brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
894,855 Commits 19 Branches 467 Tags 3.3 GiB
Commit Graph

2349 Commits

Author SHA1 Message Date
Andrey Zhizhikin ac38cd4203 This is the 5.4.138 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmEKa7oACgkQONu9yGCS
 aT4pag//XpTqY8Qv8aaYd4p88jw2rX/gV6/J3rRLFlbpWL8smmCFs83nGNo3xnJ6
 Avc8Bt/HhIPEdFbt12Og2ZlX/6zWMpa9YfaWOKNtafFUjjS+Lol+k9E7P7pOWobC
 N2Diq1PCLoSgbi0V/4bJrVyty8Y85ENoCXKNgpSyBAUqsTl3ToVNqaLAt+Z7r5W3
 JUN/khdQ8Ve/lcUUExL3ahqsjKSciDZZheC2DMjkvu0+8NXjkAcwINPSoT9oloOf
 dBiMC/iE7/CJbMdWGe/dTmjeoQfBRrwqYefm/FvDmLfriiADT0HxD6Nkda/03KgW
 eSI7dGw7jkg16KaYnSWnUZba9pr+/Dq8GmsUjKRZa+CbVmH8FBBBDuiyG4lOYB/t
 U4ZjeUR0Kaue3YTVb9WavaDLPDFwTgW7OFbdmmnPM98YDSeZwaHQKgT5Kw7M+VqD
 4i0eMhnPr5FTodQJ/uMMvKFJ9uOeoU8WjGFQeNZGa15m6fLCwDSUoVNSMwVJbHKC
 yxSQ/uEVkgapfdXnb5G8j5dzGXuvuQYyoNF5pmzJpSuTLuN646ewP+crNR33CqIT
 FRG+tEoTAqMLt6n6s5pd9G0Xc7MNTSzy4G5ijuFwiwqdog/ZtqET6mP+bRe2bgb2
 OnDPXkcdMPuNiKp341hDDDcpmJfPwS8W+hfciG3dx55Um7Ajv/A=
 =y8rJ
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmEL2VEACgkQ7G51OISz
 Hs1x5Q//XTVTZ1jW7VIqvkd7B3h+FUbO/GDFufvrUzokFH731ZRryHcmszbXg/Yh
 B+YSGyRA/hnikXppDgPfn2zzSzlkOWOcXk94RgdcGTMOFwZ6T+8NayC52kAlXgE4
 qQO4fqWJeDLKxE9TCpk2aMOml6HDyvyv0lEuQle2dkSSMZI4FLfCmEb6398jvi0K
 iF/JtLHTKXmEcFfwQoqqL7gGWQhAo76l+NGw91qK5whlEPEj2J8XKGwt8/0HqYLD
 A397ssNsbtWckpgn40DuxKSh2trztZcjRcjzG902wJLm7Cr3P8ns2HL+L/McN+uj
 hiKuyY7A84ZXDbbr8SjKAjeBS6zXKddRij819uNXl/xVYBIiX89XMg1tfnbGCSy5
 GR6WQXQx1J8eMXCk8wLHOxwRAlwlCoZdq3sCcW2xpaxD8N+B0ZymszxHB/TquHj6
 WuJ7HW79FNjWnK5QFoT0wKMjrotsDnn+P0MMzuR9pNs9MleLrwLNaZCKYWyRsbeX
 36OreETjhezPHv4TsfaeKK5vgsSOE6TFiclz0JzcFdxtPhMLR3bmerig8GZ22BuY
 j3Ib60Z1iO0/ZcZB1cFb6ZQO/HofCQuAWuZI06LRIGzU9uM9j7PKnL+lF5N/xm9A
 cZgbtmDKVxGQLCFOFr+vOTFiwvyM7y9n9QgHAJ0L7StMzsYfgEs=
 =q+oi
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.138' into 5.4-2.3.x-imx

This is the 5.4.138 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-08-05 12:27:59 +00:00
Nguyen Dinh Phi 1c04378340 cfg80211: Fix possible memory leak in function cfg80211_bss_update 
commit f9a5c358c8d26fed0cc45f2afc64633d4ba21dff upstream.

When we exceed the limit of BSS entries, this function will free the
new entry, however, at this time, it is the last door to access the
inputed ies, so these ies will be unreferenced objects and cause memory
leak.
Therefore we should free its ies before deallocating the new entry, beside
of dropping it from hidden_list.

Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com>
Link: https://lore.kernel.org/r/20210628132334.851095-1-phind.uet@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-08-04 12:27:38 +02:00
Andrey Zhizhikin 0615afea9f This is the 5.4.133 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmD1IXQACgkQONu9yGCS
 aT50sBAAtueT2WsCuD1psEN219cK0e7AuLrHXtAnkHFJIPWnzS0vyBy7/hmFwWtq
 sBSenqG8qufqtLVnMkeEAhu2/sk/5NHRPQJtK0k4hCzt8FQuiVQco1raOtetIJx+
 +wBfE4FAGDmiYGkcuzh61n1euvpBetXd9HFfWtSfQq7Q3nN+sfv0q1V9ZK0MUJ8v
 ipvSY1hTSDEQQJ7cU48DDJtZUGNxrfEFzi4CLI2YVphzoHEbowd5nxtHUL5cwDhx
 3sHYJoN+5RAkRinzGyviDlRpodNUUkLusBzs54xNIzgdzkckEKniKotZ2lUGsEu+
 QQgj0paNB95GLkY/Rgn6AL03AQdYBgGIjHQkSaYJ+UM9TlacqgFMiGugn28bj0o/
 1F4s6zCWG5tuhM5zNcnTsJmwSPA3eZ0uI6NCkjKC/RAyD5SC6JQqcf5zYCzygdT/
 PpeFRcZGoxyQqmOjW2e+tpNAbHuIeayExx/6/3rw3b/xaR9Ju9mYxNDiIpYZwdc6
 FIWOsHG+bEEZANiWv6Ju7DfOTKg8F7mbm4Zrd00euIWEsxuUZO/lAzxPR8pPzsn7
 2k46PDrhah25Y/tbSE5hdKrLqSorSjIg+7CxLAk7LWPmq13zzEd8y+e/Bk5rFJ4T
 7vPLUb23OYFdrVMOXd1UyKhcP4CKyOf7IvG4SsZwj9WfWoNEDNg=
 =2WCO
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmD25jEACgkQ7G51OISz
 Hs1QgxAAl7FiNoI3XJ2GbS0bQAxYXeUtcQ6lJmHRD/6IEikDr12bQ9XMvF1k4o+P
 15MzTOndSRSW0Yxi5QXRTGcBuqbC+HhnUVHggJpUJugUt9Q5TtO6ZxVX0dkbMhp3
 AXK55Zm465y4dX6ys59IWL138xMKd0pBIfchlb3oSaiQ9qBFmKDXMEYDGOxDC3e9
 VR1EO5PfpzEgrGONO+Xxu+2IDWRiWfKGyIaZCIWsRqlsrjdOFMKbTL2iBwMgrqmi
 D3kndN6kGvxqoHCe3P9chKqNfU+P3durBNomhhXyBZBRNT2XW19UVpk3VIhqa5Dw
 7DA6zHihFuZlI9XEZKAr4cokxS9IRFWZBayYE4diMu4+BA45mKIS+1BRyPDozgRG
 cyp6QaGI8IEzdI1oa6WW/CR/zkhQKyIj/lhwlx98XJlkGoDtfSgGMx6QdmtH8Pfk
 Gmgg3aHV/AQMRasSfKPDLGWD0f3nVzneHh9ceK9/j8gjY+T6msVYw/p4kIhXZQCE
 cZplDehOsFtJubB5lXxe1PZzHedM5p0mrYousngjVhHjbe/5h243fj3gBsTJK3zZ
 XP74VPZyqwBtEUrMEL2nPlsQSDfeZRnNSCiXNq1vJg+skqJTMicv2TUP0134ME8K
 yUjmJxd46diY/bOPBL737MuWMlpm9Bpg31qRe92jSHovKrbZVTk=
 =rRdV
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.133' into 5.4-2.3.x-imx

This is the 5.4.133 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-07-20 15:05:19 +00:00
Gustavo A. R. Silva 1127eb86b2 wireless: wext-spy: Fix out-of-bounds warning 
[ Upstream commit e93bdd78406da9ed01554c51e38b2a02c8ef8025 ]

Fix the following out-of-bounds warning:

net/wireless/wext-spy.c:178:2: warning: 'memcpy' offset [25, 28] from the object at 'threshold' is out of the bounds of referenced subobject 'low' with type 'struct iw_quality' at offset 20 [-Warray-bounds]

The problem is that the original code is trying to copy data into a
couple of struct members adjacent to each other in a single call to
memcpy(). This causes a legitimate compiler warning because memcpy()
overruns the length of &threshold.low and &spydata->spy_thr_low. As
these are just a couple of struct members, fix this by using direct
assignments, instead of memcpy().

This helps with the ongoing efforts to globally enable -Warray-bounds
and get us closer to being able to tighten the FORTIFY_SOURCE routines
on memcpy().

