-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl99WYoACgkQONu9yGCS
aT75hA/+Lu0udzlCD/Uw1SDFKPo3Xed6hFiFUOHHtQxVel9r3DNOX1+kfNAH5ifo
G2NW6O25Bl4qxmG02QRW85r7JRHhoMQOx1DldLGlJCfcgmVcwEaiRg6HgMh+9OiC
qPAuE6zbB5h97dPQppe5u7e6pzjrsTgR6pYlnuwPVF6TSmTYXM3OGubXItOyneRZ
ePnzH9w4bk/n4UAARYOowfFhRnO/Qml+QPxc8rFbK2inGXCJ31QLITJCa3Y3KXP3
AC2aM2M8B04GJBFhXH8pLFrzvB/+S1DwzmtT3d6TWdQRqdSr+GAPJ/3jX2eKMuwK
6vfF/caGvfYpomEFCHFKyLxmFwhbSEfVD0ht4jr3aiF/E0ii8sXKN8mnnowpNFpG
23kG+baxxe1ZbjXw4VjtGGXruJQ6im5o7siRnmfKYv18Fo5O3yEga9pCjOdkHT20
gjes0GfTtgr3nrlW19B03ZYL7p3ri46NlY7Zlawvtz3dlWY9rTkII3nxD5k5Ywxs
KgDVpREwr7LuKOgGTxkwLGHNEF7b1mJrjdrlX/X2SDJD/IQc3xdD5382lXSQRaem
QaZhu6S6SNCjI9fGQ7jOYMR3ouGegFsPOnr6BQxvKmoolsUzXTeTxR0u2R5dqYGI
1RwmuTIQTvURoFy1XyhNyLJAbCvk+9BeNp8I5/YTNbvkFKlnawM=
=qKZh
-----END PGP SIGNATURE-----
Merge 4.19.150 into android-4.19-stable
Changes in 4.19.150
mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models
USB: gadget: f_ncm: Fix NDP16 datagram validation
gpio: mockup: fix resource leak in error path
gpio: tc35894: fix up tc35894 interrupt configuration
clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk
vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
vsock/virtio: stop workers during the .remove()
vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock()
net: virtio_vsock: Enhance connection semantics
Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
ftrace: Move RCU is watching check after recursion check
drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices
drm/sun4i: mixer: Extend regmap max_register
net: dec: de2104x: Increase receive ring size for Tulip
rndis_host: increase sleep time in the query-response loop
nvme-core: get/put ctrl and transport module in nvme_dev_open/release()
drivers/net/wan/lapbether: Make skb->protocol consistent with the header
drivers/net/wan/hdlc: Set skb->protocol before transmitting
mac80211: do not allow bigger VHT MPDUs than the hardware supports
spi: fsl-espi: Only process interrupts for expected events
nvme-fc: fail new connections to a deleted host or remote port
gpio: sprd: Clear interrupt when setting the type as edge
pinctrl: mvebu: Fix i2c sda definition for 98DX3236
nfs: Fix security label length not being reset
clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
i2c: cpm: Fix i2c_ram structure
Input: trackpoint - enable Synaptics trackpoints
random32: Restore __latent_entropy attribute on net_rand_state
mm: replace memmap_context by meminit_context
mm: don't rely on system state to detect hot-plug operations
net/packet: fix overflow in tpacket_rcv
epoll: do not insert into poll queues until all sanity checks are done
epoll: replace ->visited/visited_list with generation count
epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
ep_create_wakeup_source(): dentry name can change under you...
