From 5fb3b14a350cd19f94d224b07a0c1fc9dcffdc0f Mon Sep 17 00:00:00 2001 From: Jan200101 Date: Wed, 19 Oct 2022 20:04:08 +0200 Subject: kernel 5.19.16 --- SOURCES/patch-5.19-redhat.patch | 416 +--------------------------------------- 1 file changed, 3 insertions(+), 413 deletions(-) (limited to 'SOURCES/patch-5.19-redhat.patch') diff --git a/SOURCES/patch-5.19-redhat.patch b/SOURCES/patch-5.19-redhat.patch index 2012e45..3a8675f 100644 --- a/SOURCES/patch-5.19-redhat.patch +++ b/SOURCES/patch-5.19-redhat.patch @@ -44,10 +44,8 @@ drivers/net/phy/bcm-phy-lib.h | 19 + drivers/net/phy/bcm-phy-ptp.c | 944 +++++++++++++++++++++ drivers/net/phy/broadcom.c | 33 +- - drivers/net/wireless/mac80211_hwsim.c | 2 + drivers/pci/quirks.c | 24 + drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 +- - drivers/scsi/stex.c | 17 +- drivers/soc/bcm/bcm2835-power.c | 72 +- drivers/usb/core/hub.c | 7 + include/linux/efi.h | 22 +- @@ -56,17 +54,10 @@ include/linux/mfd/bcm2835-pm.h | 1 + include/linux/rmi.h | 1 + include/linux/security.h | 5 + - include/scsi/scsi_cmnd.h | 2 +- init/Kconfig | 2 +- kernel/module/signing.c | 9 +- net/bluetooth/hci_event.c | 20 + net/ipv4/fib_semantics.c | 8 +- - net/mac80211/ieee80211_i.h | 8 + - net/mac80211/rx.c | 12 +- - net/mac80211/util.c | 34 +- - net/mctp/af_mctp.c | 23 +- - net/mctp/route.c | 10 +- - net/wireless/scan.c | 77 +- scripts/pahole-flags.sh | 4 + scripts/tags.sh | 2 + security/integrity/platform_certs/load_uefi.c | 6 +- @@ -74,7 +65,7 @@ security/lockdown/lockdown.c | 1 + security/security.c | 6 + tools/testing/selftests/net/fib_nexthops.sh | 5 + - 76 files changed, 1939 insertions(+), 425 deletions(-) + 67 files changed, 1823 insertions(+), 356 deletions(-) diff --git a/Documentation/devicetree/bindings/gpu/brcm,bcm-v3d.yaml b/Documentation/devicetree/bindings/gpu/brcm,bcm-v3d.yaml index e6485f7b046f..217c42874f41 100644 @@ -266,7 +257,7 @@ index 000000000000..733a26bd887a + +endmenu diff --git a/Makefile b/Makefile -index af05237987ef..ec594b2177f0 100644 +index a1d1978bbd03..d636b4d23342 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -2947,19 +2938,6 @@ index e36809aa6d30..876bc45ede60 100644 return 0; } -diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index b511e705a46e..6c81422fd226 100644 ---- a/drivers/net/wireless/mac80211_hwsim.c -+++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -4251,6 +4251,8 @@ static int hwsim_cloned_frame_received_nl(struct sk_buff *skb_2, - - rx_status.band = channel->band; - rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]); -+ if (rx_status.rate_idx >= data2->hw->wiphy->bands[rx_status.band]->n_bitrates) -+ goto out; - rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]); - - hdr = (void *)skb->data; diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 2e68f50bc7ae..00e1d5bc83a5 100644 --- a/drivers/pci/quirks.c @@ -3027,36 +3005,6 @@ index 5223d4c9afdf..39f14a5b78cd 100644 } } -diff --git a/drivers/scsi/stex.c b/drivers/scsi/stex.c -index e6420f2127ce..8def242675ef 100644 ---- a/drivers/scsi/stex.c -+++ b/drivers/scsi/stex.c -@@ -665,16 +665,17 @@ static int stex_queuecommand_lck(struct scsi_cmnd *cmd) - return 0; - case PASSTHRU_CMD: - if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) { -- struct st_drvver ver; -+ const struct st_drvver ver = { -+ .major = ST_VER_MAJOR, -+ .minor = ST_VER_MINOR, -+ .oem = ST_OEM, -+ .build = ST_BUILD_VER, -+ .signature[0] = PASSTHRU_SIGNATURE, -+ .console_id = host->max_id - 1, -+ .host_no = hba->host->host_no, -+ }; - size_t cp_len = sizeof(ver); - -- ver.major = ST_VER_MAJOR; -- ver.minor = ST_VER_MINOR; -- ver.oem = ST_OEM; -- ver.build = ST_BUILD_VER; -- ver.signature[0] = PASSTHRU_SIGNATURE; -- ver.console_id = host->max_id - 1; -- ver.host_no = hba->host->host_no; - cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len); - if (sizeof(ver) == cp_len) - cmd->result = DID_OK << 16; diff --git a/drivers/soc/bcm/bcm2835-power.c b/drivers/soc/bcm/bcm2835-power.c index 1e0041ec8132..5bcd047768b6 100644 --- a/drivers/soc/bcm/bcm2835-power.c @@ -3358,19 +3306,6 @@ index 3cc127bb5bfd..2fecdfb03eb5 100644 #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) -diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h -index 1e80e70dfa92..5ce1aac64edd 100644 ---- a/include/scsi/scsi_cmnd.h -+++ b/include/scsi/scsi_cmnd.h -@@ -201,7 +201,7 @@ static inline unsigned int scsi_get_resid(struct scsi_cmnd *cmd) - for_each_sg(scsi_sglist(cmd), sg, nseg, __i) - - static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd, -- void *buf, int buflen) -+ const void *buf, int buflen) - { - return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd), - buf, buflen); diff --git a/init/Kconfig b/init/Kconfig index c7900e8975f1..ea721c12c251 100644 --- a/init/Kconfig @@ -3460,351 +3395,6 @@ index db7b2503f068..36653cd5964a 100644 nh = fib_info_nh(fi, 0); if (cfg->fc_encap) { if (fib_encap_match(net, cfg->fc_encap_type, -diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 48fbccbf2a54..44c8701af95c 100644 ---- a/net/mac80211/ieee80211_i.h -+++ b/net/mac80211/ieee80211_i.h -@@ -1640,6 +1640,14 @@ struct ieee802_11_elems { - - /* whether a parse error occurred while retrieving these elements */ - bool parse_error; -+ -+ /* -+ * scratch buffer that can be used for various element parsing related -+ * tasks, e.g., element de-fragmentation etc. -+ */ -+ size_t scratch_len; -+ u8 *scratch_pos; -+ u8 scratch[]; - }; - - static inline struct ieee80211_local *hw_to_local( -diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c -index b938806a5184..2d584a86dbf3 100644 ---- a/net/mac80211/rx.c -+++ b/net/mac80211/rx.c -@@ -1988,10 +1988,11 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) - - if (mmie_keyidx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS || - mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS + -- NUM_DEFAULT_BEACON_KEYS) { -- cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev, -- skb->data, -- skb->len); -+ NUM_DEFAULT_BEACON_KEYS) { -+ if (rx->sdata->dev) -+ cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev, -+ skb->data, -+ skb->len); - return RX_DROP_MONITOR; /* unexpected BIP keyidx */ - } - -@@ -2139,7 +2140,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) - /* either the frame has been decrypted or will be dropped */ - status->flag |= RX_FLAG_DECRYPTED; - -- if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE)) -+ if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE && -+ rx->sdata->dev)) - cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev, - skb->data, skb->len); - -diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index 3f698e508dd7..8f36ab8fcfb2 100644 ---- a/net/mac80211/util.c -+++ b/net/mac80211/util.c -@@ -1439,6 +1439,8 @@ static size_t ieee802_11_find_bssid_profile(const u8 *start, size_t