Link: https://github.com/KSPP/linux/issues/109
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422200032.GA168995@embeddedor
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2021-07-19 08:53:12 +02:00
Andrey Zhizhikin 3aef3ef268 Linux 5.4.129 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmDcbxkACgkQ3qZv95d3
 LNxZMBAArNPLhVYdEDDFosb6Y/5RGjjZ/79OGHH0p5YiTo8D+wBHi+wXRl5Jp0PA
 3YVVU8lDTbeDm7E7uWeduWjFwEpsPBL8395scbhC6VR3PfnyunjarVXZgi6EHnMl
 p6HjXXtQ1jTrdDSziGDIhZVQT5FGb2/MMx9m69mfi5BTLjGfWy8chHFbC2GZszlp
 Znu9syjisUBbc4I4XHFgXw0hoQSSig6SUTZCrdTpIW/PZ0swfl8ZPxREh0CZNMpw
 Y2orRt+oHlkWPw1/sSkoTE1PRvXwNWFXyw5caOu846jAfhKtxO54SsqJqhM7VLHZ
 pdH4eb6q7AFyt0A62HkIqa5oabs5Vk9G24b8m5ggc2F/UTkHqgwUcMCud0d3DYL0
 Q7OEAmThQzHHKJ+CeNRJLsiKqVBNHmeS24B+ELldlAiX22vLr9pUsIb342Au1ZjR
 S3BTnneAbYGBv4qUoV2yUF9wQ/LxsFMSl/vmjCBOxg7c3LbKYChUwskYnvd6EwWj
 ObCyLU6FK9HWXSBSp/X+irlF1CLla+HuOC+Aej2U5a8DtmHId4LHMeq/XOxZ9s/8
 QUoX4rh5P+TJ8PIiTqXKrQo5rnR79MiYssIhUozKTdt9ZoMtXzI4mVLXN/yzAVD9
 v4aWYx8m2x17Wq+ptaLMSTSed4m3c25uEl4MucLBmKQV8ClAxW8=
 =Sijo
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmDchOoACgkQ7G51OISz
 Hs3s9Q/+OfeIcTzOY6qDX53PSxK5iF3xZEiPR5HOSVu1cY4+1tyt0bkYdQJ2N//d
 NH6YCuOsVI5chRxKN8b6I01U6xxQ0VNvj5RYmuC0AqhhzJBpfhh6FrrGuVxP+dCj
 aa2twfRZO+Y0yzrIYdSvYdRhJlEhMbKGNyHu871tyQQTlp0eQKy9lBhcCuVSCMso
 p64lRlK35GDi6TaWQ7R0SYOziWWSHByf4p3h4ZlpyhB7w6yMNjNrts4qSoZb2uOY
 I453WroS7tWV3qkOZ9FeqjHyg4mjBg87/wSMZ0DbBANinlQZW5YTOjE/WyPossL3
 C4jTP8NBLsng+ZfhAaMRfbvxGj5gbY0ghSOmsuglAOQDd+tlTfB23pkgHFlj6aie
 FUplJnTLd8VXPWkoNVKH6GfG2rZAUtQKM4EWDPt2KK3Dch9W3YH1bHL9EyxR0G7f
 aDBHM9egTyPOYNcfeVDj0KEJTrOxkmCcYz83D+eEDGKHi//Gcb+k9Gsg6q8X6Yxa
 ejFx5RBM5SW57LA70ZK3+HWhqfqcILYJT7Lxoue7bH+15vSGnTkmJKS80OUrP8w8
 y9gQ9WNsmjQUHvtKPAIZUZYlUS05FhtQ+faC8XyrLnfZj+ZCGBZor/KsNe0SP/UN
 bAYudfCn0YkjGfTNcljOe4oAnwmnVKAjGlQkHOFw+llmM0czEBk=
 =vpHo
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.129' into 5.4-2.3.x-imx

Linux 5.4.129

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-06-30 14:51:20 +00:00
Du Cheng f2c027a775 cfg80211: call cfg80211_leave_ocb when switching away from OCB 
[ Upstream commit a64b6a25dd9f984ed05fade603a00e2eae787d2f ]

If the userland switches back-and-forth between NL80211_IFTYPE_OCB and
NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), there is a
chance where the cleanup cfg80211_leave_ocb() is not called. This leads
to initialization of in-use memory (e.g. init u.ibss while in-use by
u.ocb) due to a shared struct/union within ieee80211_sub_if_data:

struct ieee80211_sub_if_data {
    ...
    union {
        struct ieee80211_if_ap ap;
        struct ieee80211_if_vlan vlan;
        struct ieee80211_if_managed mgd;
        struct ieee80211_if_ibss ibss; // <- shares address
        struct ieee80211_if_mesh mesh;
        struct ieee80211_if_ocb ocb; // <- shares address
        struct ieee80211_if_mntr mntr;
        struct ieee80211_if_nan nan;
    } u;
    ...
}

Therefore add handling of otype == NL80211_IFTYPE_OCB, during
cfg80211_change_iface() to perform cleanup when leaving OCB mode.

link to syzkaller bug:
https://syzkaller.appspot.com/bug?id=0612dbfa595bf4b9b680ff7b4948257b8e3732d5

Reported-by: syzbot+105896fac213f26056f9@syzkaller.appspotmail.com
Signed-off-by: Du Cheng <ducheng2@gmail.com>
Link: https://lore.kernel.org/r/20210428063941.105161-1-ducheng2@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2021-06-30 08:47:45 -04:00
Andrey Zhizhikin db8ff65069 This is the 5.4.128 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmDTLA4ACgkQONu9yGCS
 aT45xg/+IvxFaIOtutEBkFCJvEurRWSozjBKAfX9xtJQGSSKVyDvh7GZWfEXMxZc
 oNf8DWQKvaiZj2mRdgYp6Ilo27Ps6aN3vCo09z+U3mfGQLMbNpPYEvSq6Twl26NB
 8lL8b++0Jo7P+eOALHohBS125/E0etqhoc2HXDFp6pfksj6J7klxlyQ2NX9Ih8xm
 l7Cto5flCHM9g20/CNsqxXPWiuBKnzSvp9YH9HMDgjOV6YSktLGTHAJ8omjPm0V/
 pQVFOo4Kyx34exdA/IzrM/yV4iDThVtwL6+bNErWtl6LwiIcNK3esARYTNjbBBhK
 W156adxp6kl6LqMADr/y77WqvcH6H2PhpRnMj+6t21FpK7cTbXfqvxBfpOvE1Buh
 in95LJN1Iins1PTozBVHcUIpdESO5AN8/2aHq0LRLmVbaLlo6aj+sjdHNPvf7HwW
 8LDHtpGNao/spMuZmvvH+6i3iwuciINCRY9TVBDgkT5LhWhRHBl6+uSLEX/d+s3Z
 663Q6HPu+cfubR7UC8+QsMMtf7KD2yvQuadAz6n/Z41vvSYIUHPGsYtZUmsef3jP
 n4CTAmGavtyR5jaQNkuw8nnIn7cthONw94foFheBH0doxmkXPKcwqmWO9DH77n58
 unMT31ArVg9ObrO/YmLjEaV9X7VlfRf6yw7tey1RJXgrSD3nwgk=
 =9+GF
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmDTTjIACgkQ7G51OISz
 Hs1mJw/5AaIlIv+kMC0qP9aG5Y1uoUQ+fewr4Ofo9Kt8QlVcogdeM16URF7O2CDG
 mICWVXRqY+xWl/84XWJs11RRxfMnXp85myi1jyalOFDYojJp2qOkOyEi8zMg7wui
 N1kkPxEworm6ILrZRKNgT36ZfSEGAD2ogkp4wS/Fldwh2RNHtGUSw3xAPcqg0yDq
 +Ve3V06MDul/dyRup3MYtQ/Kxb5wCc+Lfwh+eXYZIu/DfXy3E4K3w8YB7NPazlTw
 dBlWU/S3Y0uyoq+DvfFQ+nL0GTe0ezGQB5n5n1eNRWg+mEn3IiWXkrBJfha2Swcl
 vv+Fy/5ro9elcn1oQF5uvwDoGHhq/KkR7TjRICY9zmVvJ79IcqZJ/Bdg5CEXM+xc
 EvZDAdXn26y2xKZJzKGQSe7QJurOuQpdW497h1DLGIhDs2sGDjhXuISPcNpjPJKG
 PdgpJ9kG4v2cYnW58UTdzQKNFg7jjFUiiQV/IIoiVlxhg7dVQnSKCgXHcngiZiuQ
 eUR9p7ahfEOlG2N5qTlJqom0HtiJ6I4a5TDQhXoEYlKfxr9711f2+cramhf2cle+
 +G64chvmKcv7Fyx5yIwSJrTJfi6vsuW5VMfXrvGIqjFUEjIGe9rQMhWH34A7s5tG
 RD0Tg90JJr0rNsNa+LZNPbRynbdPBbrVWdrVyXN+9HDs40oe8BY=
 =f7qZ
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.128' into 5.4-2.3.x-imx

This is the 5.4.128 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-06-23 15:07:27 +00:00
Avraham Stern 92e08a5ffa cfg80211: avoid double free of PMSR request 
commit 0288e5e16a2e18f0b7e61a2b70d9037fc6e4abeb upstream.

If cfg80211_pmsr_process_abort() moves all the PMSR requests that
need to be freed into a local list before aborting and freeing them.
As a result, it is possible that cfg80211_pmsr_complete() will run in
parallel and free the same PMSR request.

Fix it by freeing the request in cfg80211_pmsr_complete() only if it
is still in the original pmsr list.

Cc: stable@vger.kernel.org
Fixes: 9bb7e0f24e ("cfg80211: add peer measurement with FTM initiator API")
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210618133832.1fbef57e269a.I00294bebdb0680b892f8d1d5c871fd9dbe785a5e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-06-23 14:41:30 +02:00
Johannes Berg 01ade7c84f cfg80211: make certificate generation more robust 
commit b5642479b0f7168fe16d156913533fe65ab4f8d5 upstream.

If all net/wireless/certs/*.hex files are deleted, the build
will hang at this point since the 'cat' command will have no
arguments. Do "echo | cat - ..." so that even if the "..."
part is empty, the whole thing won't hang.

Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210618133832.c989056c3664.Ic3b77531d00b30b26dcd69c64e55ae2f60c3f31e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-06-23 14:41:29 +02:00
Andrey Zhizhikin 276aedc8f1 This is the 5.4.125 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmDB+Z8ACgkQONu9yGCS
 aT5qig//WVut449WUeYQLKD8rAB5CUVm2Xl3509Ts8W6LSzYGHiYv1SRVeH2y1lS
 QnfCnBciopl2UyYxqXGQwoRYdY1T2E/MWUmwGUk0/qlZYOzg5xQ368Shm0lvohJI
 DsywZrYqJDUCoeyXoWJYrq/3RiAvMK30teKDcn1A2HhhWdo0nsGLp1GUX396ptcV
 3xw2ZvCVwuikwxq5jlQKUEkH59TD/ZkCzvn9gfd86FY1R0ohApLJckhGIuT3wA1c
 Tfekgvfngx1HcEWIAzWFqZPoB8mOF5pn06yZhuPdMKa8UUq78ckN7kbchERj2wJD
 cDFSQQrMI3nL9sA8ryYV1YFl3fyGX5Epm4O465whzjKWoZ9HwN+iwl6Qv+kOmX41
 YUmpUplhsPN+I7+cX1jF7Ohw583uDbFPw6XbyZ0ArZr03JVVv4Vjrv5QA9fVHR06
 OP7+zEUlBtu/g3k0Bj5MU8UKem0shXavkPqukrtB+MhrXh2VngEXEVOvKMOFgA4b
 BnBEga4SrCR/wB+SucIV4fqzV0tq4HD/cPpy67OafrWoqhwlnBsMCQUd+puxkCnM
 y+eEoRwTzRSW+U9y8KdAERW8qSR/vCyKCUoaKxOV3Jj0v8xp0Y6VHKlKmb//w5Gn
 Lk7sNjD60Um3Au53A5pJvh8qNg+OsNc46sEmGGndE4Mrada93gE=
 =O2C+
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmDCIf8ACgkQ7G51OISz
 Hs04IA/9HPtgSX+5Uha8T9IWUKxKwK8BwXAnBnowBkt76X50PLR7/i1wD3WmNdMc
 nVe+bScX6gTjhbqICO2toDZ+lcqWsM00cHPnjZGGwnGDFIvlbxYAYZt/dPTHxgze
 YXDu7dxY5Cb3tAYBX1Ng165Rti9gJC8QNGOLXiCOUhDSTNMepe02wi6bKR3jN/hm
 jjl02Qo9BQI70a1w3zOFHH8ffQuUdOoTFji8hq2u+cJ1tP6FuftJyPvIAm+MDLNd
 83dg1P4eg73Qk+tp93OKrSG3pnCngxgveCB+U3SQnCd2b83asNVigjxoxkrZZJ7L
 9kxq4ifyAfH9TLQJ5lo2xOdQ1ra0+KTBwYKr2X1/N5mrXnmi9OCt54tXFnkPcJLN
 S0HAP9cCf+NtoACirUfNETeZJDaISvHiYT8XhbJ+y1mr+3pbN/4DQ3P/4u1ykoyF
 XBQwuAEw6ljz22HbZBuLrsB339CSwVuJbSaFrmeuUsX7AKIA/p45lr6L5JQssTyD
 a0NWKWFMJ7rV/f10u/B24kZwcSNghx1xMuX8hfBnyPtbR4ChnlnKnSSLsF+AJQEW
 7chnIejPa0UwQAkZmd/b1qaqZq5oIct3BFRZUfcledlej8HweLNJGyy8+T5ZSu5d
 G5ku8CU2hIgnKSBaqF7AaqkcDga2fjelGJetJjqdPwgIzMJmqnE=
 =b+bL
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.125' into 5.4-2.3.x-imx

This is the 5.4.125 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-06-10 14:30:21 +00:00
Anant Thazhemadam 0338fa4af9 nl80211: validate key indexes for cfg80211_registered_device 
commit 2d9463083ce92636a1bdd3e30d1236e3e95d859e upstream

syzbot discovered a bug in which an OOB access was being made because
an unsuitable key_idx value was wrongly considered to be acceptable
while deleting a key in nl80211_del_key().

Since we don't know the cipher at the time of deletion, if
cfg80211_validate_key_settings() were to be called directly in
nl80211_del_key(), even valid keys would be wrongly determined invalid,
and deletion wouldn't occur correctly.
For this reason, a new function - cfg80211_valid_key_idx(), has been
created, to determine if the key_idx value provided is valid or not.
cfg80211_valid_key_idx() is directly called in 2 places -
nl80211_del_key(), and cfg80211_validate_key_settings().

Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com
Suggested-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com
Cc: stable@vger.kernel.org
[also disallow IGTK key IDs if no IGTK cipher is supported]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2021-06-10 13:37:02 +02:00
Andrey Zhizhikin 12b1d2afd4 This is the 5.4.124 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmC4fdYACgkQONu9yGCS
 aT7+6hAAu3CYHvbN7ZjrtLIDhlZKAJ54DWjY25KhwPPH6IVmi9PdKfWkYvQp6MEw
 r9/DuMvHgr8pFk2+nIYID3P9VLe8Wm8HAOzfUNnD9JycF5pRvMHQhsi5XMX0BDoJ
 cGhDFG1SyMbdMryHJBDOf1LFTlz3AlFTIs3FzYTOoxJJ5qU5yMqFEjaQcV8INnOy
 4ZbI03yuNLYl9S08idEZOvBljaqAum98g3Gix1PWzD88LuU5wrmR6MMFfBJBOy4p
 Kpu496qIZM0Mb4n+fyPJqJMLQU02VHx/44eu3o7KUYnmPhMTZM5O6opTRPYL8j/I
 ruioswWL6EvuGT2K+aTv35gSJM2Y+DKA/8yue1jMuE+4poCTg5SqAPrvI/+JSeKk
 8zhASDLO1Lhoeb2jXiMCrlFe7swW+HiGZAWphP+q3bbwCNMTOg/QzJemuU6RqEIi
 7VpCHmBp+eKgra4/qmAx4RLfeBv4nCtk3xYImUFj7Sp8wIjszzBjfV/c3MSPgKG4
 p85PFKwR5fK/YEE27J67kZIyugGtTAoV6eYgz00UWapcQv3hkFOdcyiFXqTz75aL
 +DRhnrHdAQcssSGwUaLh2HcBl/NJARgxKD9Kk2fmfrG5jD2YeRQaHUAhWAk74lya
 IlEacC0lSdzuT8zOQ4NYucsieo+I1RnKYj7Y8YY0VN1HrJ9TsHc=
 =6Icu
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmC6RzEACgkQ7G51OISz
 Hs2I3g/8DC0+sBfPIOyubM440yz5Wx3a+nJddXGC/wn1sXzTYpKUb270nFdASiJB
 qe58QaS+s5pY444oRyU3mOqn8IjWBwfXBw3DDmm4tIJb8fLEkx2rDJkaSA+wPJ5a
 yO0H5ct7IR/qTmhGnYSm5VtHHJ5zhXgQhXetLMHz7WuUnCCte9BA7xLoTEhwRNmO
 mbpeptC5/xQ62ibOJ730NDayDEhMqa1qEbSut4wtzRVVAr5v0fc4BxQnOPX7kgqd
 +9TZZ56tgj131Ac5TEc+uo12+q7dUm0H5FElVSES/IZAIU688+/LKx3ApsVwBT91
 qQTnf6s7/Xu+K/FT5BqwvTMVKvzACWgHXVdu93AVlypMynBp0KU05LoR25IvN/RT
 9Nsq4MjHAu/NhYdnOrwfiLwb7uRwyO7SnDz5focQTi3koow+2dw+PwiyUp98Ykxr
 ycL/Q5FIuyrQc1nHinfVKbyPdL7jbJNgflRdqxSDoTwUx/UOB1bK28ZGaf+WCwQd
 UFw1xb1uUIJLhWeSTHAEcyBDlQd+f+egzwiASoOIZrs5DK2lPB56yfl/rf8qoXRu
 8Z2djUzD85a9d0DPIrkcQnpupl40rjBRPseW6ajnPsrSsP2T6ggUfGQbOUddSvlk
 RS+YkK8csXmeqNEmhzuRtxgKyuPJkDE94jT0GWknuZdcKM4y/C8=
 =EvB+
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.124' into 5.4-2.3.x-imx

This is the 5.4.124 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-06-04 15:30:54 +00:00
Mathy Vanhoef fa00d4928e cfg80211: mitigate A-MSDU aggregation attacks 
commit 2b8a1fee3488c602aca8bea004a087e60806a5cf upstream.

Mitigate A-MSDU injection attacks (CVE-2020-24588) by detecting if the
destination address of a subframe equals an RFC1042 (i.e., LLC/SNAP)
header, and if so dropping the complete A-MSDU frame. This mitigates
known attacks, although new (unknown) aggregation-based attacks may
remain possible.

This defense works because in A-MSDU aggregation injection attacks, a
normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means
the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042
header. In other words, the destination MAC address of the first A-MSDU
subframe contains the start of an RFC1042 header during an aggregation
attack. We can detect this and thereby prevent this specific attack.
For details, see Section 7.2 of "Fragment and Forge: Breaking Wi-Fi
Through Frame Aggregation and Fragmentation".

Note that for kernel 4.9 and above this patch depends on "mac80211:
properly handle A-MSDUs that start with a rfc1042 header". Otherwise
this patch has no impact and attacks will remain possible.

Cc: stable@vger.kernel.org
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
Link: https://lore.kernel.org/r/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-06-03 08:59:01 +02:00
Mathy Vanhoef 5fe9fae122 mac80211: properly handle A-MSDUs that start with an RFC 1042 header 
commit a1d5ff5651ea592c67054233b14b30bf4452999c upstream.

Properly parse A-MSDUs whose first 6 bytes happen to equal a rfc1042
header. This can occur in practice when the destination MAC address
equals AA:AA:03:00:00:00. More importantly, this simplifies the next
patch to mitigate A-MSDU injection attacks.

