All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key
@ 2021-04-12 16:23 Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 02/46] net: ieee802154: fix nl802154 del llsec dev Sasha Levin
                   ` (44 more replies)
  0 siblings, 45 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, syzbot+ac5c11d2959a8b3c4806, Stefan Schmidt,
	Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 37feaaf5ceb2245e474369312bb7b922ce7bce69 ]

This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is
not set by the user. If this is the case nl802154 will return -EINVAL.

Reported-by: syzbot+ac5c11d2959a8b3c4806@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210221174321.14210-1-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 7c5a1aa5adb4..2f0a138bd5eb 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1592,7 +1592,8 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info)
 	struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1];
 	struct ieee802154_llsec_key_id id;
 
-	if (nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
+	if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
+	    nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
 		return -EINVAL;
 
 	if (ieee802154_llsec_parse_key_id(attrs[NL802154_KEY_ATTR_ID], &id) < 0)
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 02/46] net: ieee802154: fix nl802154 del llsec dev
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                   ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, syzbot+d946223c2e751d136c94, Stefan Schmidt,
	Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 3d1eac2f45585690d942cf47fd7fbd04093ebd1b ]

This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVICE is
not set by the user. If this is the case nl802154 will return -EINVAL.

Reported-by: syzbot+d946223c2e751d136c94@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210221174321.14210-2-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 2f0a138bd5eb..063b12cba71f 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1758,7 +1758,8 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info)
 	struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1];
 	__le64 extended_addr;
 
-	if (nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
+	if (!info->attrs[NL802154_ATTR_SEC_DEVICE] ||
+	    nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
 		return -EINVAL;
 
 	if (!attrs[NL802154_DEV_ATTR_EXTENDED_ADDR])
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 02/46] net: ieee802154: fix nl802154 del llsec dev Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 04/46] net: ieee802154: fix nl802154 del llsec devkey Sasha Levin
                   ` (42 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, syzbot+ce4e062c2d51977ddc50, Stefan Schmidt,
	Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 20d5fe2d7103f5c43ad11a3d6d259e9d61165c35 ]

This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is
not set by the user. If this is the case nl802154 will return -EINVAL.

Reported-by: syzbot+ce4e062c2d51977ddc50@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210221174321.14210-3-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 063b12cba71f..3f6d86d63923 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1544,7 +1544,8 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info)
 	struct ieee802154_llsec_key_id id = { };
 	u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { };
 
-	if (nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
+	if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
+	    nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
 		return -EINVAL;
 
 	if (!attrs[NL802154_KEY_ATTR_USAGE_FRAMES] ||
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 04/46] net: ieee802154: fix nl802154 del llsec devkey
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 02/46] net: ieee802154: fix nl802154 del llsec dev Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 05/46] net: ieee802154: nl-mac: fix check on panid Sasha Levin
                   ` (41 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, syzbot+368672e0da240db53b5f, Stefan Schmidt,
	Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 27c746869e1a135dffc2f2a80715bb7aa00445b4 ]

This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVKEY is
not set by the user. If this is the case nl802154 will return -EINVAL.

Reported-by: syzbot+368672e0da240db53b5f@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210221174321.14210-4-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 3f6d86d63923..e9e4652cd592 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1916,7 +1916,8 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info
 	struct ieee802154_llsec_device_key key;
 	__le64 extended_addr;
 
-	if (nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
+	if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
+	    nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
 		return -EINVAL;
 
 	if (!attrs[NL802154_DEVKEY_ATTR_EXTENDED_ADDR])
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 05/46] net: ieee802154: nl-mac: fix check on panid
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (2 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 04/46] net: ieee802154: fix nl802154 del llsec devkey Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 06/46] ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race Sasha Levin
                   ` (40 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, syzbot+d4c07de0144f6f63be3a, Stefan Schmidt,
	Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 6f7f657f24405f426212c09260bf7fe8a52cef33 ]

This patch fixes a null pointer derefence for panid handle by move the
check for the netlink variable directly before accessing them.

Reported-by: syzbot+d4c07de0144f6f63be3a@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210228151817.95700-4-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl-mac.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c
index 6d091e419d3e..d19c40c684e8 100644
--- a/net/ieee802154/nl-mac.c
+++ b/net/ieee802154/nl-mac.c
@@ -551,9 +551,7 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
 	desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]);
 
 	if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) {
-		if (!info->attrs[IEEE802154_ATTR_PAN_ID] &&
-		    !(info->attrs[IEEE802154_ATTR_SHORT_ADDR] ||
-		      info->attrs[IEEE802154_ATTR_HW_ADDR]))
+		if (!info->attrs[IEEE802154_ATTR_PAN_ID])
 			return -EINVAL;
 
 		desc->device_addr.pan_id = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_PAN_ID]);
@@ -562,6 +560,9 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
 			desc->device_addr.mode = IEEE802154_ADDR_SHORT;
 			desc->device_addr.short_addr = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_SHORT_ADDR]);
 		} else {
+			if (!info->attrs[IEEE802154_ATTR_HW_ADDR])
+				return -EINVAL;
+
 			desc->device_addr.mode = IEEE802154_ADDR_LONG;
 			desc->device_addr.extended_addr = nla_get_hwaddr(info->attrs[IEEE802154_ATTR_HW_ADDR]);
 		}
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 06/46] ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (3 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 05/46] net: ieee802154: nl-mac: fix check on panid Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 07/46] ARM: dts: Fix moving mmc devices with aliases for omap4 & 5 Sasha Levin
                   ` (39 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Tony Lindgren, Sasha Levin, linux-omap, devicetree

From: Tony Lindgren <tony@atomide.com>

[ Upstream commit 140a776833957539c84301dbdb4c3013876de118 ]

We have a duplicate legacy clock defined for sha2md5_fck that can
sometimes race with clk_disable() with the dts configured clock
for OMAP4_SHA2MD5_CLKCTRL when unused clocks are disabled during
boot causing an "Unhandled fault: imprecise external abort".

Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/omap44xx-clocks.dtsi | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/arch/arm/boot/dts/omap44xx-clocks.dtsi b/arch/arm/boot/dts/omap44xx-clocks.dtsi
index 532868591107..1f1c04d8f472 100644
--- a/arch/arm/boot/dts/omap44xx-clocks.dtsi
+++ b/arch/arm/boot/dts/omap44xx-clocks.dtsi
@@ -770,14 +770,6 @@ per_abe_nc_fclk: per_abe_nc_fclk@108 {
 		ti,max-div = <2>;
 	};
 
-	sha2md5_fck: sha2md5_fck@15c8 {
-		#clock-cells = <0>;
-		compatible = "ti,gate-clock";
-		clocks = <&l3_div_ck>;
-		ti,bit-shift = <1>;
-		reg = <0x15c8>;
-	};
-
 	usb_phy_cm_clk32k: usb_phy_cm_clk32k@640 {
 		#clock-cells = <0>;
 		compatible = "ti,gate-clock";
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 07/46] ARM: dts: Fix moving mmc devices with aliases for omap4 & 5
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (4 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 06/46] ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 08/46] lockdep: Add a missing initialization hint to the "INFO: Trying to register non-static key" message Sasha Levin
                   ` (38 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Tony Lindgren, Sasha Levin, linux-omap, devicetree

From: Tony Lindgren <tony@atomide.com>

[ Upstream commit 77335a040178a0456d4eabc8bf17a7ca3ee4a327 ]

Fix moving mmc devices with dts aliases as discussed on the lists.
Without this we now have internal eMMC mmc1 show up as mmc2 compared
to the earlier order of devices.

Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/omap4.dtsi | 5 +++++
 arch/arm/boot/dts/omap5.dtsi | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/arch/arm/boot/dts/omap4.dtsi b/arch/arm/boot/dts/omap4.dtsi
index d6475cc6a91a..049174086756 100644
--- a/arch/arm/boot/dts/omap4.dtsi
+++ b/arch/arm/boot/dts/omap4.dtsi
@@ -22,6 +22,11 @@ aliases {
 		i2c1 = &i2c2;
 		i2c2 = &i2c3;
 		i2c3 = &i2c4;
+		mmc0 = &mmc1;
+		mmc1 = &mmc2;
+		mmc2 = &mmc3;
+		mmc3 = &mmc4;
+		mmc4 = &mmc5;
 		serial0 = &uart1;
 		serial1 = &uart2;
 		serial2 = &uart3;
diff --git a/arch/arm/boot/dts/omap5.dtsi b/arch/arm/boot/dts/omap5.dtsi
index 2bf2e5839a7f..530210db2719 100644
--- a/arch/arm/boot/dts/omap5.dtsi
+++ b/arch/arm/boot/dts/omap5.dtsi
@@ -25,6 +25,11 @@ aliases {
 		i2c2 = &i2c3;
 		i2c3 = &i2c4;
 		i2c4 = &i2c5;
+		mmc0 = &mmc1;
+		mmc1 = &mmc2;
+		mmc2 = &mmc3;
+		mmc3 = &mmc4;
+		mmc4 = &mmc5;
 		serial0 = &uart1;
 		serial1 = &uart2;
 		serial2 = &uart3;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 08/46] lockdep: Add a missing initialization hint to the "INFO: Trying to register non-static key" message
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (5 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 07/46] ARM: dts: Fix moving mmc devices with aliases for omap4 & 5 Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23   ` Sasha Levin
                   ` (37 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Tetsuo Handa, Ingo Molnar, Sasha Levin

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

[ Upstream commit 3a85969e9d912d5dd85362ee37b5f81266e00e77 ]

Since this message is printed when dynamically allocated spinlocks (e.g.
kzalloc()) are used without initialization (e.g. spin_lock_init()),
suggest to developers to check whether initialization functions for objects
were called, before making developers wonder what annotation is missing.

[ mingo: Minor tweaks to the message. ]

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20210321064913.4619-1-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/locking/lockdep.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
index 780012eb2f3f..9b30f16d8241 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -930,7 +930,8 @@ static bool assign_lock_key(struct lockdep_map *lock)
 		/* Debug-check: all keys must be persistent! */
 		debug_locks_off();
 		pr_err("INFO: trying to register non-static key.\n");
-		pr_err("the code is fine but needs lockdep annotation.\n");
+		pr_err("The code is fine but needs lockdep annotation, or maybe\n");
+		pr_err("you didn't initialize this object before use?\n");
 		pr_err("turning off the locking correctness validator.\n");
 		dump_stack();
 		return false;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 09/46] arc: kernel: Return -EFAULT if copy_to_user() fails
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Wang Qing, Vineet Gupta, Sasha Levin, linux-snps-arc

From: Wang Qing <wangqing@vivo.com>

[ Upstream commit 46e152186cd89d940b26726fff11eb3f4935b45a ]

The copy_to_user() function returns the number of bytes remaining to be
copied, but we want to return -EFAULT if the copy doesn't complete.

Signed-off-by: Wang Qing <wangqing@vivo.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arc/kernel/signal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arc/kernel/signal.c b/arch/arc/kernel/signal.c
index 2be55fb96d87..98e575dbcce5 100644
--- a/arch/arc/kernel/signal.c
+++ b/arch/arc/kernel/signal.c
@@ -96,7 +96,7 @@ stash_usr_regs(struct rt_sigframe __user *sf, struct pt_regs *regs,
 			     sizeof(sf->uc.uc_mcontext.regs.scratch));
 	err |= __copy_to_user(&sf->uc.uc_sigmask, set, sizeof(sigset_t));
 
-	return err;
+	return err ? -EFAULT : 0;
 }
 
 static int restore_usr_regs(struct pt_regs *regs, struct rt_sigframe __user *sf)
@@ -110,7 +110,7 @@ static int restore_usr_regs(struct pt_regs *regs, struct rt_sigframe __user *sf)
 				&(sf->uc.uc_mcontext.regs.scratch),
 				sizeof(sf->uc.uc_mcontext.regs.scratch));
 	if (err)
-		return err;
+		return -EFAULT;
 
 	set_current_blocked(&set);
 	regs->bta	= uregs.scratch.bta;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 09/46] arc: kernel: Return -EFAULT if copy_to_user() fails
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Wang Qing, Vineet Gupta, Sasha Levin, linux-snps-arc

From: Wang Qing <wangqing@vivo.com>

[ Upstream commit 46e152186cd89d940b26726fff11eb3f4935b45a ]

The copy_to_user() function returns the number of bytes remaining to be
copied, but we want to return -EFAULT if the copy doesn't complete.