len, - for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, start, len) { - if (elem->datalen < 2) - continue; -+ if (elem->data[0] < 1 || elem->data[0] > 8) -+ continue; - - for_each_element(sub, elem->data + 1, elem->datalen - 1) { - u8 new_bssid[ETH_ALEN]; -@@ -1501,25 +1503,27 @@ struct ieee802_11_elems *ieee802_11_parse_elems_crc(const u8 *start, size_t len, - const struct element *non_inherit = NULL; - u8 *nontransmitted_profile; - int nontransmitted_profile_len = 0; -+ size_t scratch_len = len; - -- elems = kzalloc(sizeof(*elems), GFP_ATOMIC); -+ elems = kzalloc(sizeof(*elems) + scratch_len, GFP_ATOMIC); - if (!elems) - return NULL; - elems->ie_start = start; - elems->total_len = len; -- -- nontransmitted_profile = kmalloc(len, GFP_ATOMIC); -- if (nontransmitted_profile) { -- nontransmitted_profile_len = -- ieee802_11_find_bssid_profile(start, len, elems, -- transmitter_bssid, -- bss_bssid, -- nontransmitted_profile); -- non_inherit = -- cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE, -- nontransmitted_profile, -- nontransmitted_profile_len); -- } -+ elems->scratch_len = scratch_len; -+ elems->scratch_pos = elems->scratch; -+ -+ nontransmitted_profile = elems->scratch_pos; -+ nontransmitted_profile_len = -+ ieee802_11_find_bssid_profile(start, len, elems, -+ transmitter_bssid, -+ bss_bssid, -+ nontransmitted_profile); -+ elems->scratch_pos += nontransmitted_profile_len; -+ elems->scratch_len -= nontransmitted_profile_len; -+ non_inherit = cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE, -+ nontransmitted_profile, -+ nontransmitted_profile_len); - - crc = _ieee802_11_parse_elems_crc(start, len, action, elems, filter, - crc, non_inherit); -@@ -1548,8 +1552,6 @@ struct ieee802_11_elems *ieee802_11_parse_elems_crc(const u8 *start, size_t len, - offsetofend(struct ieee80211_bssid_index, dtim_count)) - elems->dtim_count = elems->bssid_index->dtim_count; - -- kfree(nontransmitted_profile); -- - elems->crc = crc; - - return elems; -diff --git a/net/mctp/af_mctp.c b/net/mctp/af_mctp.c -index c2fc2a7b2528..b6b5e496fa40 100644 ---- a/net/mctp/af_mctp.c -+++ b/net/mctp/af_mctp.c -@@ -295,11 +295,12 @@ __must_hold(&net->mctp.keys_lock) - mctp_dev_release_key(key->dev, key); - spin_unlock_irqrestore(&key->lock, flags); - -- hlist_del(&key->hlist); -- hlist_del(&key->sklist); -- -- /* unref for the lists */ -- mctp_key_unref(key); -+ if (!hlist_unhashed(&key->hlist)) { -+ hlist_del_init(&key->hlist); -+ hlist_del_init(&key->sklist); -+ /* unref for the lists */ -+ mctp_key_unref(key); -+ } - - kfree_skb(skb); - } -@@ -373,9 +374,17 @@ static int mctp_ioctl_alloctag(struct mctp_sock *msk, unsigned long arg) - - ctl.tag = tag | MCTP_TAG_OWNER | MCTP_TAG_PREALLOC; - if (copy_to_user((void __user *)arg, &ctl, sizeof(ctl))) { -- spin_lock_irqsave(&key->lock, flags); -- __mctp_key_remove(key, net, flags, MCTP_TRACE_KEY_DROPPED); -+ unsigned long fl2; -+ /* Unwind our key allocation: the keys list lock needs to be -+ * taken before the individual key locks, and we need a valid -+ * flags value (fl2) to pass to __mctp_key_remove, hence the -+ * second spin_lock_irqsave() rather than a plain spin_lock(). -+ */ -+ spin_lock_irqsave(&net->mctp.keys_lock, flags); -+ spin_lock_irqsave(&key->lock, fl2); -+ __mctp_key_remove(key, net, fl2, MCTP_TRACE_KEY_DROPPED); - mctp_key_unref(key); -+ spin_unlock_irqrestore(&net->mctp.keys_lock, flags); - return -EFAULT; - } - -diff --git a/net/mctp/route.c b/net/mctp/route.c -index 3b24b8d18b5b..2155f15a074c 100644 ---- a/net/mctp/route.c -+++ b/net/mctp/route.c -@@ -228,12 +228,12 @@ __releases(&key->lock) - - if (!key->manual_alloc) { - spin_lock_irqsave(&net->mctp.keys_lock, flags); -- hlist_del(&key->hlist); -- hlist_del(&key->sklist); -+ if (!hlist_unhashed(&key->hlist)) { -+ hlist_del_init(&key->hlist); -+ hlist_del_init(&key->sklist); -+ mctp_key_unref(key); -+ } - spin_unlock_irqrestore(&net->mctp.keys_lock, flags); -- -- /* unref for the lists */ -- mctp_key_unref(key); - } - - /* and one for the local reference */ -diff --git a/net/wireless/scan.c b/net/wireless/scan.c -index 0134e5d5c81a..39fb9cc25cdc 100644 ---- a/net/wireless/scan.c -+++ b/net/wireless/scan.c -@@ -143,18 +143,12 @@ static inline void bss_ref_get(struct cfg80211_registered_device *rdev, - lockdep_assert_held(&rdev->bss_lock); - - bss->refcount++; -- if (bss->pub.hidden_beacon_bss) { -- bss = container_of(bss->pub.hidden_beacon_bss, -- struct cfg80211_internal_bss, -- pub); -- bss->refcount++; -- } -- if (bss->pub.transmitted_bss) { -- bss = container_of(bss->pub.transmitted_bss, -- struct cfg80211_internal_bss, -- pub); -- bss->refcount++; -- } -+ -+ if (bss->pub.hidden_beacon_bss) -+ bss_from_pub(bss->pub.hidden_beacon_bss)->refcount++; -+ -+ if (bss->pub.transmitted_bss) -+ bss_from_pub(bss->pub.transmitted_bss)->refcount++; - } - - static inline void bss_ref_put(struct cfg80211_registered_device *rdev, -@@ -304,7 +298,8 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, - tmp_old = cfg80211_find_ie(WLAN_EID_SSID, ie, ielen); - tmp_old = (tmp_old) ? tmp_old + tmp_old[1] + 2 : ie; - -- while (tmp_old + tmp_old[1] + 2 - ie <= ielen) { -+ while (tmp_old + 2 - ie <= ielen && -+ tmp_old + tmp_old[1] + 2 - ie <= ielen) { - if (tmp_old[0] == 0) { - tmp_old++; - continue; -@@ -364,7 +359,8 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, - * copied to new ie, skip ssid, capability, bssid-index ie - */ - tmp_new = sub_copy; -- while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) { -+ while (tmp_new + 2 - sub_copy <= subie_len && -+ tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) { - if (!(tmp_new[0] == WLAN_EID_NON_TX_BSSID_CAP || - tmp_new[0] == WLAN_EID_SSID)) { - memcpy(pos, tmp_new, tmp_new[1] + 2); -@@ -427,6 +423,15 @@ cfg80211_add_nontrans_list(struct cfg80211_bss *trans_bss, - - rcu_read_unlock(); - -+ /* -+ * This is a bit weird - it's not on the list, but already on another -+ * one! The only way that could happen is if there's some BSSID/SSID -+ * shared by multiple APs in their multi-BSSID profiles, potentially -+ * with hidden SSID mixed in ... ignore it. -+ */ -+ if (!list_empty(&nontrans_bss->nontrans_list)) -+ return -EINVAL; -+ - /* add to the list */ - list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list); - return 0; -@@ -1602,6 +1607,23 @@ struct cfg80211_non_tx_bss { - u8 bssid_index; - }; - -+static void cfg80211_update_hidden_bsses(struct cfg80211_internal_bss *known, -+ const struct cfg80211_bss_ies *new_ies, -+ const struct cfg80211_bss_ies *old_ies) -+{ -+ struct cfg80211_internal_bss *bss; -+ -+ /* Assign beacon IEs to all sub entries */ -+ list_for_each_entry(bss, &known->hidden_list, hidden_list) { -+ const struct cfg80211_bss_ies *ies; -+ -+ ies = rcu_access_pointer(bss->pub.beacon_ies); -+ WARN_ON(ies != old_ies); -+ -+ rcu_assign_pointer(bss->pub.beacon_ies, new_ies); -+ } -+} -+ - static bool - cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, - struct cfg80211_internal_bss *known, -@@ -1625,7 +1647,6 @@ cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, - kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); - } else if (rcu_access_pointer(new->pub.beacon_ies)) { - const struct cfg80211_bss_ies *old; -- struct cfg80211_internal_bss *bss; - - if (known->pub.hidden_beacon_bss && - !list_empty(&known->hidden_list)) { -@@ -1653,16 +1674,7 @@ cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, - if (old == rcu_access_pointer(known->pub.ies)) - rcu_assign_pointer(known->pub.ies, new->pub.beacon_ies); - -- /* Assign beacon IEs to all sub entries */ -- list_for_each_entry(bss, &known->hidden_list, hidden_list) { -- const struct cfg80211_bss_ies *ies; -- -- ies = rcu_access_pointer(bss->pub.beacon_ies); -- WARN_ON(ies != old); -- -- rcu_assign_pointer(bss->pub.beacon_ies, -- new->pub.beacon_ies); -- } -+ cfg80211_update_hidden_bsses(known, new->pub.beacon_ies, old); - - if (old) - kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); -@@ -1739,6 +1751,8 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, - new->refcount = 1; - INIT_LIST_HEAD(&new->hidden_list); - INIT_LIST_HEAD(&new->pub.nontrans_list); -+ /* we'll set this later if it was non-NULL */ -+ new->pub.transmitted_bss = NULL; - - if (rcu_access_pointer(tmp->pub.proberesp_ies)) { - hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN); -@@ -2021,10 +2035,15 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, - spin_lock_bh(&rdev->bss_lock); - if (cfg80211_add_nontrans_list(non_tx_data->tx_bss, - &res->pub)) { -- if (__cfg80211_unlink_bss(rdev, res)) -+ if (__cfg80211_unlink_bss(rdev, res)) { - rdev->bss_generation++; -+ res = NULL; -+ } - } - spin_unlock_bh(&rdev->bss_lock); -+ -+ if (!res) -+ return NULL; - } - - trace_cfg80211_return_bss(&res->pub); -@@ -2143,6 +2162,8 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, - for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, ie, ielen) { - if (elem->datalen < 4) - continue; -+ if (elem->data[0] < 1 || (int)elem->data[0] > 8) -+ continue; - for_each_element(sub, elem->data + 1, elem->datalen - 1) { - u8 profile_len; - -@@ -2279,7 +2300,7 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, - size_t new_ie_len; - struct cfg80211_bss_ies *new_ies; - const struct cfg80211_bss_ies *old; -- u8 cpy_len; -+ size_t cpy_len; - - lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock); - -@@ -2346,6 +2367,8 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, - } else { - old = rcu_access_pointer(nontrans_bss->beacon_ies); - rcu_assign_pointer(nontrans_bss->beacon_ies, new_ies); -+ cfg80211_update_hidden_bsses(bss_from_pub(nontrans_bss), -+ new_ies, old); - rcu_assign_pointer(nontrans_bss->ies, new_ies); - if (old) - kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh index 0d99ef17e4a5..d4f3d63cb434 100755 --- a/scripts/pahole-flags.sh @@ -3832,7 +3422,7 @@ index 01fab3d4f90b..2ae5dfc904f9 100755 # Use make KBUILD_ABS_SRCTREE=1 {tags|cscope} # to force full paths for a non-O= build diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c -index 093894a640dc..1c43a9462b4b 100644 +index b78753d27d8e..f0b37800431a 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -73,7 +73,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, -- cgit v1.2.3