Cc: stable@vger.kernel.org
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
Link: https://lore.kernel.org/r/20210511200110.0b2b886492f0.I23dd5d685fe16d3b0ec8106e8f01b59f499dffed@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-06-03 08:59:01 +02:00
Andrey Zhizhikin 6602fc5788 This is the 5.4.119 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmCeKsMACgkQONu9yGCS
 aT4cYhAA0qDTHscvm641m/Dv4U9w3gWh2Fs8oPz43+nJ1/8CTrT/gSWA7IRDDHiV
 Dys2canDVLNYTEx1TqwmHbN3R+nvQTpdz2wuJuSf7GKYQj0n3S99BEN6uxod+puu
 /M7apBH5npjZKv1DMRUrQ/AUGVUuBQqtN7Hl5hEL8ibI/bsZV8+dhJJ8c8uyJpam
 peiP5n2lCz5HZ/K5OyEy1jCmWQLIcRN59SmiARy/xk739igoCMUajkY1mV0WVyks
 SKnZEP7tY1mLLYzpW/ZVSkXurx+ZtL1zUctRt5dh5US4uzNt/sfm8oDzyzvGojd/
 iWtXefprJXbI9BGyNaBwwNmzjSXabSkoI75wExxsMQKFZpsq12pz97dwy/pZyU+c
 NlzbmDQg8+Cs9dKsDw6jUXHYSJ9fb4mk6GOF9u0LXgyq1f15/DzjdzkYLXZ3tTOK
 exVFs/CKz7Dg6npdO5kl7mg18AxmVH+OJftltF2+MbUohBs2vRDRr+O4cY8Wlc2Q
 AF85uAE3Mo/yL1pi6O7lMW4ic5yJvTRCX/iPsxyDU8LvxM1Kc7u9CzykX3M0WFLz
 TsKxfPQvoc6WGf8IWy4j1nXMzXQTHL/6CrfzOSTFngR8eqcsbgU0nkKpZNEtvnxN
 k30ID+Mcl4B6k6XTECNJUXjcwg+TR+XtKOjwXAIDaVqwoW759BY=
 =25pJ
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmCe4QMACgkQ7G51OISz
 Hs1JdQ//aC82eBW+TH85PNlVaYn7DL8cU6zE/mX4dofughg8AIg84v0v30rRGF3m
 c0bxBhwcah+4TIPzWSs8QAT7pEcvR3Gj5JZrEeIuyXBwKhRSXgZJKbV4XAE9Z23W
 1Etxwh28NfLbLEnX6qJnejQhHckt4MK9j4W5Gg2L7o6TrZwB7gLjNPfck6t7DnJc
 9Fo4TxwgP+BFu30s9h9eQqv/EIVJPRfiAVgvK4o1CCEHya8bfnJgJDgyxKbdyBg6
 IXYfYWGVe26VCR7PreEFJ3iheVVlI9VicFfhRzbsCdYQYYNqa22VfyMFrOO1nyMO
 SPAQnDRqlpvXIUHZ70puDX9QYji2RhVjf6fnDoQRPlkDaKumO3+zdk8bcCJFk7kF
 f7BPc8babvAn4WeG2hQOlPSKf+Mcc5mFmh08bsb8y9/w2mNPhg8UkCsaymggabkP
 GK/MvaBGxSoV8ft+EInyRLN3qlLrinYZDOOTj40Pd/d3HrJQCcShXzOI4SRd73MU
 +ISKHU9BrsRvVQ5ICjVTRfFMcFDJUt60leVM+QGm6MxQmgAuW/Scy9bNb9sDUyJd
 6TUI2stzAxDRrjz8JDIXFyUImC3juL1c4WnrpP5I6ZWIeXIpVlQAH1Wxg18Dj0DC
 1W5Fb2cicRRLfSPBgjppeipChm9ecT6Fl+3n7kBo5tvSdiiJEo4=
 =Wb4x
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.119' into 5.4-2.3.x-imx

This is the 5.4.119 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-05-14 20:43:43 +00:00
Johannes Berg e5b02c0961 cfg80211: scan: drop entry from hidden_list on overflow 
commit 010bfbe768f7ecc876ffba92db30432de4997e2a upstream.

If we overflow the maximum number of BSS entries and free the
new entry, drop it from any hidden_list that it may have been
added to in the code above or in cfg80211_combine_bsses().

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20210416094212.5de7d1676ad7.Ied283b0bc5f504845e7d6ab90626bdfa68bb3dc0@changeid
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-05-14 09:44:13 +02:00
Andrey Zhizhikin 8ad3d2ca53 This is the 5.4.112 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmB2je0ACgkQONu9yGCS
 aT5LSQ//RbX6sC5N9hmM6XdixRqDXF0YZG6ADrZ24tEIUAvjXZa9rOFGlKyS2JAV
 6KkqRfkrYK2lhyP0lGSkmWPQGoyocxV/6jLcA4XyTqetzxYRkYyW1jiEz7KCTp0+
 AMwqazbMAlaTOTxbNk0TqTsLDrSAE1a5mX9XjPCqjFm1yVjc7gNxxXwKhX01u4LD
 bTw+vMaMtf9MW8sfV1vU9HOcH0BFwp9Sr0/AFb05u8F4BH9MS0XGa6c2bG1o1qQM
 bF7g1aZIcVgn0Jr8WrpsF/7tTUyy3l+XXBvyFNRYvqAnrdUrTDn2ItAPq3W5hqTu
 Y0fdcbAtmmnrHcDeGUD+kuaCTvQGSy+qgZAFvQRkzCmweyY+rvqLEJhO7sBpjqCv
 MszRkYvA0Ji4JaWUWxVlHbmbdIBQ8Jvo9ZMM7shAKq66a26De1W5CIJXTnZXJSij
 dALJowoEKJ2i7V63AoJSzEOlBDYoBUY8xbVzDEjdfBTbj2Gb+cVWRRTsGDKZeuqs
 933fPTRMBOc2q36q6PVpUcpaRLktAFvc33FYdSK8M3/aN22ISQ1QbXqm47sXyQbk
 pHUqRFUJdvjVtQltYIiBQ/GgKY3+TQw9FtRjoSCuZuEeYjE8p004Wq/rWWIv+5mm
 jwY5gfsXKjQcP/Pcxl15kcmNQ4axkC/Jzln99xFScatXV6Ksqh0=
 =sCGS
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmB2vwwACgkQ7G51OISz
 Hs3sfg/+M5ZPNZXWbe44ku13A3pf9g/UToQsKI90CbBMlVeQctti3Fnn1ueO0qwB
 hQ0LFDekK5YRJwfQb3+5QbaQTacLiR4RzvW0L6WHzq9cpbFRbW6gEl4nMO15Mq5c
 o3ctpq3tO0DC7k84tXzV/wsHwV83FxmUC0BQCIzRsoxlTjB+BDf+Sy1giCHmJ9l1
 G3sMzA1LmOSRY24q/l7hwTeVMr78S1uqP/xKq+TErRhuTtKAxINv2tiWTuMBsPLL
 g4OFzEvlX0OLxBihgBC6rSnAP61plq5qoaBLQjj7ex7MnAyBmNCFCZcPGIJgLMhj
 5QrqEbMf8YFppXT9J0yUVxWLk35GmVdr1i5VpwyIVy0U8OrO72R8Bsj8zPSdAf5k
 yesJ4uINYcJfIRlmvc0vRcy55yMENbgxnwJBo7/Wcq8M1b/Ws96YFMF9QUQLOPBL
 nJtvYpuRk2Xx/GU15C0tn7f4nhVaP9z0PPZAx9GDYbTV5taYUWBDHK7cKV0rCgVj
 SVrndIS93kuBxqLdo1L+oPSOl0h4C70DG7zzb6Z5wU9CyvmxVClESXwj8p5AO+CK
 SQIvTe1G0QJnt+miLRpTpn4r4EfqUEbHkWOjIimaZ6fLdy7LDICyM6lFLhzjRp/i
 kal4DzCr1F54njzMseNI1D6C55unOynsN48ZzS4LPuvASgpLFzo=
 =ynil
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.112' into 5.4-2.3.x-imx

This is the 5.4.112 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-04-14 10:08:08 +00:00
Du Cheng ed13df88c6 cfg80211: remove WARN_ON() in cfg80211_sme_connect 
commit 1b5ab825d9acc0f27d2f25c6252f3526832a9626 upstream.

A WARN_ON(wdev->conn) would trigger in cfg80211_sme_connect(), if multiple
send_msg(NL80211_CMD_CONNECT) system calls are made from the userland, which
should be anticipated and handled by the wireless driver. Remove this WARN_ON()
to prevent kernel panic if kernel is configured to "panic_on_warn".

Bug reported by syzbot.