netfilter: ctnetlink: add a range check for l3/l4 protonum
Linux 4.19.150
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib6f1b6fce01bec80efd4a905d03903ff20ca89be
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl8/jnoACgkQONu9yGCS
aT54fA//azItNUOsY1HujeNfINHWCqCLV7OHpdxa9MEeixSpP/ufsGcgyZBTslNw
WOENkdUPGYxUQt9yyZjSY5CEneH6a007idCfUWIuHRZ9nxKbDZm312xDDcDkeZI7
P4TGvIdpDq7Czk2c+OCSUnmp/+fCJdPCpCYJZp0kBDVbUsKeUwpBJ42Dca8f/2iM
lWVlGR2KwMIV+NSVArpu8EUOpw7X4rPsGz72kEvVhCkcXa9GFxGbs65AVNG5NTzt
9sHBlja7PZTqt844/6UBM5EgTR43uJT5z8sSV5N5s6j2d07m/T+2f73PyKqr6+jQ
SXKpIp/J6Po7tCej5u4B9LO+ePpasuxbNAXmn1GLuiP7qzKRAriFxK2RfXXxqIuE
aP9DB6P/wbr/MszFjIFFg9nrr9G/biriRNPWtnzD2hbUk1mfM8WNCCSIt90MZh0f
CT85JiEBFlU5cZhgUJfqJcfZcckE8gbdUGOBvZ5NOq0hxqN2S6+/phespwkd4h/a
A4QyhER6eI9zT/StBoSLejs8c/lHKHjqyMARNjXLPF+bkkR90L9WDgocB1KiV0jn
YOY+j4tjXGnn/QAsuW/uhYVvzETtkQ5oSyeV5uTcgYvU3iw+QFo9H//y83yB5Q0o
pdDRNmMTtdYwrwkzt73xsjKGlVXaA8kB5kRCuBwGb5kzr0G8baE=
=Txdz
-----END PGP SIGNATURE-----
Merge 4.19.141 into android-4.19-stable
Changes in 4.19.141
smb3: warn on confusing error scenario with sec=krb5
genirq/affinity: Make affinity setting if activated opt-in
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken
PCI: Add device even if driver attach failed
PCI: qcom: Define some PARF params needed for ipq8064 SoC
PCI: qcom: Add support for tx term offset for rev 2.1.0
PCI: Probe bridge window attributes once at enumeration-time
btrfs: free anon block device right after subvolume deletion
btrfs: don't allocate anonymous block device for user invisible roots
btrfs: ref-verify: fix memory leak in add_block_entry
btrfs: don't traverse into the seed devices in show_devname
btrfs: open device without device_list_mutex
btrfs: fix messages after changing compression level by remount
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
btrfs: fix return value mixup in btrfs_get_extent
dt-bindings: iio: io-channel-mux: Fix compatible string in example code
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
xtensa: fix xtensa_pmu_setup prototype
cifs: Fix leak when handling lease break for cached root fid
powerpc: Allow 4224 bytes of stack expansion for the signal frame
powerpc: Fix circular dependency between percpu.h and mmu.h
media: vsp1: dl: Fix NULL pointer dereference on unbind
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
net/compat: Add missing sock updates for SCM_RIGHTS
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
bcache: fix overflow in offset_to_stripe()
mac80211: fix misplaced while instead of if
driver core: Avoid binding drivers to dead devices
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
mm/page_counter.c: fix protection usage propagation
ftrace: Setup correct FTRACE_FL_REGS flags for module
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
tracing/hwlat: Honor the tracing_cpumask
tracing: Use trace_sched_process_free() instead of exit() for pid tracing
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
pseries: Fix 64 bit logical memory block panic
module: Correctly truncate sysfs sections output
perf intel-pt: Fix FUP packet state
remoteproc: qcom: q6v5: Update running state before requesting stop
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
mfd: arizona: Ensure 32k clock is put on driver unbind and error
RDMA/ipoib: Return void from ipoib_ib_dev_stop()
RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()
media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic
media: rockchip: rga: Only set output CSC mode for RGB input
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
mmc: renesas_sdhi_internal_dmac: clean up the code for dma complete
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
selftests/powerpc: ptrace-pkey: Rename variables to make it easier to follow code
selftests/powerpc: ptrace-pkey: Update the test to mark an invalid pkey correctly
selftests/powerpc: ptrace-pkey: Don't update expected UAMOR value
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
pwm: bcm-iproc: handle clk_get_rate() return
tools build feature: Use CC and CXX from parent
i2c: rcar: avoid race when unregistering slave
openrisc: Fix oops caused when dumping stack
scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport
watchdog: initialize device before misc_register
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
drm/vmwgfx: Fix two list_for_each loop exit tests
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
nfs: Fix getxattr kernel panic and memory overflow
fs/minix: set s_maxbytes correctly
fs/minix: fix block limit check for V1 filesystems
fs/minix: remove expected error message in block_to_path()
fs/ufs: avoid potential u32 multiplication overflow
test_kmod: avoid potential double free in trigger_config_run_type()
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
perf bench mem: Always memset source before memcpy
tools build feature: Quote CC and CXX for their arguments
sh: landisk: Add missing initialization of sh_io_port_base
khugepaged: retract_page_tables() remember to test exit
arm64: dts: marvell: espressobin: add ethernet alias
drm: Added orientation quirk for ASUS tablet model T103HAF
drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume
Linux 4.19.141
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0800f8e03919fd8f054c1bcda87efd70a6e5db6b
commit 5981fe5b0529ba25d95f37d7faa434183ad618c5 upstream.