Signed-off-by: Wang Qing <wangqing@vivo.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arc/kernel/signal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arc/kernel/signal.c b/arch/arc/kernel/signal.c
index 2be55fb96d87..98e575dbcce5 100644
--- a/arch/arc/kernel/signal.c
+++ b/arch/arc/kernel/signal.c
@@ -96,7 +96,7 @@ stash_usr_regs(struct rt_sigframe __user *sf, struct pt_regs *regs,
 			     sizeof(sf->uc.uc_mcontext.regs.scratch));
 	err |= __copy_to_user(&sf->uc.uc_sigmask, set, sizeof(sigset_t));
 
-	return err;
+	return err ? -EFAULT : 0;
 }
 
 static int restore_usr_regs(struct pt_regs *regs, struct rt_sigframe __user *sf)
@@ -110,7 +110,7 @@ static int restore_usr_regs(struct pt_regs *regs, struct rt_sigframe __user *sf)
 				&(sf->uc.uc_mcontext.regs.scratch),
 				sizeof(sf->uc.uc_mcontext.regs.scratch));
 	if (err)
-		return err;
+		return -EFAULT;
 
 	set_current_blocked(&set);
 	regs->bta	= uregs.scratch.bta;
-- 
2.30.2


_______________________________________________
linux-snps-arc mailing list
linux-snps-arc@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-snps-arc

^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 10/46] iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd()
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (7 preceding siblings ...)
  2021-04-12 16:23   ` Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 11/46] xfrm: BEET mode doesn't support fragments for inner packets Sasha Levin
                   ` (35 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jiri Kosina, Sedat Dilek, Luca Coelho, Kalle Valo, Sasha Levin,
	linux-wireless, netdev, clang-built-linux

From: Jiri Kosina <jkosina@suse.cz>

[ Upstream commit 2800aadc18a64c96b051bcb7da8a7df7d505db3f ]

It's possible for iwl_pcie_enqueue_hcmd() to be called with hard IRQs
disabled (e.g. from LED core). We can't enable BHs in such a situation.

Turn the unconditional BH-enable/BH-disable code into
hardirq-disable/conditional-enable.

This fixes the warning below.

 WARNING: CPU: 1 PID: 1139 at kernel/softirq.c:178 __local_bh_enable_ip+0xa5/0xf0
 CPU: 1 PID: 1139 Comm: NetworkManager Not tainted 5.12.0-rc1-00004-gb4ded168af79 #7
 Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017
 RIP: 0010:__local_bh_enable_ip+0xa5/0xf0
 Code: f7 69 e8 ee 23 14 00 fb 66 0f 1f 44 00 00 65 8b 05 f0 f4 f7 69 85 c0 74 3f 48 83 c4 08 5b c3 65 8b 05 9b fe f7 69 85 c0 75 8e <0f> 0b eb 8a 48 89 3c 24 e8 4e 20 14 00 48 8b 3c 24 eb 91 e8 13 4e
 RSP: 0018:ffffafd580b13298 EFLAGS: 00010046
 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 0000000000000000
 RDX: 0000000000000003 RSI: 0000000000000201 RDI: ffffffffc1272389
 RBP: ffff96517ae4c018 R08: 0000000000000001 R09: 0000000000000000
 R10: ffffafd580b13178 R11: 0000000000000001 R12: ffff96517b060000
 R13: 0000000000000000 R14: ffffffff80000000 R15: 0000000000000001
 FS:  00007fc604ebefc0(0000) GS:ffff965267480000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 000055fb3fef13b2 CR3: 0000000109112004 CR4: 00000000003706e0
 Call Trace:
  ? _raw_spin_unlock_bh+0x1f/0x30
  iwl_pcie_enqueue_hcmd+0x5d9/0xa00 [iwlwifi]
  iwl_trans_txq_send_hcmd+0x6c/0x430 [iwlwifi]
  iwl_trans_send_cmd+0x88/0x170 [iwlwifi]
  ? lock_acquire+0x277/0x3d0
  iwl_mvm_send_cmd+0x32/0x80 [iwlmvm]
  iwl_mvm_led_set+0xc2/0xe0 [iwlmvm]
  ? led_trigger_event+0x46/0x70
  led_trigger_event+0x46/0x70
  ieee80211_do_open+0x5c5/0xa20 [mac80211]
  ieee80211_open+0x67/0x90 [mac80211]
  __dev_open+0xd4/0x150
  __dev_change_flags+0x19e/0x1f0
  dev_change_flags+0x23/0x60
  do_setlink+0x30d/0x1230
  ? lock_is_held_type+0xb4/0x120
  ? __nla_validate_parse.part.7+0x57/0xcb0
  ? __lock_acquire+0x2e1/0x1a50
  __rtnl_newlink+0x560/0x910
  ? __lock_acquire+0x2e1/0x1a50
  ? __lock_acquire+0x2e1/0x1a50
  ? lock_acquire+0x277/0x3d0
  ? sock_def_readable+0x5/0x290
  ? lock_is_held_type+0xb4/0x120
  ? find_held_lock+0x2d/0x90
  ? sock_def_readable+0xb3/0x290
  ? lock_release+0x166/0x2a0
  ? lock_is_held_type+0x90/0x120
  rtnl_newlink+0x47/0x70
  rtnetlink_rcv_msg+0x25c/0x470
  ? netlink_deliver_tap+0x97/0x3e0
  ? validate_linkmsg+0x350/0x350
  netlink_rcv_skb+0x50/0x100
  netlink_unicast+0x1b2/0x280
  netlink_sendmsg+0x336/0x450
  sock_sendmsg+0x5b/0x60
  ____sys_sendmsg+0x1ed/0x250
  ? copy_msghdr_from_user+0x5c/0x90
  ___sys_sendmsg+0x88/0xd0
  ? lock_is_held_type+0xb4/0x120
  ? find_held_lock+0x2d/0x90
  ? lock_release+0x166/0x2a0
  ? __fget_files+0xfe/0x1d0
  ? __sys_sendmsg+0x5e/0xa0
  __sys_sendmsg+0x5e/0xa0
  ? lockdep_hardirqs_on_prepare+0xd9/0x170
  do_syscall_64+0x33/0x80
  entry_SYSCALL_64_after_hwframe+0x44/0xae
 RIP: 0033:0x7fc605c9572d
 Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 da ee ff ff 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 2e ef ff ff 48
 RSP: 002b:00007fffc83789f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
 RAX: ffffffffffffffda RBX: 000055ef468570c0 RCX: 00007fc605c9572d
 RDX: 0000000000000000 RSI: 00007fffc8378a30 RDI: 000000000000000c
 RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
 R13: 00007fffc8378b80 R14: 00007fffc8378b7c R15: 0000000000000000
 irq event stamp: 170785
 hardirqs last  enabled at (170783): [<ffffffff9609a8c2>] __local_bh_enable_ip+0x82/0xf0
 hardirqs last disabled at (170784): [<ffffffff96a8613d>] _raw_read_lock_irqsave+0x8d/0x90
 softirqs last  enabled at (170782): [<ffffffffc1272389>] iwl_pcie_enqueue_hcmd+0x5d9/0xa00 [iwlwifi]
 softirqs last disabled at (170785): [<ffffffffc1271ec6>] iwl_pcie_enqueue_hcmd+0x116/0xa00 [iwlwifi]

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # LLVM/Clang v12.0.0-rc3
Acked-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/nycvar.YFH.7.76.2103021125430.12405@cbobk.fhfr.pm
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
index 50133c09a780..133371385056 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c
@@ -1181,6 +1181,7 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans,
 	u32 cmd_pos;
 	const u8 *cmddata[IWL_MAX_CMD_TBS_PER_TFD];
 	u16 cmdlen[IWL_MAX_CMD_TBS_PER_TFD];
+	unsigned long flags;
 
 	if (WARN(!trans->wide_cmd_header &&
 		 group_id > IWL_ALWAYS_LONG_GROUP,
@@ -1264,10 +1265,10 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans,
 		goto free_dup_buf;
 	}
 
-	spin_lock_bh(&txq->lock);
+	spin_lock_irqsave(&txq->lock, flags);
 
 	if (iwl_txq_space(trans, txq) < ((cmd->flags & CMD_ASYNC) ? 2 : 1)) {
-		spin_unlock_bh(&txq->lock);
+		spin_unlock_irqrestore(&txq->lock, flags);
 
 		IWL_ERR(trans, "No space in command queue\n");
 		iwl_op_mode_cmd_queue_full(trans->op_mode);
@@ -1427,7 +1428,7 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans,
  unlock_reg:
 	spin_unlock(&trans_pcie->reg_lock);
  out:
-	spin_unlock_bh(&txq->lock);
+	spin_unlock_irqrestore(&txq->lock, flags);
  free_dup_buf:
 	if (idx < 0)
 		kfree(dup_buf);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 11/46] xfrm: BEET mode doesn't support fragments for inner packets
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (8 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 10/46] iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23   ` Sasha Levin
                   ` (34 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Xin Long, Xiumei Mu, Steffen Klassert, Sasha Levin, netdev

From: Xin Long <lucien.xin@gmail.com>

[ Upstream commit 68dc022d04eb0fd60a540e242dcb11ec1bee07e2 ]

BEET mode replaces the IP(6) Headers with new IP(6) Headers when sending
packets. However, when it's a fragment before the replacement, currently
kernel keeps the fragment flag and replace the address field then encaps
it with ESP. It would cause in RX side the fragments to get reassembled
before decapping with ESP, which is incorrect.

In Xiumei's testing, these fragments went over an xfrm interface and got
encapped with ESP in the device driver, and the traffic was broken.

I don't have a good way to fix it, but only to warn this out in dmesg.

Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/xfrm/xfrm_output.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index a7ab19353313..a455356c8be4 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -660,6 +660,12 @@ static int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb)
 {
 	int err;
 
+	if (x->outer_mode.encap == XFRM_MODE_BEET &&
+	    ip_is_fragment(ip_hdr(skb))) {
+		net_warn_ratelimited("BEET mode doesn't support inner IPv4 fragments\n");
+		return -EAFNOSUPPORT;
+	}
+
 	err = xfrm4_tunnel_check_size(skb);
 	if (err)
 		return err;
@@ -705,8 +711,15 @@ static int xfrm6_tunnel_check_size(struct sk_buff *skb)
 static int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb)
 {
 #if IS_ENABLED(CONFIG_IPV6)
+	unsigned int ptr = 0;
 	int err;
 
+	if (x->outer_mode.encap == XFRM_MODE_BEET &&
+	    ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL, NULL) >= 0) {
+		net_warn_ratelimited("BEET mode doesn't support inner IPv6 fragments\n");
+		return -EAFNOSUPPORT;
+	}
+
 	err = xfrm6_tunnel_check_size(skb);
 	if (err)
 		return err;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 12/46] ASoC: max98373: Changed amp shutdown register as volatile
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Ryan Lee, Mark Brown, Sasha Levin, alsa-devel

From: Ryan Lee <ryans.lee@maximintegrated.com>

[ Upstream commit a23f9099ff1541f15704e96b784d3846d2a4483d ]

0x20FF(amp global enable) register was defined as non-volatile,
but it is not. Overheating, overcurrent can cause amp shutdown
in hardware.
'regmap_write' compare register readback value before writing
to avoid same value writing. 'regmap_read' just read cache
not actual hardware value for the non-volatile register.
When amp is internally shutdown by some reason, next 'AMP ON'
command can be ignored because regmap think amp is already ON.

Signed-off-by: Ryan Lee <ryans.lee@maximintegrated.com>
Link: https://lore.kernel.org/r/20210325033555.29377-1-ryans.lee@maximintegrated.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/max98373-i2c.c | 1 +
 sound/soc/codecs/max98373-sdw.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/sound/soc/codecs/max98373-i2c.c b/sound/soc/codecs/max98373-i2c.c
index 92921e34f948..32b0c1d98365 100644
--- a/sound/soc/codecs/max98373-i2c.c
+++ b/sound/soc/codecs/max98373-i2c.c
@@ -440,6 +440,7 @@ static bool max98373_volatile_reg(struct device *dev, unsigned int reg)
 	case MAX98373_R2054_MEAS_ADC_PVDD_CH_READBACK:
 	case MAX98373_R2055_MEAS_ADC_THERM_CH_READBACK:
 	case MAX98373_R20B6_BDE_CUR_STATE_READBACK:
+	case MAX98373_R20FF_GLOBAL_SHDN:
 	case MAX98373_R21FF_REV_ID:
 		return true;
 	default:
diff --git a/sound/soc/codecs/max98373-sdw.c b/sound/soc/codecs/max98373-sdw.c
index fa589d834f9a..14fd2f9a0bf3 100644
--- a/sound/soc/codecs/max98373-sdw.c
+++ b/sound/soc/codecs/max98373-sdw.c
@@ -214,6 +214,7 @@ static bool max98373_volatile_reg(struct device *dev, unsigned int reg)
 	case MAX98373_R2054_MEAS_ADC_PVDD_CH_READBACK:
 	case MAX98373_R2055_MEAS_ADC_THERM_CH_READBACK:
 	case MAX98373_R20B6_BDE_CUR_STATE_READBACK:
+	case MAX98373_R20FF_GLOBAL_SHDN:
 	case MAX98373_R21FF_REV_ID:
 	/* SoundWire Control Port Registers */
 	case MAX98373_R0040_SCP_INIT_STAT_1 ... MAX98373_R0070_SCP_FRAME_CTLR:
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 12/46] ASoC: max98373: Changed amp shutdown register as volatile
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Sasha Levin, alsa-devel, Mark Brown, Ryan Lee

From: Ryan Lee <ryans.lee@maximintegrated.com>

[ Upstream commit a23f9099ff1541f15704e96b784d3846d2a4483d ]

0x20FF(amp global enable) register was defined as non-volatile,
but it is not. Overheating, overcurrent can cause amp shutdown
in hardware.
'regmap_write' compare register readback value before writing
to avoid same value writing. 'regmap_read' just read cache
not actual hardware value for the non-volatile register.
When amp is internally shutdown by some reason, next 'AMP ON'
command can be ignored because regmap think amp is already ON.