Reported-by: syzbot+5f9392825de654244975@syzkaller.appspotmail.com
Signed-off-by: Du Cheng <ducheng2@gmail.com>
Link: https://lore.kernel.org/r/20210407162756.6101-1-ducheng2@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-04-14 08:24:18 +02:00
Andrey Zhizhikin f7ff717143 This is the 5.4.95 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmAbI2YACgkQONu9yGCS
 aT5OlA//dUdQV9nPxCD6571l1IotaBlCGLYPHPrQOZ5ZvqtuA0UTyP68qXHwaXMH
 2yV2DuqU0Z8HnBbHxcF1pHvpYK6TX9cFUPcpCrngbbxlk95jh689AkNt2ivGMXZ2
 ukgd7vCvwIE915sFKREwHPpkMPRRs3k+RBIAiuS5csiQ6fDVWKgIbJDkOfHDmw7V
 YFYtQiodKC8mDihD5tjqdZe9Zq9lb6z/0XhOcZVefzML4C8rNZsYqQwGJZm1Uq0I
 Fv+PC2wTtSRNwU5kajvqJxuHlzYVJnxPxuvuubZ/vwYBphzhj2SL44iDbSg4Husj
 trflpUexl7ghKmch6sDo69JBoXkjIwjZkDDT8KN6sGUbVEEH+DDYxkcc1eaDwRWQ
 Vid74uwRMVULtv88VH5Il+PTOrFbjQvtqz7tFVyfsuIdVFBiPHJzN4XwQKzL76K7
 NHY4B8p/O2boVmTs6cDEQnZsTFXR/o/EdMK3FNOuOsJgPHzrjPV64aCYqChCB5qo
 ti6FOmTxAIfaEkskth9g01KssTZQCCqoBlsWITNfVTSrRufaNkugt+5Sx0gFs7tm
 paTTqRSYwJXuVqXxIiHdxR33hTlJjXXRNBzBlEAULpdDzMRzXtSp07tWtvjHdAg9
 w/fBuqf1YirhGCaVMVEhnUpvtLzr0lJhMdJW2A8GrAGzi2qO0nM=
 =nYy5
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAmAby1wACgkQ7G51OISz
 Hs0L7w//Z6TkNeynTACJZyDI+begOseYccmshg7dGGiKL5gDGuiUuM+WjfU5Ggrf
 Gsw8zhMTIg8U5tzCYuVTTy3WSC4ZljTE/61RuuTBV2x1pF49p9nzoKBhc/XxovBk
 XEDVTCdCxRXBc/jFtz00upY0QFlOPiyc0UhsuPPnnpZJWdAxmrh/zkbJlZIALK8A
 B9mLRTi4tI0PtR96v0XBy/1f+vExpYy4LfMPtdNSXQV4FpnT89Hee4oT9RcLCwTO
 7KOErHf+IBjSed7Kwu1XUnWuLQW+25feJT02w6JoBaniqxUFxyu8oCu4Ow0h5sR/
 PXzBpxV+NMTiDFG8YmECHGHYnCIr1ZmTWS4lxa8C62KNj7gV5D9NwhSdZ2zfmhNP
 ExXfhjh9QTSylOPLazFR51MuN9QLzlPhbJh3xvAtBL1knUtKudxsgUmIpISCzHAf
 7+Y3LJr+q1oN87mWCRfb+THNlLVT2psMau5i53VmqVSh5ZLDeC+8Ktr9A4LRYUPa
 504VArW0fxin9yn91OArv/7Kq1YqKkjKaUWOwkRSDQv1/7j14mSxhyQgaUQk0grY
 SVMoyeciexndrOqOsbtIFDUMMi43KCzn7FLazNXw6kiFUI6RWNXDjmPRlDnDByWh
 00V50kxAhHhXidzHUxvVbarbiZPI9q+UPkYJtSknnweJFtmMLrA=
 =jQOd
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.95' into 5.4-2.3.x-imx

This is the 5.4.95 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-02-04 10:24:26 +00:00
Johannes Berg 8aba60ebcf wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 
commit 5122565188bae59d507d90a9a9fd2fd6107f4439 upstream.

Since cfg80211 doesn't implement commit, we never really cared about
that code there (and it's configured out w/o CONFIG_WIRELESS_EXT).
After all, since it has no commit, it shouldn't return -EIWCOMMIT to
indicate commit is needed.

However, EIWCOMMIT is actually an alias for EINPROGRESS, which _can_
happen if e.g. we try to change the frequency but we're already in
the process of connecting to some network, and drivers could return
that value (or even cfg80211 itself might).

This then causes us to crash because dev->wireless_handlers is NULL
but we try to check dev->wireless_handlers->standard[0].

Fix this by also checking dev->wireless_handlers. Also simplify the
code a little bit.

Cc: stable@vger.kernel.org
Reported-by: syzbot+444248c79e117bc99f46@syzkaller.appspotmail.com
Reported-by: syzbot+8b2a88a09653d4084179@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20210121171621.2076e4a37d5a.I5d9c72220fe7bb133fb718751da0180a57ecba4e@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-02-03 23:25:56 +01:00
Andrey Zhizhikin 6f99d03764 This is the 5.4.87 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl/1wNYACgkQONu9yGCS
 aT64cxAAwwt2H911zFagJCVDfLKXJ4da062n0YcJe3saGSg+mdEkSGYEDxjV6jjM
 jTzK1W5C49sQ9kzIF43YnYgdULwcXJ76G/uqFjFOlmbRzAKAYgs/3KXesa7S4cp+
 LT0fiR7uyViOw1zn4yBIeSnax8uRwT4vR1vV++ILC/7vL6hcnOBOPLxGzUKYlvJQ
 TD8ZQjeTXe5E7IhE+ztuhJQT+hZr1VERTjoktcfmlUps94uITeKdKYoCCZQ/zYIL
 IS7OgnAw5RNERHa1JUZruaGFvJORTu8wAfVtgD1VgRUZAe2ziWH6aCeDPaWaLzS5
 3U7Rc3Fyf0CRYrhe7mI1J864GIEUAe9V34sGQzaU/ap4SWpLvHbu12ePlb+nLNKF
 MZmGEd0eZuKKDSx9dlcx8hbfVg99YpI5oOeDvfCJpYx/uxNzzJhO5wkkZxweiN9s
 XTMUhhkTNkhgYdzn4Y8G9++LLAZpwOImSh3NkntoH+mSVlC+jVBbskz6PdywDjQR
 ROVpW26t5Ee6uDTrjci5cffbfje2y0r9km5/sbRWUz2YGsqYfAI3FtbH5isNUPOm
 Q6ucTd+xvmApfp9bn+XYLnbTQEGAD6mAgSmO11CIDsUJUvOTD/2cv861kATJqhXm
 01rHgohIG604vERppYC3WWFjh0cdevBvwSOpDi1LIdlgbEF6QY0=
 =q0Fm
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAl/8SgIACgkQ7G51OISz
 Hs2VKRAAml9ZwPiiMF8+9Si2UgXrC76XSe9ugeFR8w3xRYfSeE7/xH/eA3pl8iay
 zO3Z+EuF0Qd6Wo+q+8hLO7Qp6PbWfp9dqWoUA2klptVT6cyvrW3lGT65XK8oYvIO
 7ElkQYY8MCx/NLpExbgQzydJbcb7u6Gpl3s+o6eVIXEA4vewlTU5RVpUGs0YxpWR
 lFh6w1LM1bE18HNK34saIsvKYQURBWMdpj+eN1P/Ts4XSTXBv7Xw9Uf4D4berzsd
 +Xtp4AT2zmyq1iU1QRtkNXY2XyBsnMJLfQAEkbpq+hHHY644hJKU7yWiSWgfvAac
 ylY/VZ6kkEvdXsCHC8pCc/MlPMc9T3ciuHIHDRUjSXDctPcxeOdkVuNah0JG1s2l
 UQYD328Sb55zaq4oSJnG9SQVSj299yOnrRmAKLJb12cFa4wxAwXbbaP1w2baf/Ck
 PQAivRb+zp7G17Uirih3yv/UjSK9f1OcyZywU2P1srL18elfjKdJTQAS11uoZ5NQ
 vGhwlQp5VGQmdML5Z2h9V6w7G+XcEaflR5PkM6QmiuAIRk7/0uESSB+gje6sE4eA
 hGbikUI9K3BV6ppx/OlRLgbEgq0f+V2xjwDRZL7qDLsiiOUp6eWyY9K+QgAglnFH
 2XoZTDsZ+7yNQ2nRQvwhHg2hEGyjJh1dDib2yMmslDujD/w2GZA=
 =Oh8o
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.87' into 5.4-2.3.x-imx

This is the 5.4.87 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-01-11 12:52:13 +00:00
Andrey Zhizhikin 36d7dcf6da This is the 5.4.78 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+1Zg0ACgkQONu9yGCS
 aT75KBAAqvo33a5xoTM+FQQRsRSKaRNOhCQooXEB1bJcas3y+yQ6ehmwCJ8/K1tC
 JilD+NQt6uuwH2f2cLrH0e4EQcvno390qF/wOCF377bUnKklsxydyaLSLhGYTqR9
 5u/vZVf/QoWZc6BvDwPWNo/NwuRPgJ+sVjuFvtt08l0pGQou26WGujl6ElJKBiLV
 SbbRDlx/f8cJa/oqN8TL/V/VDqJfVLcv6hFRvf44newSUJK05LgCVoM76WEcSQLj
 GYrtCNwffJtnCUzUr/SctNymsgmjj65df6tKmS0vntWH5kTBnCKK/Mnly38gQbeB
 nvci1siOUjnnrkBhydKixO4Q6OZmrbuM0g3vXmW5/Az7HjRcX84BRu+yE7aArE3/
 GMAIO/D1Wj9Dhxs59cu12IWxRaljkT+5FsZYV55TgcRMmWHq/YzBYFSW15fZ9xEw
 ehel9m5ou+HqVtz+bR+ar3v6M2bhedJ0fFvXnbN2OhMwHsEUTuYqfTb7k/21dUwE
 P5k8qGGcYKE1q1gb/Dp3p/hDBjr5h4Mg7z7S8diGsVv3klgrtttgqkOo79JfTESz
 BS5vsF9yS0k23xemCl3jZ41X9uReXnE3lvEeuDBDdYvHPwnjyzPeUN5jgN6abQm7
 CTxp0oPIFW+O8MV+vgF1joK6ykbK8rJRjIUcfzHeI6oKt+HQBJY=
 =gimO
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAl/8L9MACgkQ7G51OISz
 Hs0pEg//X863iBcTnTS2d89K0iioN+QsmoqgV/J0E5piuUpRLK1LgLsaFBFh/PHN
 ZymSF7XuJL4RGZH5kX60Arj3aw1OmJcSObvqejDrfZ87S2PQCaygXITUHVY44QI/
 gSDvotbCWd++RsJicYYAXEmWBs2vYP4gDJnYc2bLo/v8mWVmuyGC0449pJWTsW/z
 2Xb8E6qGtmzopDrNlNT4EhyrepWEmOLEnJ0HE/yjvNgScEmGkb8W9mZQY0ICKJzE
 WQk6lid35VgW0+SiYRauJsHUPLC6hoKtqBA3UQCoiLe939vANvgqqjzhNSRTJBUD
 oldGwT6Voy7DpeCFnX80/h7jkSjwxQ/QZqBXuoOjvvkv5p2Lc/b3kAMqMZKemaDP
 EDIYf7986qDJLqBg9l2wrB7yNcuAYIOgJnYjTcFZrKaZCt5fPQVgh8aDY821aD2U
 lWbL3RKNdTmGa9j3NrIJAMmW8M8sDwV8RQberAQ0TwKOfwqucQF9pCN+oz+V8xBZ
 bKW/SfrFoqk0x+bTe4vz2V2g5nL4MlOTLhNn3CbL7APiL7SJPljezR0SCy5tHYoC
 G+gpU23EF8Dk6QJ1qZoCBJLIGimQBqR65wbvfotGA652DX2OEH0u8kDnw0EihzgB
 FLh2ZWlfcYk/5VDFnrbtBPLZ6RygoL2Ma5mhFWMikmGu3RoFHCk=
 =Jfly
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.78' into 5.4-2.3.x-imx