This never was intended to be a 'while' loop, it should've
just been an 'if' instead of 'while'. Fix this.
I noticed this while applying another patch from Ben that
intended to fix a busy loop at this spot.
Cc: stable@vger.kernel.org
Fixes: b16798f5b907 ("mac80211: mark station unauthorized before key removal")
Reported-by: Ben Greear <greearb@candelatech.com>
Link: https://lore.kernel.org/r/20200803110209.253009ae41ff.I3522aad099392b31d5cf2dcca34cbac7e5832dde@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl8qaHIACgkQONu9yGCS
aT62TxAAwZ04yMUrjhm9TpAYUGJXcZ77AL2fliW4Ep8VRE1umCoKhmp8kB6JV5TD
U/hxqufydvFbuRJK0hmrPhRPCkQfsTD6xKITjq1JgvEz5abGbrPXi7VZtJPQaiUN
LxcNLwYfe2j8cRMWOpPQ10V/HvFpvlyrGF5TYpCT/5h1Y48FdBFTywNzmbL/J55O
v7LMDgg2KB5SMPVsVktThWR5nsATiWBmJWb+4d0+GNkRX0idhu+XIKkNVWW8GAQa
zjaUP9E7ysNU+YBwgD6uaRu0sgIxxqi9eITqqk+46b4gy1S/n5iorIkddkMoaySN
ttLOiZZal9TDs1CTXXCPrw/14b+go9irEpwtYXGMdkmtOV28022m6YF7IkYHpX4I
IsEPfLRlulB0i8DddNguOhHKVkD6Kuf934+sYV447QyqlPSszaGGxh+EK+aOk4/4
PdwvUJlS90ExND0ID4whMgl50MOf6YcQxZ2oykDyNeVqU8USwdo0c6tYatNvdiu9
DRzV6AU9CwnA0rYpCSpXY89j1uWeJCgKvYH3rTBIqUPKWT3LMfshu8xJioxP+29R
eooKvy3I5miPv47s9cQKw+5dae0kH/8boR2flLBkGV/VB5VvnBBswP6Z0CCwMcT0
M5+z7oLnbJdPIJ58kAKDvg6Fu9S/8Y5KVwUiZp3KkNRl9L5lDQY=
=bZTL
-----END PGP SIGNATURE-----
Merge 4.19.137 into android-4.19-stable
Changes in 4.19.137
crypto: ccp - Release all allocated memory if sha type is invalid
media: rc: prevent memory leak in cx23888_ir_probe
iio: imu: adis16400: fix memory leak
drm/amdgpu: fix multiple memory leaks in acp_hw_init
tracing: Have error path in predicate_parse() free its allocated memory
ath9k_htc: release allocated buffer if timed out
ath9k: release allocated buffer if timed out
drm/amd/display: prevent memory leak
btrfs: inode: Verify inode mode to avoid NULL pointer dereference
sctp: implement memory accounting on tx path
Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
wireless: Use offsetof instead of custom macro.
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers"
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
drm: hold gem reference until object is no longer accessed
rds: Prevent kernel-infoleak in rds_notify_queue_get()
xfs: fix missed wakeup on l_flush_wait
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
net/x25: Fix null-ptr-deref in x25_disconnect
xfrm: Fix crash when the hold queue is used.