Signed-off-by: Ryan Lee <ryans.lee@maximintegrated.com>
Link: https://lore.kernel.org/r/20210325033555.29377-1-ryans.lee@maximintegrated.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/max98373-i2c.c | 1 +
 sound/soc/codecs/max98373-sdw.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/sound/soc/codecs/max98373-i2c.c b/sound/soc/codecs/max98373-i2c.c
index 92921e34f948..32b0c1d98365 100644
--- a/sound/soc/codecs/max98373-i2c.c
+++ b/sound/soc/codecs/max98373-i2c.c
@@ -440,6 +440,7 @@ static bool max98373_volatile_reg(struct device *dev, unsigned int reg)
 	case MAX98373_R2054_MEAS_ADC_PVDD_CH_READBACK:
 	case MAX98373_R2055_MEAS_ADC_THERM_CH_READBACK:
 	case MAX98373_R20B6_BDE_CUR_STATE_READBACK:
+	case MAX98373_R20FF_GLOBAL_SHDN:
 	case MAX98373_R21FF_REV_ID:
 		return true;
 	default:
diff --git a/sound/soc/codecs/max98373-sdw.c b/sound/soc/codecs/max98373-sdw.c
index fa589d834f9a..14fd2f9a0bf3 100644
--- a/sound/soc/codecs/max98373-sdw.c
+++ b/sound/soc/codecs/max98373-sdw.c
@@ -214,6 +214,7 @@ static bool max98373_volatile_reg(struct device *dev, unsigned int reg)
 	case MAX98373_R2054_MEAS_ADC_PVDD_CH_READBACK:
 	case MAX98373_R2055_MEAS_ADC_THERM_CH_READBACK:
 	case MAX98373_R20B6_BDE_CUR_STATE_READBACK:
+	case MAX98373_R20FF_GLOBAL_SHDN:
 	case MAX98373_R21FF_REV_ID:
 	/* SoundWire Control Port Registers */
 	case MAX98373_R0040_SCP_INIT_STAT_1 ... MAX98373_R0070_SCP_FRAME_CTLR:
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 13/46] ASoC: max98373: Added 30ms turn on/off time delay
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Ryan Lee, Mark Brown, Sasha Levin, alsa-devel

From: Ryan Lee <ryans.lee@maximintegrated.com>

[ Upstream commit 3a27875e91fb9c29de436199d20b33f9413aea77 ]

Amp requires 10 ~ 30ms for the power ON and OFF.
Added 30ms delay for stability.

Signed-off-by: Ryan Lee <ryans.lee@maximintegrated.com>
Link: https://lore.kernel.org/r/20210325033555.29377-2-ryans.lee@maximintegrated.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/max98373.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sound/soc/codecs/max98373.c b/sound/soc/codecs/max98373.c
index 929bb1798c43..1fd4dbbb4ecf 100644
--- a/sound/soc/codecs/max98373.c
+++ b/sound/soc/codecs/max98373.c
@@ -28,11 +28,13 @@ static int max98373_dac_event(struct snd_soc_dapm_widget *w,
 		regmap_update_bits(max98373->regmap,
 			MAX98373_R20FF_GLOBAL_SHDN,
 			MAX98373_GLOBAL_EN_MASK, 1);
+		usleep_range(30000, 31000);
 		break;
 	case SND_SOC_DAPM_POST_PMD:
 		regmap_update_bits(max98373->regmap,
 			MAX98373_R20FF_GLOBAL_SHDN,
 			MAX98373_GLOBAL_EN_MASK, 0);
+		usleep_range(30000, 31000);
 		max98373->tdm_mode = false;
 		break;
 	default:
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 13/46] ASoC: max98373: Added 30ms turn on/off time delay
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Sasha Levin, alsa-devel, Mark Brown, Ryan Lee

From: Ryan Lee <ryans.lee@maximintegrated.com>

[ Upstream commit 3a27875e91fb9c29de436199d20b33f9413aea77 ]

Amp requires 10 ~ 30ms for the power ON and OFF.
Added 30ms delay for stability.

Signed-off-by: Ryan Lee <ryans.lee@maximintegrated.com>
Link: https://lore.kernel.org/r/20210325033555.29377-2-ryans.lee@maximintegrated.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/codecs/max98373.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sound/soc/codecs/max98373.c b/sound/soc/codecs/max98373.c
index 929bb1798c43..1fd4dbbb4ecf 100644
--- a/sound/soc/codecs/max98373.c
+++ b/sound/soc/codecs/max98373.c
@@ -28,11 +28,13 @@ static int max98373_dac_event(struct snd_soc_dapm_widget *w,
 		regmap_update_bits(max98373->regmap,
 			MAX98373_R20FF_GLOBAL_SHDN,
 			MAX98373_GLOBAL_EN_MASK, 1);
+		usleep_range(30000, 31000);
 		break;
 	case SND_SOC_DAPM_POST_PMD:
 		regmap_update_bits(max98373->regmap,
 			MAX98373_R20FF_GLOBAL_SHDN,
 			MAX98373_GLOBAL_EN_MASK, 0);
+		usleep_range(30000, 31000);
 		max98373->tdm_mode = false;
 		break;
 	default:
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 14/46] gpu/xen: Fix a use after free in xen_drm_drv_init
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lv Yunlong, Oleksandr Andrushchenko, Sasha Levin, dri-devel, xen-devel

From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>

[ Upstream commit 52762efa2b256ed1c5274e5177cbd52ee11a2f6a ]

In function displback_changed, has the call chain
displback_connect(front_info)->xen_drm_drv_init(front_info).
We can see that drm_info is assigned to front_info->drm_info
and drm_info is freed in fail branch in xen_drm_drv_init().

Later displback_disconnect(front_info) is called and it calls
xen_drm_drv_fini(front_info) cause a use after free by
drm_info = front_info->drm_info statement.

My patch has done two things. First fixes the fail label which
drm_info = kzalloc() failed and still free the drm_info.
Second sets front_info->drm_info to NULL to avoid uaf.

Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Reviewed-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210323014656.10068-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/xen/xen_drm_front.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/xen/xen_drm_front.c b/drivers/gpu/drm/xen/xen_drm_front.c
index cc93a8c9547b..8ea91542b567 100644
--- a/drivers/gpu/drm/xen/xen_drm_front.c
+++ b/drivers/gpu/drm/xen/xen_drm_front.c
@@ -531,7 +531,7 @@ static int xen_drm_drv_init(struct xen_drm_front_info *front_info)
 	drm_dev = drm_dev_alloc(&xen_drm_driver, dev);
 	if (IS_ERR(drm_dev)) {
 		ret = PTR_ERR(drm_dev);
-		goto fail;
+		goto fail_dev;
 	}
 
 	drm_info->drm_dev = drm_dev;
@@ -561,8 +561,10 @@ static int xen_drm_drv_init(struct xen_drm_front_info *front_info)
 	drm_kms_helper_poll_fini(drm_dev);
 	drm_mode_config_cleanup(drm_dev);
 	drm_dev_put(drm_dev);
-fail:
+fail_dev:
 	kfree(drm_info);
+	front_info->drm_info = NULL;
+fail:
 	return ret;
 }
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 14/46] gpu/xen: Fix a use after free in xen_drm_drv_init
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sasha Levin, xen-devel, Lv Yunlong, dri-devel, Oleksandr Andrushchenko

From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>

[ Upstream commit 52762efa2b256ed1c5274e5177cbd52ee11a2f6a ]

In function displback_changed, has the call chain
displback_connect(front_info)->xen_drm_drv_init(front_info).
We can see that drm_info is assigned to front_info->drm_info
and drm_info is freed in fail branch in xen_drm_drv_init().

Later displback_disconnect(front_info) is called and it calls
xen_drm_drv_fini(front_info) cause a use after free by
drm_info = front_info->drm_info statement.

My patch has done two things. First fixes the fail label which
drm_info = kzalloc() failed and still free the drm_info.
Second sets front_info->drm_info to NULL to avoid uaf.

Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Reviewed-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210323014656.10068-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/xen/xen_drm_front.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/xen/xen_drm_front.c b/drivers/gpu/drm/xen/xen_drm_front.c
index cc93a8c9547b..8ea91542b567 100644
--- a/drivers/gpu/drm/xen/xen_drm_front.c
+++ b/drivers/gpu/drm/xen/xen_drm_front.c
@@ -531,7 +531,7 @@ static int xen_drm_drv_init(struct xen_drm_front_info *front_info)
 	drm_dev = drm_dev_alloc(&xen_drm_driver, dev);
 	if (IS_ERR(drm_dev)) {
 		ret = PTR_ERR(drm_dev);
-		goto fail;
+		goto fail_dev;
 	}
 
 	drm_info->drm_dev = drm_dev;
@@ -561,8 +561,10 @@ static int xen_drm_drv_init(struct xen_drm_front_info *front_info)
 	drm_kms_helper_poll_fini(drm_dev);
 	drm_mode_config_cleanup(drm_dev);
 	drm_dev_put(drm_dev);
-fail:
+fail_dev:
 	kfree(drm_info);
+	front_info->drm_info = NULL;
+fail:
 	return ret;
 }
 
-- 
2.30.2

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 15/46] neighbour: Disregard DEAD dst in neigh_update
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (12 preceding siblings ...)
  2021-04-12 16:23   ` Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23   ` Sasha Levin
                   ` (30 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Tong Zhu, David S . Miller, Sasha Levin, netdev

From: Tong Zhu <zhutong@amazon.com>

[ Upstream commit d47ec7a0a7271dda08932d6208e4ab65ab0c987c ]

After a short network outage, the dst_entry is timed out and put
in DST_OBSOLETE_DEAD. We are in this code because arp reply comes
from this neighbour after network recovers. There is a potential
race condition that dst_entry is still in DST_OBSOLETE_DEAD.
With that, another neighbour lookup causes more harm than good.

In best case all packets in arp_queue are lost. This is
counterproductive to the original goal of finding a better path
for those packets.

I observed a worst case with 4.x kernel where a dst_entry in
DST_OBSOLETE_DEAD state is associated with loopback net_device.
It leads to an ethernet header with all zero addresses.
A packet with all zero source MAC address is quite deadly with
mac80211, ath9k and 802.11 block ack.  It fails
ieee80211_find_sta_by_ifaddr in ath9k (xmit.c). Ath9k flushes tx
queue (ath_tx_complete_aggr). BAW (block ack window) is not
updated. BAW logic is damaged and ath9k transmission is disabled.

Signed-off-by: Tong Zhu <zhutong@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/core/neighbour.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 2fe4bbb6b80c..8339978d46ff 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1380,7 +1380,7 @@ static int __neigh_update(struct neighbour *neigh, const u8 *lladdr,
 			 * we can reinject the packet there.
 			 */
 			n2 = NULL;
-			if (dst) {
+			if (dst && dst->obsolete != DST_OBSOLETE_DEAD) {
 				n2 = dst_neigh_lookup_skb(dst, skb);
 				if (n2)
 					n1 = n2;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 16/46] ARM: keystone: fix integer overflow warning
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnd Bergmann, Nathan Chancellor, Santosh Shilimkar, Sasha Levin,
	linux-arm-kernel, clang-built-linux

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 844b85dda2f569943e1e018fdd63b6f7d1d6f08e ]

clang warns about an impossible condition when building with 32-bit
phys_addr_t:

arch/arm/mach-keystone/keystone.c:79:16: error: result of comparison of constant 51539607551 with expression of type 'phys_addr_t' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
            mem_end   > KEYSTONE_HIGH_PHYS_END) {
            ~~~~~~~   ^ ~~~~~~~~~~~~~~~~~~~~~~
arch/arm/mach-keystone/keystone.c:78:16: error: result of comparison of constant 34359738368 with expression of type 'phys_addr_t' (aka 'unsigned int') is always true [-Werror,-Wtautological-constant-out-of-range-compare]
        if (mem_start < KEYSTONE_HIGH_PHYS_START ||
            ~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~