This is the 5.4.78 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-01-11 11:00:32 +00:00
Andrey Zhizhikin b5636ee381 This is the 5.4.73 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+ahE8ACgkQONu9yGCS
 aT4j1A/9HzkKKoqZ2vXYQ1/uEnUqZech9ly1KxpNTBrSZYAtx3MaWY7tGDEx2BqD
 y6iw9x4MymhHEbpwLg6YmmdWuMQLNNYJGoyLiPJgWhkE4c7zHadhNz1DcPEI8F7z
 bSlUJ3Oebr8gzv0FvUmeVXw7Z2EuOqM1zGgTAZfnKY3DkYHbLnrzUJ4AiI8TNeba
 pPIhjfIJ1TvhF+s5ggf2m8OtSWLZ0doCWCPmCFe2WyERX2WYCzPgsm0yL7L7oXME
 ZqWpOcClBsiYekBNcZ4kxozhJtArCnv24n9VoXJ/YJIlWKvCA6uC8r527nGN/z08
 dfFelj1nDs7/VrCSP4+109EjxLQnSYGgIWP0g0OsC+9wOmrQsYJ1azP1eNjm+NuC
 hPa8uYVEZxwVyJuEfu4ZB4NMZBlD2qnHoskvBKbyZ8yaVnbvlMp552XMwsmJBpCs
 8wArzabrJEz396LUUIYG829D7NBDuRav1Miu+FTzlbn+xZ/Y/S8OmhoG2stWa4wV
 y5x0M0DWgrqiZ9rMkz9A03UNnCInQVTfIBoMl63xFitW4/0vLsln3+CjzlKm7H46
 rD/tKACUoCDjR5DN+JwQzmTdL9zBb4p1cXwWjWb6rON3BkXmO0JVAxzurxI9PfX0
 ZWDydZ3HNmrm0d3J12zf3kTX56PfPFAGWUsEc4Ntb5zdWXSQJsE=
 =fZ3T
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.73' into 5.4-2.3.x-imx

This is the 5.4.73 stable release

Conflicts:
- arch/arm/boot/dts/imx6sl.dtsi:
Commit [a1767c9019] in NXP tree is now covered with commit [5c4c2f437c]
from upstream.

- drivers/gpu/drm/mxsfb/mxsfb_drv.c:
Resolve merge hunk for patch [ed8b90d303] from upstream

- drivers/media/i2c/ov5640.c:
Patch [aa4bb8b883] in NXP tree is now covered by patches [79ec0578c7]
and [b2f8546056] from upstream. Changes from NXP patch [99aa4c8c18] are
covered in upstream version as well.

- drivers/net/ethernet/freescale/fec_main.c:
Fix merge fuzz for patch [9e70485b40] from upstream.

- drivers/usb/cdns3/gadget.c:
Keep NXP version of the file, upstream version is not compatible.

- drivers/usb/dwc3/core.c:
- drivers/usb/dwc3/core.h:
Fix merge fuzz of patch [08045050c6] together wth NXP patch [b30e41dc1e]

- sound/soc/fsl/fsl_sai.c:
- sound/soc/fsl/fsl_sai.h:
Commit [2ea70e51eb72a] in NXP tree is now covered with commit [1ad7f52fe6]
from upstream.

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-01-11 10:09:27 +00:00
Andrey Zhizhikin 9e9365cbcf This is the 5.4.71 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+Gt9kACgkQONu9yGCS
 aT4qAg//ecjVetf6vClqaA6jNWoVHeyuSxJKNWdLWq0XkQgYInuya8irLXoGwY1j
 UTTOvbFT+UwJ1N9DWIB5cLaEkYNLcGA9YYExtcVA6YUfdlhWQw5zcyovIXcw4jHx
 Ma0O2usPE/7Rb9O2+3O8t4jr1YF9C7iRkY82FJJIbDa6GbFQA6hGZ4mHfnjh1l84
 owgSjZ1Yy2HU2uUzX8hA6dXZeIu+SQMk5E2nQSm/DAPhDwbIqPb5Rx9UYqCXafiA
 1c9Cj7RWKopPP9gxNSOzYfLVzOr0YHoFm5uMxtz4apzpNhl/j5CTGphFOnY6SuJs
 BWrRK9D47PGtds5IJ1MslVVb1i1tt0in0RJsNuYV35CXCoJDuaIzaQPJBlpyvix0
 ZialpH+nI3Z1yy7uzVSvrAK11AMwq+79VG/byHht02YVZycHOt7e4wRep3KjpQQq
 uJHapB5djGhPkZypgHOak9Tw1A/snwxC4yR2Xl+Cqn46igIJ8xlgnuey1AmT7pzi
 dSEiJoC7xzHUFildfzrNWkZwIffBFYVPJGfPFyRpyvNc2mOW3S9bwbX0NptE0qSQ
 YzOxQIfqa43TOBJNKZdgHGDrpnPHTESzO63BurQ3fpUI2ex7XjWq92zrIwp23reJ
 9Y/cpELW/paL/dg3ZFYp/wPoOoAh/84GICPXLZPREJkKf0WWey0=
 =1GCf
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEdQaENiSDAlGTDEbB7G51OISzHs0FAl/8FbcACgkQ7G51OISz
 Hs22Gw/9HbY9ScdN+FImTSgR+Hmjc+HShBhv3eAF3wvkZuGloh62OrjyDYhvo3mo
 TBTpLkklaSGBp68vXvkH5qpa+RNoM9FBn3iXqjjBY11czU5MKHJczAKPJp3YYfTv
 X+49Kc0vlT/msX8yWe+0kLOkQrRjOBRAAzAqhJwoZ7RZC3/Ikta/4/1xTxHeFb1j
 kuo/TJQWca2NEtzEf3oFuiHsh9CJYDUJIPSGl4yd6R8z/mNqEH9ytR4oyhpedcl/
 VZv/6npNZ8G8OqFLOc4tddsXgxMYj6yVpSDtysJdEM4Vbrf9hLPZvKXc5dsttl7Z
 +ah7afTYBT9entCYRdNxnR69R+gVu0SilMKrI9+DG3s16ADJyppG5qDSUkEvdwtR
 M9nBlxgpx7oxHV8WNicXfAz2+s3QYtcLUs6k5hMMv7WYg9Rplzd8MmDfqqbEHI/j
 wIgxRechQ9UB9efrmHk1tWTwx3tymV573Dpms7LXkeP3gwbNCcA6Hce9dasYnMhT
 nfiFr164bPV7kqsqFYVXl3i/8ibAN5X784mUq9qDAKBtI8kEd3z0R9a4Tk4pohwG
 U15jzSiZoHYnpcDTszzUlS50YAcvkLuYscwj+aCO/uXGBAxuAwKsfZ4KoFrtAFcl
 J0X9bmnJ2+eWAZqnUrXWDvbFp+OEoFAwxRGIoxxsPKsI1uR06PY=
 =fy0V
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.71' into 5.4-2.3.x-imx

This is the 5.4.71 stable release

Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
 2021-01-11 09:09:08 +00:00
Sara Sharon 5350b833bb cfg80211: initialize rekey_data 
[ Upstream commit f495acd8851d7b345e5f0e521b2645b1e1f928a0 ]

In case we have old supplicant, the akm field is uninitialized.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20201129172929.930f0ab7ebee.Ic546e384efab3f4a89f318eafddc3eb7d556aecb@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-12-30 11:51:29 +01:00
Ye Bin e57c046970 cfg80211: regulatory: Fix inconsistent format argument 
[ Upstream commit db18d20d1cb0fde16d518fb5ccd38679f174bc04 ]

Fix follow warning:
[net/wireless/reg.c:3619]: (warning) %d in format string (no. 2)
requires 'int' but the argument type is 'unsigned int'.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Ye Bin <yebin10@huawei.com>
Link: https://lore.kernel.org/r/20201009070215.63695-1-yebin10@huawei.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-11-18 19:20:23 +01:00
Johannes Berg a3f0db0d23 cfg80211: initialize wdev data earlier 
[ Upstream commit 9bdaf3b91efd229dd272b228e13df10310c80d19 ]

There's a race condition in the netdev registration in that
NETDEV_REGISTER actually happens after the netdev is available,
and so if we initialize things only there, we might get called
with an uninitialized wdev through nl80211 - not using a wdev
but using a netdev interface index.