selftests/net: rxtimestamp: fix clang issues for target arch PowerPC
selftests/net: psock_fanout: fix clang issues for target arch PowerPC
sh: Fix validation of system call number
net/mlx5: Verify Hardware supports requested ptp function on a given pin
net: lan78xx: add missing endpoint sanity check
net: lan78xx: fix transfer-buffer memory leak
mlx4: disable device on shutdown
mlxsw: core: Increase scope of RCU read-side critical section
mlxsw: core: Free EMAD transactions using kfree_rcu()
ibmvnic: Fix IRQ mapping disposal in error path
bpf: Fix map leak in HASH_OF_MAPS map
mac80211: mesh: Free ie data when leaving mesh
mac80211: mesh: Free pending skb when destroying a mpath
arm64/alternatives: move length validation inside the subsection
arm64: csum: Fix handling of bad packets
Bluetooth: fix kernel oops in store_pending_adv_report
net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe()
net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
usb: hso: Fix debug compile warning on sparc32
qed: Disable "MFW indication via attention" SPAM every 5 minutes
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
parisc: add support for cmpxchg on u8 pointers
net: ethernet: ravb: exit if re-initialization fails in tx timeout
Revert "i2c: cadence: Fix the hold bit setting"
x86/unwind/orc: Fix ORC for newly forked tasks
cxgb4: add missing release on skb in uld_send()
xen-netfront: fix potential deadlock in xennet_remove()
KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
x86/i8259: Use printk_deferred() to prevent deadlock
Linux 4.19.137
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic57c1620f2febb595f4f764757b1792ffc866643
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl8hMIIACgkQONu9yGCS
aT4+fQ/+LvplGwblkH8vuttKsz17BHXD8/FcL6LIbLKTyaWJMWp/raMWQyQLrZpL
B58dFVZxenmpljLvupB9a1qifZk00U8M+aoU45Pf6PHAww2sGoU1h5sZexqRqOmN
FAh3hLMq1qyJ6qDIugZ0sbtDaO7t5GwvT1YKKo6V9hqi0XamTVrppI/EVVDDA0ve
/WigyxjT51DIPd3bmjJ3Xn920artrW+fydA+jTyMBBME/qFi5s2yN7Rui0ViNz44
crwGxAN1v3+MboulHFsnCdLAlh9hyI4VNXpvpNhKIoVE9BMHgBmmnWA+0KUIjAeA
8GfL2TcspjElNnz9T4f957Rj6Ft7qlStYIyJ45rcGRMXkyNs1lw5CDfkJcy8giVD
7yImkQZ2c8jCgkr/Vor/MfHOPtg1KzpAuNrWZnobTdnaBGxgcC61pnKHxF5Vx40h
78hOFXqunGNMwNBR4EEjmP4B3zapeHVo4GXBPtwY8M878Uj28z2pL4Vx6MhbvmTf
1i8xipclcgpV5ZyN+zv8XA55pcw8ahQOuUknEx+3yH0chlf5cIxXhr92g1DrDwoF
YvNYJQA7qJpgx/k582u6bJYkBdNa+XJaBLjQUhI/Z9UVS33S/CouGHpFyIMpVMx9
vo3ujFpuUP4ZCeKENjINa7RfQhD7oHQQQrk5RcsFBYJaWgCdi3A=
=ugxS
-----END PGP SIGNATURE-----
Merge 4.19.135 into android-4.19-stable
Changes in 4.19.135
soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner
gpio: arizona: handle pm_runtime_get_sync failure case
gpio: arizona: put pm_runtime in case of failure
pinctrl: amd: fix npins for uart0 in kerncz_groups
mac80211: allow rx of mesh eapol frames with default rx key
scsi: scsi_transport_spi: Fix function pointer check
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
xtensa: update *pos in cpuinfo_op.next
drivers/net/wan/lapbether: Fixed the value of hard_header_len
net: sky2: initialize return of gm_phy_read
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups()
fuse: fix weird page warning
irqdomain/treewide: Keep firmware node unconditionally allocated
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
tipc: clean up skb list lock handling on send path
IB/umem: fix reference count leak in ib_umem_odp_get()
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
btrfs: fix double free on ulist after backref resolution failure
btrfs: fix mount failure caused by race with umount
btrfs: fix page leaks after failure to lock page for delalloc
bnxt_en: Fix race when modifying pause settings.