Change the temporary variable to a fixed-size u64 to avoid the warning.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Santosh Shilimkar <ssantosh@kernel.org>
Link: https://lore.kernel.org/r/20210323131814.2751750-1-arnd@kernel.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-keystone/keystone.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-keystone/keystone.c b/arch/arm/mach-keystone/keystone.c
index 09a65c2dfd73..b8fa01f9516e 100644
--- a/arch/arm/mach-keystone/keystone.c
+++ b/arch/arm/mach-keystone/keystone.c
@@ -65,7 +65,7 @@ static void __init keystone_init(void)
 static long long __init keystone_pv_fixup(void)
 {
 	long long offset;
-	phys_addr_t mem_start, mem_end;
+	u64 mem_start, mem_end;
 
 	mem_start = memblock_start_of_DRAM();
 	mem_end = memblock_end_of_DRAM();
@@ -78,7 +78,7 @@ static long long __init keystone_pv_fixup(void)
 	if (mem_start < KEYSTONE_HIGH_PHYS_START ||
 	    mem_end   > KEYSTONE_HIGH_PHYS_END) {
 		pr_crit("Invalid address space for memory (%08llx-%08llx)\n",
-		        (u64)mem_start, (u64)mem_end);
+		        mem_start, mem_end);
 		return 0;
 	}
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 16/46] ARM: keystone: fix integer overflow warning
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnd Bergmann, Nathan Chancellor, Santosh Shilimkar, Sasha Levin,
	linux-arm-kernel, clang-built-linux

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 844b85dda2f569943e1e018fdd63b6f7d1d6f08e ]

clang warns about an impossible condition when building with 32-bit
phys_addr_t:

arch/arm/mach-keystone/keystone.c:79:16: error: result of comparison of constant 51539607551 with expression of type 'phys_addr_t' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
            mem_end   > KEYSTONE_HIGH_PHYS_END) {
            ~~~~~~~   ^ ~~~~~~~~~~~~~~~~~~~~~~
arch/arm/mach-keystone/keystone.c:78:16: error: result of comparison of constant 34359738368 with expression of type 'phys_addr_t' (aka 'unsigned int') is always true [-Werror,-Wtautological-constant-out-of-range-compare]
        if (mem_start < KEYSTONE_HIGH_PHYS_START ||
            ~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~

Change the temporary variable to a fixed-size u64 to avoid the warning.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Santosh Shilimkar <ssantosh@kernel.org>
Link: https://lore.kernel.org/r/20210323131814.2751750-1-arnd@kernel.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-keystone/keystone.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-keystone/keystone.c b/arch/arm/mach-keystone/keystone.c
index 09a65c2dfd73..b8fa01f9516e 100644
--- a/arch/arm/mach-keystone/keystone.c
+++ b/arch/arm/mach-keystone/keystone.c
@@ -65,7 +65,7 @@ static void __init keystone_init(void)
 static long long __init keystone_pv_fixup(void)
 {
 	long long offset;
-	phys_addr_t mem_start, mem_end;
+	u64 mem_start, mem_end;
 
 	mem_start = memblock_start_of_DRAM();
 	mem_end = memblock_end_of_DRAM();
@@ -78,7 +78,7 @@ static long long __init keystone_pv_fixup(void)
 	if (mem_start < KEYSTONE_HIGH_PHYS_START ||
 	    mem_end   > KEYSTONE_HIGH_PHYS_END) {
 		pr_crit("Invalid address space for memory (%08llx-%08llx)\n",
-		        (u64)mem_start, (u64)mem_end);
+		        mem_start, mem_end);
 		return 0;
 	}
 
-- 
2.30.2


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 17/46] ARM: omap1: fix building with clang IAS
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnd Bergmann, Tony Lindgren, Sasha Levin, linux-arm-kernel,
	linux-omap, clang-built-linux

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 28399a5a6d569c9bdb612345e4933046ca37cde5 ]

The clang integrated assembler fails to build one file with
a complex asm instruction:

arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: error: invalid instruction, any one of the following would fix this:
 mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit
 ^
arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: note: instruction requires: armv6t2
 mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit
 ^
arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: note: instruction requires: thumb2
 mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit
 ^

The problem is that 'NR_IRQS_LEGACY' is not defined here. Apparently
gas does not care because we first add and then subtract this number,
leading to the immediate value to be the same regardless of the
specific definition of NR_IRQS_LEGACY.

Neither the way that 'gas' just silently builds this file, nor the
way that clang IAS makes nonsensical suggestions for how to fix it
is great. Fortunately there is an easy fix, which is to #include
the header that contains the definition.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/20210308153430.2530616-1-arnd@kernel.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-omap1/ams-delta-fiq-handler.S | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm/mach-omap1/ams-delta-fiq-handler.S b/arch/arm/mach-omap1/ams-delta-fiq-handler.S
index 14a6c3eb3298..f745a65d3bd7 100644
--- a/arch/arm/mach-omap1/ams-delta-fiq-handler.S
+++ b/arch/arm/mach-omap1/ams-delta-fiq-handler.S
@@ -15,6 +15,7 @@
 #include <linux/platform_data/gpio-omap.h>
 
 #include <asm/assembler.h>
+#include <asm/irq.h>
 
 #include "ams-delta-fiq.h"
 #include "board-ams-delta.h"
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 17/46] ARM: omap1: fix building with clang IAS
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnd Bergmann, Tony Lindgren, Sasha Levin, linux-arm-kernel,
	linux-omap, clang-built-linux

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 28399a5a6d569c9bdb612345e4933046ca37cde5 ]

The clang integrated assembler fails to build one file with
a complex asm instruction:

arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: error: invalid instruction, any one of the following would fix this:
 mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit
 ^
arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: note: instruction requires: armv6t2
 mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit
 ^
arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: note: instruction requires: thumb2
 mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit
 ^

The problem is that 'NR_IRQS_LEGACY' is not defined here. Apparently
gas does not care because we first add and then subtract this number,
leading to the immediate value to be the same regardless of the
specific definition of NR_IRQS_LEGACY.

Neither the way that 'gas' just silently builds this file, nor the
way that clang IAS makes nonsensical suggestions for how to fix it
is great. Fortunately there is an easy fix, which is to #include
the header that contains the definition.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/20210308153430.2530616-1-arnd@kernel.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-omap1/ams-delta-fiq-handler.S | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm/mach-omap1/ams-delta-fiq-handler.S b/arch/arm/mach-omap1/ams-delta-fiq-handler.S
index 14a6c3eb3298..f745a65d3bd7 100644
--- a/arch/arm/mach-omap1/ams-delta-fiq-handler.S
+++ b/arch/arm/mach-omap1/ams-delta-fiq-handler.S
@@ -15,6 +15,7 @@
 #include <linux/platform_data/gpio-omap.h>
 
 #include <asm/assembler.h>
+#include <asm/irq.h>
 
 #include "ams-delta-fiq.h"
 #include "board-ams-delta.h"
-- 
2.30.2


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 18/46] drivers: net: fix memory leak in atusb_probe
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (15 preceding siblings ...)
  2021-04-12 16:23   ` Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 19/46] drivers: net: fix memory leak in peak_usb_create_dev Sasha Levin
                   ` (27 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Pavel Skripkin, syzbot+28a246747e0a465127f3, David S . Miller,
	Sasha Levin, linux-wpan, netdev

From: Pavel Skripkin <paskripkin@gmail.com>

[ Upstream commit 6b9fbe16955152626557ec6f439f3407b7769941 ]

syzbot reported memory leak in atusb_probe()[1].
The problem was in atusb_alloc_urbs().
Since urb is anchored, we need to release the reference
to correctly free the urb

backtrace:
    [<ffffffff82ba0466>] kmalloc include/linux/slab.h:559 [inline]
    [<ffffffff82ba0466>] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74
    [<ffffffff82ad3888>] atusb_alloc_urbs drivers/net/ieee802154/atusb.c:362 [inline][2]
    [<ffffffff82ad3888>] atusb_probe+0x158/0x820 drivers/net/ieee802154/atusb.c:1038 [1]

Reported-by: syzbot+28a246747e0a465127f3@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ieee802154/atusb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/ieee802154/atusb.c b/drivers/net/ieee802154/atusb.c
index 0dd0ba915ab9..23ee0b14cbfa 100644
--- a/drivers/net/ieee802154/atusb.c
+++ b/drivers/net/ieee802154/atusb.c
@@ -365,6 +365,7 @@ static int atusb_alloc_urbs(struct atusb *atusb, int n)
 			return -ENOMEM;
 		}
 		usb_anchor_urb(urb, &atusb->idle_urbs);
+		usb_free_urb(urb);
 		n--;
 	}
 	return 0;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 19/46] drivers: net: fix memory leak in peak_usb_create_dev
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (16 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 18/46] drivers: net: fix memory leak in atusb_probe Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23   ` Sasha Levin
                   ` (26 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Pavel Skripkin, syzbot+91adee8d9ebb9193d22d, David S . Miller,
	Sasha Levin, linux-can, netdev

From: Pavel Skripkin <paskripkin@gmail.com>

[ Upstream commit a0b96b4a62745397aee662670cfc2157bac03f55 ]

syzbot reported memory leak in peak_usb.
The problem was in case of failure after calling
->dev_init()[2] in peak_usb_create_dev()[1]. The data
allocated int dev_init() wasn't freed, so simple
->dev_free() call fix this problem.

backtrace:
    [<0000000079d6542a>] kmalloc include/linux/slab.h:552 [inline]
    [<0000000079d6542a>] kzalloc include/linux/slab.h:682 [inline]
    [<0000000079d6542a>] pcan_usb_fd_init+0x156/0x210 drivers/net/can/usb/peak_usb/pcan_usb_fd.c:868   [2]
    [<00000000c09f9057>] peak_usb_create_dev drivers/net/can/usb/peak_usb/pcan_usb_core.c:851 [inline] [1]
    [<00000000c09f9057>] peak_usb_probe+0x389/0x490 drivers/net/can/usb/peak_usb/pcan_usb_core.c:949

Reported-by: syzbot+91adee8d9ebb9193d22d@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/can/usb/peak_usb/pcan_usb_core.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_core.c b/drivers/net/can/usb/peak_usb/pcan_usb_core.c
index 204ccb27d6d9..73c1bc3cb70d 100644
--- a/drivers/net/can/usb/peak_usb/pcan_usb_core.c
+++ b/drivers/net/can/usb/peak_usb/pcan_usb_core.c
@@ -856,7 +856,7 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter,
 	if (dev->adapter->dev_set_bus) {
 		err = dev->adapter->dev_set_bus(dev, 0);
 		if (err)
-			goto lbl_unregister_candev;
+			goto adap_dev_free;
 	}
 
 	/* get device number early */
@@ -868,6 +868,10 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter,
 
 	return 0;
 
+adap_dev_free:
+	if (dev->adapter->dev_free)
+		dev->adapter->dev_free(dev);
+
 lbl_unregister_candev:
 	unregister_candev(netdev);
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 20/46] drm/msm: Fix a5xx/a6xx timestamps
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Rob Clark, Jordan Crouse, Sasha Levin, linux-arm-msm, dri-devel,
	freedreno

From: Rob Clark <robdclark@chromium.org>

[ Upstream commit 9fbd3088351b92e8c2cef6e37a39decb12a8d5bb ]

They were reading a counter that was configured to ALWAYS_COUNT (ie.
cycles that the GPU is doing something) rather than ALWAYS_ON.  This
isn't the thing that userspace is looking for.

Signed-off-by: Rob Clark <robdclark@chromium.org>
Acked-by: Jordan Crouse <jordan@cosmicpenguin.net>
Message-Id: <20210325012358.1759770-2-robdclark@gmail.com>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 4 ++--
 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
index 5e11cdb207d8..0ca7e53db112 100644
--- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
@@ -1240,8 +1240,8 @@ static int a5xx_pm_suspend(struct msm_gpu *gpu)
 
 static int a5xx_get_timestamp(struct msm_gpu *gpu, uint64_t *value)
 {
-	*value = gpu_read64(gpu, REG_A5XX_RBBM_PERFCTR_CP_0_LO,
-		REG_A5XX_RBBM_PERFCTR_CP_0_HI);
+	*value = gpu_read64(gpu, REG_A5XX_RBBM_ALWAYSON_COUNTER_LO,
+		REG_A5XX_RBBM_ALWAYSON_COUNTER_HI);
 
 	return 0;
 }
diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
index 83b50f6d6bb7..722c2fe3bfd5 100644
--- a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
@@ -1073,8 +1073,8 @@ static int a6xx_get_timestamp(struct msm_gpu *gpu, uint64_t *value)
 	/* Force the GPU power on so we can read this register */
 	a6xx_gmu_set_oob(&a6xx_gpu->gmu, GMU_OOB_PERFCOUNTER_SET);
 
-	*value = gpu_read64(gpu, REG_A6XX_RBBM_PERFCTR_CP_0_LO,
-		REG_A6XX_RBBM_PERFCTR_CP_0_HI);
+	*value = gpu_read64(gpu, REG_A6XX_CP_ALWAYS_ON_COUNTER_LO,
+		REG_A6XX_CP_ALWAYS_ON_COUNTER_HI);
 
 	a6xx_gmu_clear_oob(&a6xx_gpu->gmu, GMU_OOB_PERFCOUNTER_SET);
 	mutex_unlock(&perfcounter_oob);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 20/46] drm/msm: Fix a5xx/a6xx timestamps
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Rob Clark, Sasha Levin, linux-arm-msm, dri-devel, Jordan Crouse,
	freedreno

From: Rob Clark <robdclark@chromium.org>

[ Upstream commit 9fbd3088351b92e8c2cef6e37a39decb12a8d5bb ]

They were reading a counter that was configured to ALWAYS_COUNT (ie.
cycles that the GPU is doing something) rather than ALWAYS_ON.  This
isn't the thing that userspace is looking for.

