thu, 13 Oct 2022 17:56:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230038AbiJMR4F (ORCPT ); Thu, 13 Oct 2022 13:56:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229961AbiJMRyx (ORCPT ); Thu, 13 Oct 2022 13:54:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87F5715745C; Thu, 13 Oct 2022 10:54:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2452F618F4; Thu, 13 Oct 2022 17:54:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2FBCEC433C1; Thu, 13 Oct 2022 17:54:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1665683644; bh=MzYrXWVhulBt0LKl5EA0jZy1lD1nBI6+XYc3cUJlyAc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vfupg5a69itKEeavxMKBmYZYYuing10ELCGGZosi5niJfaK0p+wXfEFXbQP61H2Fc OH/FoMUZ37V/zWBTdUmy6huG8JCFtgwDUgnUNXBvPg1P6BtZfMEAEGaGXqTj1bJKQI 05Hr/r3guo/MPabscYt6T5ZYwEO0U+ZKgI3y51w8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Cameron Gutman , Pavel Rojtberg , Dmitry Torokhov Subject: [PATCH 5.4 38/38] Input: xpad - fix wireless 360 controller breaking after suspend Date: Thu, 13 Oct 2022 19:52:39 +0200 Message-Id: <20221013175145.520626286@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221013175144.245431424@linuxfoundation.org> References: <20221013175144.245431424@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Cameron Gutman commit a17b9841152e7f4621619902b347e2cc39c32996 upstream. Suspending and resuming the system can sometimes cause the out URB to get hung after a reset_resume. This causes LED setting and force feedback to break on resume. To avoid this, just drop the reset_resume callback so the USB core rebinds xpad to the wireless pads on resume if a reset happened. A nice side effect of this change is the LED ring on wireless controllers is now set correctly on system resume. Cc: stable@vger.kernel.org Fixes: 4220f7db1e42 ("Input: xpad - workaround dead irq_out after suspend/ = resume") Signed-off-by: Cameron Gutman Signed-off-by: Pavel Rojtberg Link: https://lore.kernel.org/r/20220818154411.510308-3-rojtberg@gmail.com Signed-off-by: Dmitry Torokhov Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Hulk Robot Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/input/joystick/xpad.c | 1 - 1 file changed, 1 deletion(-) --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -1983,7 +1983,6 @@ static struct usb_driver xpad_driver =3D { .disconnect =3D xpad_disconnect, .suspend =3D xpad_suspend, .resume =3D xpad_resume, - .reset_resume =3D xpad_resume, .id_table =3D xpad_table, };