fpga: dfl: fix bug in port reset handshake
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
ax88172a: fix ax88172a_unbind() failures
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
ieee802154: fix one possible memleak in adf7242_probe
drm: sun4i: hdmi: Fix inverted HPD result
net: smc91x: Fix possible memory leak in smc_drv_probe()
bonding: check error value of register_netdevice() immediately
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
qed: suppress "don't support RoCE & iWARP" flooding on HW init
ipvs: fix the connection sync failed in some cases
net: ethernet: ave: Fix error returns in ave_init
i2c: rcar: always clear ICSAR to avoid side effects
bonding: check return value of register_netdevice() in bond_newlink()
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
scripts/decode_stacktrace: strip basepath from all paths
scripts/gdb: fix lx-symbols 'gdb.error' while loading modules
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
HID: alps: support devices with report id 2
HID: steam: fixes race in handling device list.
HID: apple: Disable Fn-key key-re-mapping on clone keyboards
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
Input: add `SW_MACHINE_COVER`
spi: mediatek: use correct SPI_CFG2_REG MACRO
regmap: dev_get_regmap_match(): fix string comparison
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
dmaengine: ioat setting ioat timeout as module parameter
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
hwmon: (adm1275) Make sure we are reading enough data for different chips
hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe()
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
x86: math-emu: Fix up 'cmp' insn for clang ias
RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw
binder: Don't use mmput() from shrinker function.
usb: xhci-mtk: fix the failure of bandwidth allocation
usb: xhci: Fix ASM2142/ASM3142 DMA addressing
Revert "cifs: Fix the target file was deleted when rename failed."
staging: wlan-ng: properly check endpoint types
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
serial: 8250_mtk: Fix high-speed baud rates clamping
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
vt: Reject zero-sized screen buffer size.
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
mm/memcg: fix refcount error while moving and swapping
mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock
mm: memcg/slab: fix memory leak at non-root kmem_cache destroy
io-mapping: indicate mapping failure
drm/amdgpu: Fix NULL dereference in dpm sysfs handlers
drm/amd/powerplay: fix a crash when overclocking Vega M
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
x86, vmlinux.lds: Page-align end of ..page_aligned sections
ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10
ASoC: qcom: Drop HAS_DMA dependency to fix link failure
dm integrity: fix integrity recalculation that is improperly skipped
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9k: Fix regression with Atheros 9271
Linux 4.19.135
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0bbcde83e7c810352d998f28d3484efa2b9ede8e
[ Upstream commit 0b467b63870d9c05c81456aa9bfee894ab2db3b6 ]
Without this patch, eapol frames cannot be received in mesh
mode, when 802.1X should be used. Initially only a MGTK is
defined, which is found and set as rx->key, when there are
no other keys set. ieee80211_drop_unencrypted would then
drop these eapol frames, as they are data frames without
encryption and there exists some rx->key.
Fix this by differentiating between mesh eapol frames and
other data frames with existing rx->key. Allow mesh mesh
eapol frames only if they are for our vif address.
With this patch in-place, ieee80211_rx_h_mesh_fwding continues
after the ieee80211_drop_unencrypted check and notices, that
these eapol frames have to be delivered locally, as they should.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Link: https://lore.kernel.org/r/20200625104214.50319-1-markus.theil@tu-ilmenau.de
[small code cleanups]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7XQQYACgkQONu9yGCS
aT4vwQ/9EZxtWUPh/JSsl+eImHuZjCwa/gzdLh0kUvr4Tgqxv+3KkTZ+7/TyPvID
UgbxxY6qtIP3o4W3kysLAFbOJl+I4IWkEpfCn7vKLzV0BxHjx5Krodo38zT/Ll8S
Vqi62nRpiYiqD0qrr/dZSnlY1SUyMYnQ04NKKyZokyj392ErEE2TWNGhN4m3369A
2Dm46WDKckMudkUElXvu2rQkIpVMJACr/aUaFWmmGsfZt+TGQtjRozlKkkq1vokW
WJEdCVjQwmeWW5T/OZdfM5VmuqspgtU4BhAmzxTVHGGWw+MIEcNU7LIz3s7cpBdr