Signed-off-by: Rob Clark <robdclark@chromium.org>
Acked-by: Jordan Crouse <jordan@cosmicpenguin.net>
Message-Id: <20210325012358.1759770-2-robdclark@gmail.com>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 4 ++--
 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
index 5e11cdb207d8..0ca7e53db112 100644
--- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
@@ -1240,8 +1240,8 @@ static int a5xx_pm_suspend(struct msm_gpu *gpu)
 
 static int a5xx_get_timestamp(struct msm_gpu *gpu, uint64_t *value)
 {
-	*value = gpu_read64(gpu, REG_A5XX_RBBM_PERFCTR_CP_0_LO,
-		REG_A5XX_RBBM_PERFCTR_CP_0_HI);
+	*value = gpu_read64(gpu, REG_A5XX_RBBM_ALWAYSON_COUNTER_LO,
+		REG_A5XX_RBBM_ALWAYSON_COUNTER_HI);
 
 	return 0;
 }
diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
index 83b50f6d6bb7..722c2fe3bfd5 100644
--- a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
@@ -1073,8 +1073,8 @@ static int a6xx_get_timestamp(struct msm_gpu *gpu, uint64_t *value)
 	/* Force the GPU power on so we can read this register */
 	a6xx_gmu_set_oob(&a6xx_gpu->gmu, GMU_OOB_PERFCOUNTER_SET);
 
-	*value = gpu_read64(gpu, REG_A6XX_RBBM_PERFCTR_CP_0_LO,
-		REG_A6XX_RBBM_PERFCTR_CP_0_HI);
+	*value = gpu_read64(gpu, REG_A6XX_CP_ALWAYS_ON_COUNTER_LO,
+		REG_A6XX_CP_ALWAYS_ON_COUNTER_HI);
 
 	a6xx_gmu_clear_oob(&a6xx_gpu->gmu, GMU_OOB_PERFCOUNTER_SET);
 	mutex_unlock(&perfcounter_oob);
-- 
2.30.2

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 21/46] ASoC: fsl_esai: Fix TDM slot setup for I2S mode
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Shiyan, Nicolin Chen, Mark Brown, Sasha Levin,
	alsa-devel, linuxppc-dev

From: Alexander Shiyan <shc_work@mail.ru>

[ Upstream commit e7a48c710defa0e0fef54d42b7d9e4ab596e2761 ]

When using the driver in I2S TDM mode, the fsl_esai_startup()
function rewrites the number of slots previously set by the
fsl_esai_set_dai_tdm_slot() function to 2.
To fix this, let's use the saved slot count value or, if TDM
is not used and the number of slots is not set, the driver will use
the default value (2), which is set by fsl_esai_probe().

Signed-off-by: Alexander Shiyan <shc_work@mail.ru>
Acked-by: Nicolin Chen <nicoleotsuka@gmail.com>
Link: https://lore.kernel.org/r/20210402081405.9892-1-shc_work@mail.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/fsl/fsl_esai.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c
index 39637ca78cdb..9f5f217a9607 100644
--- a/sound/soc/fsl/fsl_esai.c
+++ b/sound/soc/fsl/fsl_esai.c
@@ -524,11 +524,13 @@ static int fsl_esai_startup(struct snd_pcm_substream *substream,
 				   ESAI_SAICR_SYNC, esai_priv->synchronous ?
 				   ESAI_SAICR_SYNC : 0);
 
-		/* Set a default slot number -- 2 */
+		/* Set slots count */
 		regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR,
-				   ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(2));
+				   ESAI_xCCR_xDC_MASK,
+				   ESAI_xCCR_xDC(esai_priv->slots));
 		regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR,
-				   ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(2));
+				   ESAI_xCCR_xDC_MASK,
+				   ESAI_xCCR_xDC(esai_priv->slots));
 	}
 
 	return 0;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 21/46] ASoC: fsl_esai: Fix TDM slot setup for I2S mode
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sasha Levin, alsa-devel, Alexander Shiyan, Nicolin Chen,
	Mark Brown, linuxppc-dev

From: Alexander Shiyan <shc_work@mail.ru>

[ Upstream commit e7a48c710defa0e0fef54d42b7d9e4ab596e2761 ]

When using the driver in I2S TDM mode, the fsl_esai_startup()
function rewrites the number of slots previously set by the
fsl_esai_set_dai_tdm_slot() function to 2.
To fix this, let's use the saved slot count value or, if TDM
is not used and the number of slots is not set, the driver will use
the default value (2), which is set by fsl_esai_probe().

Signed-off-by: Alexander Shiyan <shc_work@mail.ru>
Acked-by: Nicolin Chen <nicoleotsuka@gmail.com>
Link: https://lore.kernel.org/r/20210402081405.9892-1-shc_work@mail.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/fsl/fsl_esai.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c
index 39637ca78cdb..9f5f217a9607 100644
--- a/sound/soc/fsl/fsl_esai.c
+++ b/sound/soc/fsl/fsl_esai.c
@@ -524,11 +524,13 @@ static int fsl_esai_startup(struct snd_pcm_substream *substream,
 				   ESAI_SAICR_SYNC, esai_priv->synchronous ?
 				   ESAI_SAICR_SYNC : 0);
 
-		/* Set a default slot number -- 2 */
+		/* Set slots count */
 		regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR,
-				   ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(2));
+				   ESAI_xCCR_xDC_MASK,
+				   ESAI_xCCR_xDC(esai_priv->slots));
 		regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR,
-				   ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(2));
+				   ESAI_xCCR_xDC_MASK,
+				   ESAI_xCCR_xDC(esai_priv->slots));
 	}
 
 	return 0;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 22/46] scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (19 preceding siblings ...)
  2021-04-12 16:23   ` Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 23/46] iwlwifi: add support for Qu with AX201 device Sasha Levin
                   ` (23 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Martin Wilck, Bart Van Assche, Martin K . Petersen, Sasha Levin,
	linux-scsi

From: Martin Wilck <mwilck@suse.com>

[ Upstream commit 5cd0f6f57639c5afbb36100c69281fee82c95ee7 ]

rport_dev_loss_timedout() sets the rport state to SRP_PORT_LOST and the
SCSI target state to SDEV_TRANSPORT_OFFLINE. If this races with
srp_reconnect_work(), a warning is printed:

Mar 27 18:48:07 ictm1604s01h4 kernel: dev_loss_tmo expired for SRP port-18:1 / host18.
Mar 27 18:48:07 ictm1604s01h4 kernel: ------------[ cut here ]------------
Mar 27 18:48:07 ictm1604s01h4 kernel: scsi_internal_device_block(18:0:0:100) failed: ret = -22
Mar 27 18:48:07 ictm1604s01h4 kernel: Call Trace:
Mar 27 18:48:07 ictm1604s01h4 kernel:  ? scsi_target_unblock+0x50/0x50 [scsi_mod]
Mar 27 18:48:07 ictm1604s01h4 kernel:  starget_for_each_device+0x80/0xb0 [scsi_mod]
Mar 27 18:48:07 ictm1604s01h4 kernel:  target_block+0x24/0x30 [scsi_mod]
Mar 27 18:48:07 ictm1604s01h4 kernel:  device_for_each_child+0x57/0x90
Mar 27 18:48:07 ictm1604s01h4 kernel:  srp_reconnect_rport+0xe4/0x230 [scsi_transport_srp]
Mar 27 18:48:07 ictm1604s01h4 kernel:  srp_reconnect_work+0x40/0xc0 [scsi_transport_srp]

Avoid this by not trying to block targets for rports in SRP_PORT_LOST
state.

Link: https://lore.kernel.org/r/20210401091105.8046-1-mwilck@suse.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/scsi_transport_srp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c
index 1e939a2a387f..98a34ed10f1a 100644
--- a/drivers/scsi/scsi_transport_srp.c
+++ b/drivers/scsi/scsi_transport_srp.c
@@ -541,7 +541,7 @@ int srp_reconnect_rport(struct srp_rport *rport)
 	res = mutex_lock_interruptible(&rport->mutex);
 	if (res)
 		goto out;
-	if (rport->state != SRP_RPORT_FAIL_FAST)
+	if (rport->state != SRP_RPORT_FAIL_FAST && rport->state != SRP_RPORT_LOST)
 		/*
 		 * sdev state must be SDEV_TRANSPORT_OFFLINE, transition
 		 * to SDEV_BLOCK is illegal. Calling scsi_target_unblock()
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 23/46] iwlwifi: add support for Qu with AX201 device
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (20 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 22/46] scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 24/46] net: ieee802154: forbid monitor for set llsec params Sasha Levin
                   ` (22 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Matt Chen, Luca Coelho, Kalle Valo, Sasha Levin, linux-wireless, netdev

From: Matt Chen <matt.chen@intel.com>

[ Upstream commit 97195d3cad852063208a1cd4f4d073459547a415 ]

Add this specific Samsung AX201 sku to driver so it can be
detected and initialized successfully.

Signed-off-by: Matt Chen <matt.chen@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/iwlwifi.20210326125611.30b622037714.Id9fd709cf1c8261c097bbfd7453f6476077dcafc@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
index fa32f9045c0c..500fdb0b6c42 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
@@ -684,6 +684,7 @@ static const struct iwl_dev_info iwl_dev_info_table[] = {
 	IWL_DEV_INFO(0x4DF0, 0x1652, killer1650i_2ax_cfg_qu_b0_hr_b0, NULL),
 	IWL_DEV_INFO(0x4DF0, 0x2074, iwl_ax201_cfg_qu_hr, NULL),
 	IWL_DEV_INFO(0x4DF0, 0x4070, iwl_ax201_cfg_qu_hr, NULL),
+	IWL_DEV_INFO(0x4DF0, 0x6074, iwl_ax201_cfg_qu_hr, NULL),
 
 	_IWL_DEV_INFO(IWL_CFG_ANY, IWL_CFG_ANY,
 		      IWL_CFG_MAC_TYPE_PU, IWL_CFG_ANY,
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 24/46] net: ieee802154: forbid monitor for set llsec params
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (21 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 23/46] iwlwifi: add support for Qu with AX201 device Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 25/46] net: ieee802154: stop dump llsec keys for monitors Sasha Levin
                   ` (21 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, syzbot+8b6719da8a04beeafcc3, Stefan Schmidt,
	Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 88c17855ac4291fb462e13a86b7516773b6c932e ]

This patch forbids to set llsec params for monitor interfaces which we
don't support yet.

Reported-by: syzbot+8b6719da8a04beeafcc3@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-3-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index e9e4652cd592..dd43aa03200e 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1384,6 +1384,9 @@ static int nl802154_set_llsec_params(struct sk_buff *skb,
 	u32 changed = 0;
 	int ret;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (info->attrs[NL802154_ATTR_SEC_ENABLED]) {
 		u8 enabled;
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 25/46] net: ieee802154: stop dump llsec keys for monitors
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (22 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 24/46] net: ieee802154: forbid monitor for set llsec params Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 26/46] net: ieee802154: forbid monitor for add llsec key Sasha Levin
                   ` (20 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit fb3c5cdf88cd504ef11d59e8d656f4bc896c6922 ]

This patch stops dumping llsec keys for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-4-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index dd43aa03200e..c85e4230ec60 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1493,6 +1493,11 @@ nl802154_dump_llsec_key(struct sk_buff *skb, struct netlink_callback *cb)
 	if (err)
 		return err;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+		err = skb->len;
+		goto out_err;
+	}
+
 	if (!wpan_dev->netdev) {
 		err = -EINVAL;
 		goto out_err;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 26/46] net: ieee802154: forbid monitor for add llsec key
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (23 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 25/46] net: ieee802154: stop dump llsec keys for monitors Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 27/46] net: ieee802154: forbid monitor for del " Sasha Levin
                   ` (19 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 08470c5453339369bd3d590c4cbb0b5961cdcbb6 ]

This patch forbids to add llsec key for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-5-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index c85e4230ec60..c10fc3479d3e 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1552,6 +1552,9 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info)
 	struct ieee802154_llsec_key_id id = { };
 	u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { };
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
 		return -EINVAL;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 27/46] net: ieee802154: forbid monitor for del llsec key
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (24 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 26/46] net: ieee802154: forbid monitor for add llsec key Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 28/46] net: ieee802154: stop dump llsec devs for monitors Sasha Levin
                   ` (18 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit b6e2949544a183f590ae6f3ef2d1aaaa2c44e38a ]