I found this while looking into a syzbot report, but it doesn't
really seem to be related, and unfortunately there's no repro
for it (yet). I can't (yet) explain how it managed to get into
cfg80211_release_pmsr() from nl80211_netlink_notify() without
the wdev having been initialized, as the latter only iterates
the wdevs that are linked into the rdev, which even without the
change here happened after init.

However, looking at this, it seems fairly clear that the init
needs to be done earlier, otherwise we might even re-init on a
netns move, when data might still be pending.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20201009135821.fdcbba3aad65.Ie9201d91dbcb7da32318812effdc1561aeaf4cdc@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-11-18 19:20:23 +01:00
Johannes Berg 3fed2b5657 nl80211: fix non-split wiphy information 
[ Upstream commit ab10c22bc3b2024f0c9eafa463899a071eac8d97 ]

When dumping wiphy information, we try to split the data into
many submessages, but for old userspace we still support the
old mode where this doesn't happen.

However, in this case we were not resetting our state correctly
and dumping multiple messages for each wiphy, which would have
broken such older userspace.

This was broken pretty much immediately afterwards because it
only worked in the original commit where non-split dumps didn't
have any more data than split dumps...

Fixes: fe1abafd94 ("nl80211: re-add channel width and extended capa advertising")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200928130717.3e6d9c6bada2.Ie0f151a8d0d00a8e1e18f6a8c9244dd02496af67@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-10-29 09:57:44 +01:00
Rajkumar Manoharan 56365dbb3e nl80211: fix OBSS PD min and max offset validation 
[ Upstream commit 6c8b6e4a5f745ec49286ac0a3f1d591a34818f82 ]

The SRG min and max offset won't present when SRG Information Present of
SR control field of Spatial Reuse Parameter Set element set to 0. Per
spec. IEEE802.11ax D7.0, SRG OBSS PD Min Offset ≤ SRG OBSS PD Max
Offset. Hence fix the constrain check to allow same values in both
offset and also call appropriate nla_get function to read the values.

Fixes: 796e90f42b ("cfg80211: add support for parsing OBBS_PD attributes")
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Link: https://lore.kernel.org/r/1601278091-20313-1-git-send-email-rmanohar@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-10-29 09:57:42 +01:00
Anant Thazhemadam 8ece83bf75 net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() 
commit 3dc289f8f139997f4e9d3cfccf8738f20d23e47b upstream.

In nl80211_parse_key(), key.idx is first initialized as -1.
If this value of key.idx remains unmodified and gets returned, and
nl80211_key_allowed() also returns 0, then rdev_del_key() gets called
with key.idx = -1.
This causes an out-of-bounds array access.

Handle this issue by checking if the value of key.idx after
nl80211_parse_key() is called and return -EINVAL if key.idx < 0.

Cc: stable@vger.kernel.org
Reported-by: syzbot+b1bb342d1d097516cbda@syzkaller.appspotmail.com
Tested-by: syzbot+b1bb342d1d097516cbda@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Link: https://lore.kernel.org/r/20201007035401.9522-1-anant.thazhemadam@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-10-14 10:32:57 +02:00
Jason Liu 2f68e5475b Merge tag 'v5.4.70' into imx_5.4.y 
* tag 'v5.4.70': (3051 commits)
  Linux 5.4.70
  netfilter: ctnetlink: add a range check for l3/l4 protonum
  ep_create_wakeup_source(): dentry name can change under you...
  ...

 Conflicts:
	arch/arm/mach-imx/pm-imx6.c
	arch/arm64/boot/dts/freescale/imx8mm-evk.dts
	arch/arm64/boot/dts/freescale/imx8mn-ddr4-evk.dts
	drivers/crypto/caam/caamalg.c
	drivers/gpu/drm/imx/dw_hdmi-imx.c
	drivers/gpu/drm/imx/imx-ldb.c
	drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c
	drivers/mmc/host/sdhci-esdhc-imx.c
	drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
	drivers/net/ethernet/freescale/enetc/enetc.c
	drivers/net/ethernet/freescale/enetc/enetc_pf.c
	drivers/thermal/imx_thermal.c
	drivers/usb/cdns3/ep0.c
	drivers/xen/swiotlb-xen.c
	sound/soc/fsl/fsl_esai.c
	sound/soc/fsl/fsl_sai.c

Signed-off-by: Jason Liu <jason.hui.liu@nxp.com>
 2020-10-08 17:46:51 +08:00
Necip Fazil Yildiran 83b9a250d7 lib80211: fix unmet direct dependendices config warning when !CRYPTO 
[ Upstream commit b959ba9f468b1c581f40e92661ad58b093abaa03 ]

When LIB80211_CRYPT_CCMP is enabled and CRYPTO is disabled, it results in unmet
direct dependencies config warning. The reason is that LIB80211_CRYPT_CCMP
selects CRYPTO_AES and CRYPTO_CCM, which are subordinate to CRYPTO. This is
reproducible with CRYPTO disabled and R8188EU enabled, where R8188EU selects
LIB80211_CRYPT_CCMP but does not select or depend on CRYPTO.

Honor the kconfig menu hierarchy to remove kconfig dependency warnings.

Fixes: a11e2f8548 ("lib80211: use crypto API ccm(aes) transform for CCMP processing")
Signed-off-by: Necip Fazil Yildiran <fazilyildiran@gmail.com>
Link: https://lore.kernel.org/r/20200909095452.3080-1-fazilyildiran@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-10-01 13:18:20 +02:00
Amar Singhal a33cab0fbd cfg80211: Adjust 6 GHz frequency to channel conversion 
[ Upstream commit 2d9b55508556ccee6410310fb9ea2482fd3328eb ]

Adjust the 6 GHz frequency to channel conversion function,
the other way around was previously handled.

Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
Link: https://lore.kernel.org/r/1592599921-10607-1-git-send-email-asinghal@codeaurora.org
[rewrite commit message, hard-code channel 2]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-09-17 13:47:46 +02:00
Johannes Berg 58c3e86d42 cfg80211: regulatory: reject invalid hints 
commit 47caf685a6854593348f216e0b489b71c10cbe03 upstream.

Reject invalid hints early in order to not cause a kernel
WARN later if they're restored to or similar.

Reported-by: syzbot+d451401ffd00a60677ee@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=d451401ffd00a60677ee
Link: https://lore.kernel.org/r/20200819084648.13956-1-johannes@sipsolutions.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-09-09 19:12:37 +02:00
Julian Squires 7c8a863ba3 cfg80211: check vendor command doit pointer before use 
[ Upstream commit 4052d3d2e8f47a15053320bbcbe365d15610437d ]

In the case where a vendor command does not implement doit, and has no
flags set, doit would not be validated and a NULL pointer dereference
would occur, for example when invoking the vendor command via iw.

I encountered this while developing new vendor commands.  Perhaps in
practice it is advisable to always implement doit along with dumpit,
but it seems reasonable to me to always check doit anyway, not just
when NEED_WDEV.

Signed-off-by: Julian Squires <julian@cipht.net>
Link: https://lore.kernel.org/r/20200706211353.2366470-1-julian@cipht.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-08-11 15:33:38 +02:00
Luca Coelho a062088e67 nl80211: don't return err unconditionally in nl80211_start_ap() 
[ Upstream commit bc7a39b4272b9672d806d422b6850e8c1a09914c ]

When a memory leak was fixed, a return err was changed to goto err,
but, accidentally, the if (err) was removed, so now we always exit at
this point.

Fix it by adding if (err) back.

Fixes: 9951ebfcdf2b ("nl80211: fix potential leak in AP start")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200626124931.871ba5b31eee.I97340172d92164ee92f3c803fe20a8a6e97714e1@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-07-16 08:16:37 +02:00
Jason Liu 5691e22711 Merge tag 'v5.4.47' into imx_5.4.y 
* tag 'v5.4.47': (2193 commits)
  Linux 5.4.47
  KVM: arm64: Save the host's PtrAuth keys in non-preemptible context
  KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception
  ...

 Conflicts:
	arch/arm/boot/dts/imx6qdl.dtsi
	arch/arm/mach-imx/Kconfig
	arch/arm/mach-imx/common.h
	arch/arm/mach-imx/suspend-imx6.S
	arch/arm64/boot/dts/freescale/imx8qxp-mek.dts
	arch/powerpc/include/asm/cacheflush.h
	drivers/cpufreq/imx6q-cpufreq.c
	drivers/dma/imx-sdma.c
	drivers/edac/synopsys_edac.c
	drivers/firmware/imx/imx-scu.c
	drivers/net/ethernet/freescale/fec.h
	drivers/net/ethernet/freescale/fec_main.c
	drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
	drivers/net/phy/phy_device.c
	drivers/perf/fsl_imx8_ddr_perf.c
	drivers/usb/cdns3/gadget.c
	drivers/usb/dwc3/gadget.c
	include/uapi/linux/dma-buf.h

Signed-off-by: Jason Liu <jason.hui.liu@nxp.com>
 2020-06-19 17:32:49 +08:00
Johannes Berg 8c1bfa7335 cfg80211: fix debugfs rename crash 
commit 0bbab5f0301587cad4e923ccc49bb910db86162c upstream.

Removing the "if (IS_ERR(dir)) dir = NULL;" check only works
if we adjust the remaining code to not rely on it being NULL.
Check IS_ERR_OR_NULL() before attempting to dereference it.

I'm not actually entirely sure this fixes the syzbot crash as
the kernel config indicates that they do have DEBUG_FS in the
kernel, but this is what I found when looking there.