This patch forbids to del llsec key for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-6-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index c10fc3479d3e..9cdc1457c97c 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1604,6 +1604,9 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info)
 	struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1];
 	struct ieee802154_llsec_key_id id;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
 		return -EINVAL;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 28/46] net: ieee802154: stop dump llsec devs for monitors
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (25 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 27/46] net: ieee802154: forbid monitor for del " Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 29/46] net: ieee802154: forbid monitor for add llsec dev Sasha Levin
                   ` (17 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 5582d641e6740839c9b83efd1fbf9bcd00b6f5fc ]

This patch stops dumping llsec devs for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-7-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 9cdc1457c97c..39a81602e5b5 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1672,6 +1672,11 @@ nl802154_dump_llsec_dev(struct sk_buff *skb, struct netlink_callback *cb)
 	if (err)
 		return err;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+		err = skb->len;
+		goto out_err;
+	}
+
 	if (!wpan_dev->netdev) {
 		err = -EINVAL;
 		goto out_err;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 29/46] net: ieee802154: forbid monitor for add llsec dev
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (26 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 28/46] net: ieee802154: stop dump llsec devs for monitors Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 30/46] net: ieee802154: forbid monitor for del " Sasha Levin
                   ` (16 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 5303f956b05a2886ff42890908156afaec0f95ac ]

This patch forbids to add llsec dev for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-8-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 39a81602e5b5..29aaeb094959 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1763,6 +1763,9 @@ static int nl802154_add_llsec_dev(struct sk_buff *skb, struct genl_info *info)
 	struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
 	struct ieee802154_llsec_device dev_desc;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (ieee802154_llsec_parse_device(info->attrs[NL802154_ATTR_SEC_DEVICE],
 					  &dev_desc) < 0)
 		return -EINVAL;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 30/46] net: ieee802154: forbid monitor for del llsec dev
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (27 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 29/46] net: ieee802154: forbid monitor for add llsec dev Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 31/46] net: ieee802154: stop dump llsec devkeys for monitors Sasha Levin
                   ` (15 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit ad8f9de1f3566686af35b1c6b43240726541da61 ]

This patch forbids to del llsec dev for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-9-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 29aaeb094959..5c386575aec0 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1781,6 +1781,9 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info)
 	struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1];
 	__le64 extended_addr;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_DEVICE] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
 		return -EINVAL;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 31/46] net: ieee802154: stop dump llsec devkeys for monitors
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (28 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 30/46] net: ieee802154: forbid monitor for del " Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 32/46] net: ieee802154: forbid monitor for add llsec devkey Sasha Levin
                   ` (14 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 080d1a57a94d93e70f84b7a360baa351388c574f ]

This patch stops dumping llsec devkeys for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-10-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 5c386575aec0..f63fbb237be8 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1853,6 +1853,11 @@ nl802154_dump_llsec_devkey(struct sk_buff *skb, struct netlink_callback *cb)
 	if (err)
 		return err;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+		err = skb->len;
+		goto out_err;
+	}
+
 	if (!wpan_dev->netdev) {
 		err = -EINVAL;
 		goto out_err;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 32/46] net: ieee802154: forbid monitor for add llsec devkey
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (29 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 31/46] net: ieee802154: stop dump llsec devkeys for monitors Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 33/46] net: ieee802154: forbid monitor for del " Sasha Levin
                   ` (13 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit a347b3b394868fef15b16f143719df56184be81d ]

This patch forbids to add llsec devkey for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-11-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index f63fbb237be8..1e437de5e7c9 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1915,6 +1915,9 @@ static int nl802154_add_llsec_devkey(struct sk_buff *skb, struct genl_info *info
 	struct ieee802154_llsec_device_key key;
 	__le64 extended_addr;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack) < 0)
 		return -EINVAL;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 33/46] net: ieee802154: forbid monitor for del llsec devkey
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (30 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 32/46] net: ieee802154: forbid monitor for add llsec devkey Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 34/46] net: ieee802154: stop dump llsec seclevels for monitors Sasha Levin
                   ` (12 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 6fb8045319ef172dc88a8142e7f8b58c7608137e ]

This patch forbids to del llsec devkey for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-12-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 1e437de5e7c9..f1f3af618039 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1949,6 +1949,9 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info
 	struct ieee802154_llsec_device_key key;
 	__le64 extended_addr;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
 		return -EINVAL;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 34/46] net: ieee802154: stop dump llsec seclevels for monitors
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (31 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 33/46] net: ieee802154: forbid monitor for del " Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 35/46] net: ieee802154: forbid monitor for add llsec seclevel Sasha Levin
                   ` (11 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 4c9b4f55ad1f5a4b6206ac4ea58f273126d21925 ]

This patch stops dumping llsec seclevels for monitors which we don't
support yet. Otherwise we will access llsec mib which isn't initialized
for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-13-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index f1f3af618039..6a39fb7c0c46 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2026,6 +2026,11 @@ nl802154_dump_llsec_seclevel(struct sk_buff *skb, struct netlink_callback *cb)
 	if (err)
 		return err;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+		err = skb->len;
+		goto out_err;
+	}
+
 	if (!wpan_dev->netdev) {
 		err = -EINVAL;
 		goto out_err;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 35/46] net: ieee802154: forbid monitor for add llsec seclevel
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (32 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 34/46] net: ieee802154: stop dump llsec seclevels for monitors Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 36/46] net: ieee802154: forbid monitor for del " Sasha Levin
                   ` (10 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 9ec87e322428d4734ac647d1a8e507434086993d ]

This patch forbids to add llsec seclevel for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-14-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 6a39fb7c0c46..c2e9d133e5fc 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2115,6 +2115,9 @@ static int nl802154_add_llsec_seclevel(struct sk_buff *skb,
 	struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
 	struct ieee802154_llsec_seclevel sl;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL],
 				 &sl) < 0)
 		return -EINVAL;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 36/46] net: ieee802154: forbid monitor for del llsec seclevel
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (33 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 35/46] net: ieee802154: forbid monitor for add llsec seclevel Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 37/46] net: ieee802154: stop dump llsec params for monitors Sasha Levin
                   ` (9 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, syzbot+fbf4fc11a819824e027b, Stefan Schmidt,
	Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 9dde130937e95b72adfae64ab21d6e7e707e2dac ]

This patch forbids to del llsec seclevel for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Reported-by: syzbot+fbf4fc11a819824e027b@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-15-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index c2e9d133e5fc..edd09eb7bf6d 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2133,6 +2133,9 @@ static int nl802154_del_llsec_seclevel(struct sk_buff *skb,
 	struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
 	struct ieee802154_llsec_seclevel sl;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_LEVEL] ||
 	    llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL],
 				 &sl) < 0)
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 37/46] net: ieee802154: stop dump llsec params for monitors
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (34 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 36/46] net: ieee802154: forbid monitor for del " Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 38/46] net: mac802154: Fix general protection fault Sasha Levin
                   ` (8 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexander Aring, syzbot+cde43a581a8e5f317bc2, Stefan Schmidt,
	Sasha Levin, linux-wpan, netdev

From: Alexander Aring <aahringo@redhat.com>

[ Upstream commit 1534efc7bbc1121e92c86c2dabebaf2c9dcece19 ]

This patch stops dumping llsec params for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.

Reported-by: syzbot+cde43a581a8e5f317bc2@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210405003054.256017-16-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index edd09eb7bf6d..f0b47d43c9f6 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -820,8 +820,13 @@ nl802154_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
 		goto nla_put_failure;
 
 #ifdef CONFIG_IEEE802154_NL802154_EXPERIMENTAL
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		goto out;
+
 	if (nl802154_get_llsec_params(msg, rdev, wpan_dev) < 0)
 		goto nla_put_failure;
+
+out:
 #endif /* CONFIG_IEEE802154_NL802154_EXPERIMENTAL */
 
 	genlmsg_end(msg, hdr);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 38/46] net: mac802154: Fix general protection fault
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (35 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 37/46] net: ieee802154: stop dump llsec params for monitors Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23   ` Sasha Levin
                   ` (7 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Pavel Skripkin, syzbot+9ec037722d2603a9f52e, Alexander Aring,
	Stefan Schmidt, Sasha Levin, linux-wpan, netdev

From: Pavel Skripkin <paskripkin@gmail.com>

[ Upstream commit 1165affd484889d4986cf3b724318935a0b120d8 ]

syzbot found general protection fault in crypto_destroy_tfm()[1].
It was caused by wrong clean up loop in llsec_key_alloc().
If one of the tfm array members is in IS_ERR() range it will
cause general protection fault in clean up function [1].

Call Trace:
 crypto_free_aead include/crypto/aead.h:191 [inline] [1]
 llsec_key_alloc net/mac802154/llsec.c:156 [inline]
 mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249
 ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338
 rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline]
 nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584
 genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
 genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
 sock_sendmsg_nosec net/socket.c:654 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:674
 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Reported-by: syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com
Acked-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210304152125.1052825-1-paskripkin@gmail.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/mac802154/llsec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index 585d33144c33..55550ead2ced 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -152,7 +152,7 @@ llsec_key_alloc(const struct ieee802154_llsec_key *template)
 	crypto_free_sync_skcipher(key->tfm0);
 err_tfm:
 	for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
-		if (key->tfm[i])
+		if (!IS_ERR_OR_NULL(key->tfm[i]))
 			crypto_free_aead(key->tfm[i]);
 
 	kfree_sensitive(key);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 39/46] pcnet32: Use pci_resource_len to validate PCI resource
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
@ 2021-04-12 16:23   ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
                     ` (43 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Guenter Roeck, David S . Miller, Sasha Levin, netdev, linux-riscv

From: Guenter Roeck <linux@roeck-us.net>

[ Upstream commit 66c3f05ddc538ee796321210c906b6ae6fc0792a ]

pci_resource_start() is not a good indicator to determine if a PCI
resource exists or not, since the resource may start at address 0.
This is seen when trying to instantiate the driver in qemu for riscv32
or riscv64.

pci 0000:00:01.0: reg 0x10: [io  0x0000-0x001f]
pci 0000:00:01.0: reg 0x14: [mem 0x00000000-0x0000001f]
...
pcnet32: card has no PCI IO resources, aborting

Use pci_resouce_len() instead.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amd/pcnet32.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/amd/pcnet32.c b/drivers/net/ethernet/amd/pcnet32.c
index 187b0b9a6e1d..f78daba60b35 100644
--- a/drivers/net/ethernet/amd/pcnet32.c
+++ b/drivers/net/ethernet/amd/pcnet32.c
@@ -1534,8 +1534,7 @@ pcnet32_probe_pci(struct pci_dev *pdev, const struct pci_device_id *ent)
 	}
 	pci_set_master(pdev);
 
-	ioaddr = pci_resource_start(pdev, 0);
-	if (!ioaddr) {
+	if (!pci_resource_len(pdev, 0)) {
 		if (pcnet32_debug & NETIF_MSG_PROBE)
 			pr_err("card has no PCI IO resources, aborting\n");
 		err = -ENODEV;
@@ -1548,6 +1547,8 @@ pcnet32_probe_pci(struct pci_dev *pdev, const struct pci_device_id *ent)
 			pr_err("architecture does not support 32bit PCI busmaster DMA\n");
 		goto err_disable_dev;
 	}
+
+	ioaddr = pci_resource_start(pdev, 0);
 	if (!request_region(ioaddr, PCNET32_TOTAL_SIZE, "pcnet32_probe_pci")) {
 		if (pcnet32_debug & NETIF_MSG_PROBE)
 			pr_err("io address range already allocated\n");
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 39/46] pcnet32: Use pci_resource_len to validate PCI resource
@ 2021-04-12 16:23   ` Sasha Levin
  0 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Guenter Roeck, David S . Miller, Sasha Levin, netdev, linux-riscv

From: Guenter Roeck <linux@roeck-us.net>

[ Upstream commit 66c3f05ddc538ee796321210c906b6ae6fc0792a ]

pci_resource_start() is not a good indicator to determine if a PCI
resource exists or not, since the resource may start at address 0.
This is seen when trying to instantiate the driver in qemu for riscv32
or riscv64.

pci 0000:00:01.0: reg 0x10: [io  0x0000-0x001f]
pci 0000:00:01.0: reg 0x14: [mem 0x00000000-0x0000001f]
...
pcnet32: card has no PCI IO resources, aborting

Use pci_resouce_len() instead.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/amd/pcnet32.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/amd/pcnet32.c b/drivers/net/ethernet/amd/pcnet32.c
index 187b0b9a6e1d..f78daba60b35 100644
--- a/drivers/net/ethernet/amd/pcnet32.c
+++ b/drivers/net/ethernet/amd/pcnet32.c
@@ -1534,8 +1534,7 @@ pcnet32_probe_pci(struct pci_dev *pdev, const struct pci_device_id *ent)
 	}
 	pci_set_master(pdev);
 