Cc: stable@vger.kernel.org
Fixes: d82574a8e5 ("cfg80211: no need to check return value of debugfs_create functions")
Reported-by: syzbot+fd5332e429401bf42d18@syzkaller.appspotmail.com
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20200525113816.fc4da3ec3d4b.Ica63a110679819eaa9fb3bc1b7437d96b1fd187d@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-06-03 08:21:29 +02:00
Johannes Berg 21350f28b2 nl80211: fix NL80211_ATTR_FTM_RESPONDER policy 
commit 0e012b4e4b5ec8e064be3502382579dd0bb43269 upstream.

The nested policy here should be established using the
NLA_POLICY_NESTED() macro so the length is properly
filled in.

Cc: stable@vger.kernel.org
Fixes: 81e54d08d9 ("cfg80211: support FTM responder configuration/statistics")
Link: https://lore.kernel.org/r/20200412004029.9d0722bb56c8.Ie690bfcc4a1a61ff8d8ca7e475d59fcaa52fb2da@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-04-21 09:04:59 +02:00
Ilan Peer d7f6f2b0be cfg80211: Do not warn on same channel at the end of CSA 
[ Upstream commit 05dcb8bb258575a8dd3499d0d78bd2db633c2b23 ]

When cfg80211_update_assoc_bss_entry() is called, there is a
verification that the BSS channel actually changed. As some APs use
CSA also for bandwidth changes, this would result with a kernel
warning.

Fix this by removing the WARN_ON().

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200326150855.96316ada0e8d.I6710376b1b4257e5f4712fc7ab16e2b638d512aa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-04-17 10:49:59 +02:00
Johannes Berg 4a89bb3fca nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type 
commit 0016d3201753b59f3ae84b868fe66c86ad256f19 upstream.

The new opmode notification used this attribute with a u8, when
it's documented as a u32 and indeed used in userspace as such,
it just happens to work on little-endian systems since userspace
isn't doing any strict size validation, and the u8 goes into the
lower byte. Fix this.

Cc: stable@vger.kernel.org
Fixes: 466b9936bf ("cfg80211: Add support to notify station's opmode change to userspace")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200325090531.be124f0a11c7.Iedbf4e197a85471ebd729b186d5365c0343bf7a8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-04-01 11:02:01 +02:00
Johannes Berg 079e9ad794 cfg80211: check reg_rule for NULL in handle_channel_custom() 
[ Upstream commit a7ee7d44b57c9ae174088e53a668852b7f4f452d ]

We may end up with a NULL reg_rule after the loop in
handle_channel_custom() if the bandwidth didn't fit,
check if this is the case and bail out if so.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200221104449.3b558a50201c.I4ad3725c4dacaefd2d18d3cc65ba6d18acd5dbfe@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-03-21 08:11:49 +01:00
Jakub Kicinski b575429341 nl80211: add missing attribute validation for channel switch 
commit 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 upstream.

Add missing attribute validation for NL80211_ATTR_OPER_CLASS
to the netlink policy.

Fixes: 1057d35ede ("cfg80211: introduce TDLS channel switch commands")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20200303051058.4089398-4-kuba@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-03-18 07:17:57 +01:00
Jakub Kicinski 5bd0ee5727 nl80211: add missing attribute validation for beacon report scanning 
commit 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d upstream.

Add missing attribute validation for beacon report scanning
to the netlink policy.

Fixes: 1d76250bd3 ("nl80211: support beacon report scanning")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20200303051058.4089398-3-kuba@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-03-18 07:17:56 +01:00
Jakub Kicinski b0fd0b85c3 nl80211: add missing attribute validation for critical protocol indication 
commit 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 upstream.

Add missing attribute validation for critical protocol fields
to the netlink policy.

Fixes: 5de1798489 ("cfg80211: introduce critical protocol indication from user-space")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20200303051058.4089398-2-kuba@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-03-18 07:17:56 +01:00
Jason Liu 335d2828a9 This is the 5.4.24 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5hHjgACgkQONu9yGCS
 aT6CSBAA0c16mnDb59jgmW/sBj/p/MrlD/WJzLriqiKN5BUsPt9++I5mNj8mG+d2
 Glm4086e8L826zv8oKiZm23xk93on+78ExhVFVZvZNaEUpiRNYCGSuDq2NrHW0z+
 kpagkAFLfCUZFoKtmWo+bpl0YtF4dd/fg7+EjyL6qT1DBs8NVMwZx7i/v0xXv7Wc
 0vsGCLYoBLzcW1FB2d9cfAUPCBuGEzL/7TdifNOXRgI9owGsZndFJgXgIzoBUt/P
 tqB8RLjIupCiMEPtsEAZ/rgEQLPFkb3yrBvgjd1wDI8bHUIQU0clqThKVNvmNSmv
 UTBSNgPAhkP8nZG7X9xCkyfEsUefejBJy66da9n4XTGGrXf9ga0BL0nNrOGwOesr
 m+tNnBSFsbFCMqFopQnt4zZSnaf67AOk2mzxbEu4E+sStyW943aDO9MoRRFgaYGH
 pfie3qOKtKta2MuNTJA+q6F0W9H+V5MtMpwbyuy1/dp2eVln2wewBBMvXYdL1YOy
 E/Z87nsQgalsDynz9m/niv32J4JAxHptyOyROkktDLBSzL5RawNn+Op8X5EtmZOe
 sPkiYicqp9CLmMj13qWXJhtuyNdD4wk6FyyAy6cX9mF44+EZGOBkyNP+n8g789Kn
 sqFJ7sfTfOnwLBFciMA5PaMTGNWROyWXNkvvUzO+9t0CyFAnT2U=
 =abGA
 -----END PGP SIGNATURE-----

Merge tag 'v5.4.24' into imx_5.4.y

Merge Linux stable release v5.4.24 into imx_5.4.y

* tag 'v5.4.24': (3306 commits)
  Linux 5.4.24
  blktrace: Protect q->blk_trace with RCU
  kvm: nVMX: VMWRITE checks unsupported field before read-only field
  ...

Signed-off-by: Jason Liu <jason.hui.liu@nxp.com>

 Conflicts:
	arch/arm/boot/dts/imx6sll-evk.dts
	arch/arm/boot/dts/imx7ulp.dtsi
	arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi
	drivers/clk/imx/clk-composite-8m.c
	drivers/gpio/gpio-mxc.c
	drivers/irqchip/Kconfig
	drivers/mmc/host/sdhci-of-esdhc.c
	drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c
	drivers/net/can/flexcan.c
	drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
	drivers/net/ethernet/mscc/ocelot.c
	drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
	drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
	drivers/net/phy/realtek.c
	drivers/pci/controller/mobiveil/pcie-mobiveil-host.c
	drivers/perf/fsl_imx8_ddr_perf.c
	drivers/tee/optee/shm_pool.c
	drivers/usb/cdns3/gadget.c
	kernel/sched/cpufreq.c
	net/core/xdp.c
	sound/soc/fsl/fsl_esai.c
	sound/soc/fsl/fsl_sai.c
	sound/soc/sof/core.c
	sound/soc/sof/imx/Kconfig
	sound/soc/sof/loader.c
 2020-03-08 18:57:18 +08:00
Johannes Berg 813757b782 nl80211: fix potential leak in AP start 
commit 9951ebfcdf2b97dbb28a5d930458424341e61aa2 upstream.

If nl80211_parse_he_obss_pd() fails, we leak the previously
allocated ACL memory. Free it in this case.

Fixes: 796e90f42b ("cfg80211: add support for parsing OBBS_PD attributes")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200221104142.835aba4cdd14.I1923b55ba9989c57e13978f91f40bfdc45e60cbd@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-03-05 16:43:45 +01:00
Sergey Matyukevich f0593f5b1b cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE 
[ Upstream commit ea75080110a4c1fa011b0a73cb8f42227143ee3e ]

The nl80211_policy is missing for NL80211_ATTR_STATUS_CODE attribute.
As a result, for strictly validated commands, it's assumed to not be
supported.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Link: https://lore.kernel.org/r/20200213131608.10541-2-sergey.matyukevich.os@quantenna.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-03-05 16:43:41 +01:00
Sergey Matyukevich fd206c770d cfg80211: check wiphy driver existence for drvinfo report 
[ Upstream commit bfb7bac3a8f47100ebe7961bd14e924c96e21ca7 ]

When preparing ethtool drvinfo, check if wiphy driver is defined
before dereferencing it. Driver may not exist, e.g. if wiphy is
attached to a virtual platform device.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Link: https://lore.kernel.org/r/20200203105644.28875-1-sergey.matyukevich.os@quantenna.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-03-05 16:43:36 +01:00
Arnd Bergmann 86982620f2 wireless: wext: avoid gcc -O3 warning 
[ Upstream commit e16119655c9e6c4aa5767cd971baa9c491f41b13 ]

After the introduction of CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE_O3,
the wext code produces a bogus warning:

In function 'iw_handler_get_iwstats',
    inlined from 'ioctl_standard_call' at net/wireless/wext-core.c:1015:9,
    inlined from 'wireless_process_ioctl' at net/wireless/wext-core.c:935:10,
    inlined from 'wext_ioctl_dispatch.part.8' at net/wireless/wext-core.c:986:8,
    inlined from 'wext_handle_ioctl':
net/wireless/wext-core.c:671:3: error: argument 1 null where non-null expected [-Werror=nonnull]
   memcpy(extra, stats, sizeof(struct iw_statistics));
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from arch/x86/include/asm/string.h:5,
net/wireless/wext-core.c: In function 'wext_handle_ioctl':
arch/x86/include/asm/string_64.h:14:14: note: in a call to function 'memcpy' declared here

The problem is that ioctl_standard_call() sometimes calls the handler
with a NULL argument that would cause a problem for iw_handler_get_iwstats.
However, iw_handler_get_iwstats never actually gets called that way.

Marking that function as noinline avoids the warning and leads
to slightly smaller object code as well.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200107200741.3588770-1-arnd@arndb.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-02-05 21:22:47 +00:00