-	ioaddr = pci_resource_start(pdev, 0);
-	if (!ioaddr) {
+	if (!pci_resource_len(pdev, 0)) {
 		if (pcnet32_debug & NETIF_MSG_PROBE)
 			pr_err("card has no PCI IO resources, aborting\n");
 		err = -ENODEV;
@@ -1548,6 +1547,8 @@ pcnet32_probe_pci(struct pci_dev *pdev, const struct pci_device_id *ent)
 			pr_err("architecture does not support 32bit PCI busmaster DMA\n");
 		goto err_disable_dev;
 	}
+
+	ioaddr = pci_resource_start(pdev, 0);
 	if (!request_region(ioaddr, PCNET32_TOTAL_SIZE, "pcnet32_probe_pci")) {
 		if (pcnet32_debug & NETIF_MSG_PROBE)
 			pr_err("io address range already allocated\n");
-- 
2.30.2


_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 40/46] net: tun: set tun->dev->addr_len during TUNSETLINK processing
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (37 preceding siblings ...)
  2021-04-12 16:23   ` Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 41/46] net/rds: Avoid potential use after free in rds_send_remove_from_sock Sasha Levin
                   ` (5 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Phillip Potter, syzbot+001516d86dbe88862cec, Eric Dumazet,
	David S . Miller, Sasha Levin, netdev

From: Phillip Potter <phil@philpotter.co.uk>

[ Upstream commit cca8ea3b05c972ffb5295367e6c544369b45fbdd ]

When changing type with TUNSETLINK ioctl command, set tun->dev->addr_len
to match the appropriate type, using new tun_get_addr_len utility function
which returns appropriate address length for given type. Fixes a
KMSAN-found uninit-value bug reported by syzbot at:
https://syzkaller.appspot.com/bug?id=0766d38c656abeace60621896d705743aeefed51

Reported-by: syzbot+001516d86dbe88862cec@syzkaller.appspotmail.com
Diagnosed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/tun.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index accde25a66a0..c671d8e25774 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -69,6 +69,14 @@
 #include <linux/bpf.h>
 #include <linux/bpf_trace.h>
 #include <linux/mutex.h>
+#include <linux/ieee802154.h>
+#include <linux/if_ltalk.h>
+#include <uapi/linux/if_fddi.h>
+#include <uapi/linux/if_hippi.h>
+#include <uapi/linux/if_fc.h>
+#include <net/ax25.h>
+#include <net/rose.h>
+#include <net/6lowpan.h>
 
 #include <linux/uaccess.h>
 #include <linux/proc_fs.h>
@@ -2978,6 +2986,45 @@ static int tun_set_ebpf(struct tun_struct *tun, struct tun_prog __rcu **prog_p,
 	return __tun_set_ebpf(tun, prog_p, prog);
 }
 
+/* Return correct value for tun->dev->addr_len based on tun->dev->type. */
+static unsigned char tun_get_addr_len(unsigned short type)
+{
+	switch (type) {
+	case ARPHRD_IP6GRE:
+	case ARPHRD_TUNNEL6:
+		return sizeof(struct in6_addr);
+	case ARPHRD_IPGRE:
+	case ARPHRD_TUNNEL:
+	case ARPHRD_SIT:
+		return 4;
+	case ARPHRD_ETHER:
+		return ETH_ALEN;
+	case ARPHRD_IEEE802154:
+	case ARPHRD_IEEE802154_MONITOR:
+		return IEEE802154_EXTENDED_ADDR_LEN;
+	case ARPHRD_PHONET_PIPE:
+	case ARPHRD_PPP:
+	case ARPHRD_NONE:
+		return 0;
+	case ARPHRD_6LOWPAN:
+		return EUI64_ADDR_LEN;
+	case ARPHRD_FDDI:
+		return FDDI_K_ALEN;
+	case ARPHRD_HIPPI:
+		return HIPPI_ALEN;
+	case ARPHRD_IEEE802:
+		return FC_ALEN;
+	case ARPHRD_ROSE:
+		return ROSE_ADDR_LEN;
+	case ARPHRD_NETROM:
+		return AX25_ADDR_LEN;
+	case ARPHRD_LOCALTLK:
+		return LTALK_ALEN;
+	default:
+		return 0;
+	}
+}
+
 static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 			    unsigned long arg, int ifreq_len)
 {
@@ -3133,6 +3180,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 			ret = -EBUSY;
 		} else {
 			tun->dev->type = (int) arg;
+			tun->dev->addr_len = tun_get_addr_len(tun->dev->type);
 			netif_info(tun, drv, tun->dev, "linktype set to %d\n",
 				   tun->dev->type);
 			ret = 0;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 41/46] net/rds: Avoid potential use after free in rds_send_remove_from_sock
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (38 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 40/46] net: tun: set tun->dev->addr_len during TUNSETLINK processing Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-19  8:49   ` Pavel Machek
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 42/46] net: tipc: Fix spelling errors in net/tipc module Sasha Levin
                   ` (4 subsequent siblings)
  44 siblings, 1 reply; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Aditya Pakki, Santosh Shilimkar, David S . Miller, Sasha Levin,
	netdev, linux-rdma, rds-devel

From: Aditya Pakki <pakki001@umn.edu>

[ Upstream commit 0c85a7e87465f2d4cbc768e245f4f45b2f299b05 ]

In case of rs failure in rds_send_remove_from_sock(), the 'rm' resource
is freed and later under spinlock, causing potential use-after-free.
Set the free pointer to NULL to avoid undefined behavior.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/rds/message.c | 1 +
 net/rds/send.c    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/rds/message.c b/net/rds/message.c
index 071a261fdaab..90ebcfe5fe3b 100644
--- a/net/rds/message.c
+++ b/net/rds/message.c
@@ -180,6 +180,7 @@ void rds_message_put(struct rds_message *rm)
 		rds_message_purge(rm);
 
 		kfree(rm);
+		rm = NULL;
 	}
 }
 EXPORT_SYMBOL_GPL(rds_message_put);
diff --git a/net/rds/send.c b/net/rds/send.c
index 985d0b7713ac..fe5264b9d4b3 100644
--- a/net/rds/send.c
+++ b/net/rds/send.c
@@ -665,7 +665,7 @@ static void rds_send_remove_from_sock(struct list_head *messages, int status)
 unlock_and_drop:
 		spin_unlock_irqrestore(&rm->m_rs_lock, flags);
 		rds_message_put(rm);
-		if (was_on_sock)
+		if (was_on_sock && rm)
 			rds_message_put(rm);
 	}
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 42/46] net: tipc: Fix spelling errors in net/tipc module
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (39 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 41/46] net/rds: Avoid potential use after free in rds_send_remove_from_sock Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 43/46] mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN Sasha Levin
                   ` (3 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Zheng Yongjun, Hulk Robot, David S . Miller, Sasha Levin, netdev,
	tipc-discussion

From: Zheng Yongjun <zhengyongjun3@huawei.com>

[ Upstream commit a79ace4b312953c5835fafb12adc3cb6878b26bd ]

These patches fix a series of spelling errors in net/tipc module.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/tipc/bearer.h | 6 +++---
 net/tipc/net.c    | 2 +-
 net/tipc/node.c   | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/tipc/bearer.h b/net/tipc/bearer.h
index bc0023119da2..9700c7df1b7f 100644
--- a/net/tipc/bearer.h
+++ b/net/tipc/bearer.h
@@ -150,9 +150,9 @@ struct tipc_media {
  * care of initializing all other fields.
  */
 struct tipc_bearer {
-	void __rcu *media_ptr;			/* initalized by media */
-	u32 mtu;				/* initalized by media */
-	struct tipc_media_addr addr;		/* initalized by media */
+	void __rcu *media_ptr;			/* initialized by media */
+	u32 mtu;				/* initialized by media */
+	struct tipc_media_addr addr;		/* initialized by media */
 	char name[TIPC_MAX_BEARER_NAME];
 	struct tipc_media *media;
 	struct tipc_media_addr bcast_addr;
diff --git a/net/tipc/net.c b/net/tipc/net.c
index 0bb2323201da..04ba69a0768b 100644
--- a/net/tipc/net.c
+++ b/net/tipc/net.c
@@ -89,7 +89,7 @@
  *     - A spin lock to protect the registry of kernel/driver users (reg.c)
  *     - A global spin_lock (tipc_port_lock), which only task is to ensure
  *       consistency where more than one port is involved in an operation,
- *       i.e., whe a port is part of a linked list of ports.
+ *       i.e., when a port is part of a linked list of ports.
  *       There are two such lists; 'port_list', which is used for management,
  *       and 'wait_list', which is used to queue ports during congestion.
  *
diff --git a/net/tipc/node.c b/net/tipc/node.c
index e4452d55851f..10b6fa7e558e 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -1711,7 +1711,7 @@ int tipc_node_xmit(struct net *net, struct sk_buff_head *list,
 }
 
 /* tipc_node_xmit_skb(): send single buffer to destination
- * Buffers sent via this functon are generally TIPC_SYSTEM_IMPORTANCE
+ * Buffers sent via this function are generally TIPC_SYSTEM_IMPORTANCE
  * messages, which will not be rejected
  * The only exception is datagram messages rerouted after secondary
  * lookup, which are rare and safe to dispose of anyway.
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 43/46] mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (40 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 42/46] net: tipc: Fix spelling errors in net/tipc module Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 44/46] cfg80211: remove WARN_ON() in cfg80211_sme_connect Sasha Levin
                   ` (2 subsequent siblings)
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Seevalamuthu Mariappan, Johannes Berg, Sasha Levin,
	linux-wireless, netdev

From: Seevalamuthu Mariappan <seevalam@codeaurora.org>

[ Upstream commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd ]

In some race conditions, with more clients and traffic configuration,
below crash is seen when making the interface down. sta->fast_rx wasn't
cleared when STA gets removed from 4-addr AP_VLAN interface. The crash is
due to try accessing 4-addr AP_VLAN interface's net_device (fast_rx->dev)
which has been deleted already.

Resolve this by clearing sta->fast_rx pointer when STA removes
from a 4-addr VLAN.

[  239.449529] Unable to handle kernel NULL pointer dereference at virtual address 00000004
[  239.449531] pgd = 80204000
...
[  239.481496] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.60 #227
[  239.481591] Hardware name: Generic DT based system
[  239.487665] task: be05b700 ti: be08e000 task.ti: be08e000
[  239.492360] PC is at get_rps_cpu+0x2d4/0x31c
[  239.497823] LR is at 0xbe08fc54
...
[  239.778574] [<80739740>] (get_rps_cpu) from [<8073cb10>] (netif_receive_skb_internal+0x8c/0xac)
[  239.786722] [<8073cb10>] (netif_receive_skb_internal) from [<8073d578>] (napi_gro_receive+0x48/0xc4)
[  239.795267] [<8073d578>] (napi_gro_receive) from [<c7b83e8c>] (ieee80211_mark_rx_ba_filtered_frames+0xbcc/0x12d4 [mac80211])
[  239.804776] [<c7b83e8c>] (ieee80211_mark_rx_ba_filtered_frames [mac80211]) from [<c7b84d4c>] (ieee80211_rx_napi+0x7b8/0x8c8 [mac8
            0211])
[  239.815857] [<c7b84d4c>] (ieee80211_rx_napi [mac80211]) from [<c7f63d7c>] (ath11k_dp_process_rx+0x7bc/0x8c8 [ath11k])
[  239.827757] [<c7f63d7c>] (ath11k_dp_process_rx [ath11k]) from [<c7f5b6c4>] (ath11k_dp_service_srng+0x2c0/0x2e0 [ath11k])
[  239.838484] [<c7f5b6c4>] (ath11k_dp_service_srng [ath11k]) from [<7f55b7dc>] (ath11k_ahb_ext_grp_napi_poll+0x20/0x84 [ath11k_ahb]
            )
[  239.849419] [<7f55b7dc>] (ath11k_ahb_ext_grp_napi_poll [ath11k_ahb]) from [<8073ce1c>] (net_rx_action+0xe0/0x28c)
[  239.860945] [<8073ce1c>] (net_rx_action) from [<80324868>] (__do_softirq+0xe4/0x228)
[  239.871269] [<80324868>] (__do_softirq) from [<80324c48>] (irq_exit+0x98/0x108)
[  239.879080] [<80324c48>] (irq_exit) from [<8035c59c>] (__handle_domain_irq+0x90/0xb4)
[  239.886114] [<8035c59c>] (__handle_domain_irq) from [<8030137c>] (gic_handle_irq+0x50/0x94)
[  239.894100] [<8030137c>] (gic_handle_irq) from [<803024c0>] (__irq_svc+0x40/0x74)

Signed-off-by: Seevalamuthu Mariappan <seevalam@codeaurora.org>
Link: https://lore.kernel.org/r/1616163532-3881-1-git-send-email-seevalam@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/mac80211/cfg.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 2bf6271d9e3f..6a96deded763 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1789,8 +1789,10 @@ static int ieee80211_change_station(struct wiphy *wiphy,
 		}
 
 		if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
-		    sta->sdata->u.vlan.sta)
+		    sta->sdata->u.vlan.sta) {
+			ieee80211_clear_fast_rx(sta);
 			RCU_INIT_POINTER(sta->sdata->u.vlan.sta, NULL);
+		}
 
 		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
 			ieee80211_vif_dec_num_mcast(sta->sdata);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 44/46] cfg80211: remove WARN_ON() in cfg80211_sme_connect
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (41 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 43/46] mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN Sasha Levin
@ 2021-04-12 16:23 ` Sasha Levin
  2021-04-12 16:24 ` [PATCH AUTOSEL 5.10 45/46] virt_wifi: Return micros for BSS TSF values Sasha Levin
  2021-04-12 16:24 ` [PATCH AUTOSEL 5.10 46/46] lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS Sasha Levin
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:23 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Du Cheng, syzbot+5f9392825de654244975, Johannes Berg,
	Sasha Levin, linux-wireless, netdev

From: Du Cheng <ducheng2@gmail.com>

[ Upstream commit 1b5ab825d9acc0f27d2f25c6252f3526832a9626 ]

A WARN_ON(wdev->conn) would trigger in cfg80211_sme_connect(), if multiple
send_msg(NL80211_CMD_CONNECT) system calls are made from the userland, which
should be anticipated and handled by the wireless driver. Remove this WARN_ON()
to prevent kernel panic if kernel is configured to "panic_on_warn".

Bug reported by syzbot.

Reported-by: syzbot+5f9392825de654244975@syzkaller.appspotmail.com
Signed-off-by: Du Cheng <ducheng2@gmail.com>
Link: https://lore.kernel.org/r/20210407162756.6101-1-ducheng2@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/wireless/sme.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 38df713f2e2e..060e365c8259 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -530,7 +530,7 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev,
 		cfg80211_sme_free(wdev);
 	}
 
-	if (WARN_ON(wdev->conn))
+	if (wdev->conn)
 		return -EINPROGRESS;
 
 	wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 45/46] virt_wifi: Return micros for BSS TSF values
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (42 preceding siblings ...)
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 44/46] cfg80211: remove WARN_ON() in cfg80211_sme_connect Sasha Levin
@ 2021-04-12 16:24 ` Sasha Levin
  2021-04-12 16:24 ` [PATCH AUTOSEL 5.10 46/46] lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS Sasha Levin
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:24 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: A. Cody Schuffelen, Johannes Berg, Sasha Levin, linux-wireless, netdev

From: "A. Cody Schuffelen" <schuffelen@google.com>

[ Upstream commit b57aa17f07c9270e576ef7df09f142978b5a75f0 ]

cfg80211_inform_bss expects to receive a TSF value, but is given the
time since boot in nanoseconds. TSF values are expected to be at
microsecond scale rather than nanosecond scale.

Signed-off-by: A. Cody Schuffelen <schuffelen@google.com>
Link: https://lore.kernel.org/r/20210318200419.1421034-1-schuffelen@google.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/virt_wifi.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/virt_wifi.c b/drivers/net/wireless/virt_wifi.c
index c878097f0dda..1df959532c7d 100644
--- a/drivers/net/wireless/virt_wifi.c
+++ b/drivers/net/wireless/virt_wifi.c
@@ -12,6 +12,7 @@
 #include <net/cfg80211.h>
 #include <net/rtnetlink.h>
 #include <linux/etherdevice.h>
+#include <linux/math64.h>
 #include <linux/module.h>
 
 static struct wiphy *common_wiphy;
@@ -168,11 +169,11 @@ static void virt_wifi_scan_result(struct work_struct *work)
 			     scan_result.work);
 	struct wiphy *wiphy = priv_to_wiphy(priv);
 	struct cfg80211_scan_info scan_info = { .aborted = false };
+	u64 tsf = div_u64(ktime_get_boottime_ns(), 1000);
 
 	informed_bss = cfg80211_inform_bss(wiphy, &channel_5ghz,
 					   CFG80211_BSS_FTYPE_PRESP,
-					   fake_router_bssid,
-					   ktime_get_boottime_ns(),
+					   fake_router_bssid, tsf,
 					   WLAN_CAPABILITY_ESS, 0,
 					   (void *)&ssid, sizeof(ssid),
 					   DBM_TO_MBM(-50), GFP_KERNEL);
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* [PATCH AUTOSEL 5.10 46/46] lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS
  2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
                   ` (43 preceding siblings ...)
  2021-04-12 16:24 ` [PATCH AUTOSEL 5.10 45/46] virt_wifi: Return micros for BSS TSF values Sasha Levin
@ 2021-04-12 16:24 ` Sasha Levin
  44 siblings, 0 replies; 56+ messages in thread
From: Sasha Levin @ 2021-04-12 16:24 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Julian Braha, Andreas Schwab, Geert Uytterhoeven,
	Necip Fazil Yildiran, Andrew Morton, Linus Torvalds, Sasha Levin

From: Julian Braha <julianbraha@gmail.com>

[ Upstream commit 7d37cb2c912dc5c25ffac784a4f9b98c06c6bd08 ]

When LATENCYTOP, LOCKDEP, or FAULT_INJECTION_STACKTRACE_FILTER is
enabled and ARCH_WANT_FRAME_POINTERS is disabled, Kbuild gives a warning
such as:

  WARNING: unmet direct dependencies detected for FRAME_POINTER
    Depends on [n]: DEBUG_KERNEL [=y] && (M68K || UML || SUPERH) || ARCH_WANT_FRAME_POINTERS [=n] || MCOUNT [=n]
    Selected by [y]:
    - LATENCYTOP [=y] && DEBUG_KERNEL [=y] && STACKTRACE_SUPPORT [=y] && PROC_FS [=y] && !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC && !X86

Depending on ARCH_WANT_FRAME_POINTERS causes a recursive dependency
error.  ARCH_WANT_FRAME_POINTERS is to be selected by the architecture,
and is not supposed to be overridden by other config options.

Link: https://lkml.kernel.org/r/20210329165329.27994-1-julianbraha@gmail.com
Signed-off-by: Julian Braha <julianbraha@gmail.com>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Necip Fazil Yildiran <fazilyildiran@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 lib/Kconfig.debug | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index c789b39ed527..dcf4a9028e16 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1302,7 +1302,7 @@ config LOCKDEP
 	bool
 	depends on DEBUG_KERNEL && LOCK_DEBUGGING_SUPPORT
 	select STACKTRACE
-	select FRAME_POINTER if !MIPS && !PPC && !ARM && !S390 && !MICROBLAZE && !ARC && !X86
+	depends on FRAME_POINTER || MIPS || PPC || S390 || MICROBLAZE || ARM || ARC || X86
 	select KALLSYMS
 	select KALLSYMS_ALL
 
@@ -1596,7 +1596,7 @@ config LATENCYTOP
 	depends on DEBUG_KERNEL
 	depends on STACKTRACE_SUPPORT
 	depends on PROC_FS
-	select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC && !X86
+	depends on FRAME_POINTER || MIPS || PPC || S390 || MICROBLAZE || ARM || ARC || X86
 	select KALLSYMS
 	select KALLSYMS_ALL
 	select STACKTRACE
@@ -1849,7 +1849,7 @@ config FAULT_INJECTION_STACKTRACE_FILTER
 	depends on FAULT_INJECTION_DEBUG_FS && STACKTRACE_SUPPORT
 	depends on !X86_64
 	select STACKTRACE
-	select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC && !X86
+	depends on FRAME_POINTER || MIPS || PPC || S390 || MICROBLAZE || ARM || ARC || X86
 	help
 	  Provide stacktrace filter for fault-injection capabilities
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 56+ messages in thread

* Re: [PATCH AUTOSEL 5.10 41/46] net/rds: Avoid potential use after free in rds_send_remove_from_sock
  2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 41/46] net/rds: Avoid potential use after free in rds_send_remove_from_sock Sasha Levin
@ 2021-04-19  8:49   ` Pavel Machek
  0 siblings, 0 replies; 56+ messages in thread
From: Pavel Machek @ 2021-04-19  8:49 UTC (permalink / raw)
  To: Sasha Levin
  Cc: linux-kernel, stable, Aditya Pakki, Santosh Shilimkar,
	David S . Miller, netdev, linux-rdma, rds-devel

[-- Attachment #1: Type: text/plain, Size: 1254 bytes --]

Hi!

> From: Aditya Pakki <pakki001@umn.edu>
> 
> [ Upstream commit 0c85a7e87465f2d4cbc768e245f4f45b2f299b05 ]
> 
> In case of rs failure in rds_send_remove_from_sock(), the 'rm' resource
> is freed and later under spinlock, causing potential use-after-free.
> Set the free pointer to NULL to avoid undefined behavior.

This patch is crazy. It adds dead code.

> +++ b/net/rds/message.c
> @@ -180,6 +180,7 @@ void rds_message_put(struct rds_message *rm)
>  		rds_message_purge(rm);
>  
>  		kfree(rm);
> +		rm = NULL;
>  	}
>  }

We are already exiting function, changing local variable has no
effect.

> +++ b/net/rds/send.c
> @@ -665,7 +665,7 @@ static void rds_send_remove_from_sock(struct list_head *messages, int status)
>  unlock_and_drop:
>  		spin_unlock_irqrestore(&rm->m_rs_lock, flags);
>  		rds_message_put(rm);
> -		if (was_on_sock)
> +		if (was_on_sock && rm)
>  			rds_message_put(rm);
>  	}

If rm was non-NULL calling first rds_message_put (and it was,
otherwise we oopsed), it is still non-NULL in second test.

Best regards,
								Pavel
-- 
'DENX Software Engineering GmbH,      Managing Director:    Wolfgang Denk'
'HRB 165235 Munich, Office: Kirchenstr.5, D-82194	Groebenzell, Germany'
	

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

^ permalink raw reply	[flat|nested] 56+ messages in thread

end of thread, other threads:[~2021-04-19  8:49 UTC | newest]

Thread overview: 56+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-12 16:23 [PATCH AUTOSEL 5.10 01/46] net: ieee802154: fix nl802154 del llsec key Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 02/46] net: ieee802154: fix nl802154 del llsec dev Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 03/46] net: ieee802154: fix nl802154 add llsec key Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 04/46] net: ieee802154: fix nl802154 del llsec devkey Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 05/46] net: ieee802154: nl-mac: fix check on panid Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 06/46] ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 07/46] ARM: dts: Fix moving mmc devices with aliases for omap4 & 5 Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 08/46] lockdep: Add a missing initialization hint to the "INFO: Trying to register non-static key" message Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 09/46] arc: kernel: Return -EFAULT if copy_to_user() fails Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 10/46] iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 11/46] xfrm: BEET mode doesn't support fragments for inner packets Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 12/46] ASoC: max98373: Changed amp shutdown register as volatile Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 13/46] ASoC: max98373: Added 30ms turn on/off time delay Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 14/46] gpu/xen: Fix a use after free in xen_drm_drv_init Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 15/46] neighbour: Disregard DEAD dst in neigh_update Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 16/46] ARM: keystone: fix integer overflow warning Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 17/46] ARM: omap1: fix building with clang IAS Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 18/46] drivers: net: fix memory leak in atusb_probe Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 19/46] drivers: net: fix memory leak in peak_usb_create_dev Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 20/46] drm/msm: Fix a5xx/a6xx timestamps Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 21/46] ASoC: fsl_esai: Fix TDM slot setup for I2S mode Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 22/46] scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 23/46] iwlwifi: add support for Qu with AX201 device Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 24/46] net: ieee802154: forbid monitor for set llsec params Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 25/46] net: ieee802154: stop dump llsec keys for monitors Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 26/46] net: ieee802154: forbid monitor for add llsec key Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 27/46] net: ieee802154: forbid monitor for del " Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 28/46] net: ieee802154: stop dump llsec devs for monitors Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 29/46] net: ieee802154: forbid monitor for add llsec dev Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 30/46] net: ieee802154: forbid monitor for del " Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 31/46] net: ieee802154: stop dump llsec devkeys for monitors Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 32/46] net: ieee802154: forbid monitor for add llsec devkey Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 33/46] net: ieee802154: forbid monitor for del " Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 34/46] net: ieee802154: stop dump llsec seclevels for monitors Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 35/46] net: ieee802154: forbid monitor for add llsec seclevel Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 36/46] net: ieee802154: forbid monitor for del " Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 37/46] net: ieee802154: stop dump llsec params for monitors Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 38/46] net: mac802154: Fix general protection fault Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 39/46] pcnet32: Use pci_resource_len to validate PCI resource Sasha Levin
2021-04-12 16:23   ` Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 40/46] net: tun: set tun->dev->addr_len during TUNSETLINK processing Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 41/46] net/rds: Avoid potential use after free in rds_send_remove_from_sock Sasha Levin
2021-04-19  8:49   ` Pavel Machek
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 42/46] net: tipc: Fix spelling errors in net/tipc module Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 43/46] mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN Sasha Levin
2021-04-12 16:23 ` [PATCH AUTOSEL 5.10 44/46] cfg80211: remove WARN_ON() in cfg80211_sme_connect Sasha Levin
2021-04-12 16:24 ` [PATCH AUTOSEL 5.10 45/46] virt_wifi: Return micros for BSS TSF values Sasha Levin
2021-04-12 16:24 ` [PATCH AUTOSEL 5.10 46/46] lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS Sasha Levin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.