7ykY4NcXxvPO5Mn/P5usOZFT/TncZQ65ZqxAEgPoF089D0uXkVTOV9dCLqPzej+g
/druvsu6bJqsbi8sd5mftXi5KKH/VDPrxnkEEvhIcuc9GCAKCQjtYz8Vtmkek30U
Mz/UcqhtUTzOJU6yZg7zV/JQ6jrzrXm4VFDdiUHoNe3LuWtFsExMXhokV9TBsScY
LtDYfe9qIq345BHsKah46VKEIa0Sb53eJFKRrEUK+4EVNr8Rp13afdXPlweX41O+
ecBlHfpRsi6MB2/fY6lBlE0uHIYSIlV78wV0wHC4czbROCYY2XSCCS2MoEXu5kD4
KMqXE6nM4tYqgV3arc2nHzth7GaEnbyCPSMMOq+2on6XB4LCRQc=
=rO6H
-----END PGP SIGNATURE-----
Merge 4.19.126 into android-4.19-stable
Changes in 4.19.126
ax25: fix setsockopt(SO_BINDTODEVICE)
dpaa_eth: fix usage as DSA master, try 3
net: dsa: mt7530: fix roaming from DSA user ports
__netif_receive_skb_core: pass skb by reference
net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
net: ipip: fix wrong address family in init error path
net/mlx5: Add command entry handling completion
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
net sched: fix reporting the first-time use timestamp
r8152: support additional Microsoft Surface Ethernet Adapter variant
sctp: Don't add the shutdown timer if its already been added
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
net/mlx5e: Update netdev txq on completions during closure
net/mlx5: Annotate mutex destroy for root ns
net: sun: fix missing release regions in cas_init_one().
net/mlx4_core: fix a memory leak bug.
mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails
ARM: dts: rockchip: fix phy nodename for rk3228-evb
arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts
arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
ARM: dts: rockchip: swap clock-names of gpu nodes
ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
gpio: tegra: mask GPIO IRQs during IRQ shutdown
ALSA: usb-audio: add mapping for ASRock TRX40 Creator
net: microchip: encx24j600: add missed kthread_stop
gfs2: move privileged user check to gfs2_quota_lock_check
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
usb: dwc3: pci: Enable extcon driver for Intel Merrifield
usb: gadget: legacy: fix redundant initialization warnings
net: freescale: select CONFIG_FIXED_PHY where needed
IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
riscv: stacktrace: Fix undefined reference to `walk_stackframe'
cifs: Fix null pointer check in cifs_read
samples: bpf: Fix build error
Input: usbtouchscreen - add support for BonXeon TP
Input: evdev - call input_flush_device() on release(), not flush()
Input: xpad - add custom init packet for Xbox One S controllers
Input: dlink-dir685-touchkeys - fix a typo in driver name
Input: i8042 - add ThinkPad S230u to i8042 reset list
Input: synaptics-rmi4 - really fix attn_data use-after-free
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
ARM: 8970/1: decompressor: increase tag size
ARM: 8843/1: use unified assembler in headers
ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
ARM: uaccess: integrate uaccess_save and uaccess_restore
ARM: uaccess: fix DACR mismatch with nested exceptions
gpio: exar: Fix bad handling for ida_simple_get error path
IB/qib: Call kobject_put() when kobject_init_and_add() fails
ARM: dts/imx6q-bx50v3: Set display interface clock parents
ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
ARM: dts: bcm: HR2: Fix PPI interrupt types
mmc: block: Fix use-after-free issue for rpmb
RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
ALSA: hwdep: fix a left shifting 1 by 31 UB bug
ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
exec: Always set cap_ambient in cap_bprm_set_creds
ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
ALSA: hda/realtek - Add new codec supported for ALC287
libceph: ignore pool overlay and cache logic on redirects
IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
include/asm-generic/topology.h: guard cpumask_of_node() macro argument
iommu: Fix reference count leak in iommu_group_alloc.
parisc: Fix kernel panic in mem_init()
mmc: core: Fix recursive locking issue in CQE recovery path
RDMA/core: Fix double destruction of uobject
mac80211: mesh: fix discovery timer re-arming issue / crash
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
copy_xstate_to_kernel(): don't leave parts of destination uninitialized
xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
xfrm interface: fix oops when deleting a x-netns interface
xfrm: fix a warning in xfrm_policy_insert_list
xfrm: fix a NULL-ptr deref in xfrm_local_error
xfrm: fix error in comment
vti4: eliminated some duplicate code.
ip_vti: receive ipip packet by calling ip_tunnel_rcv
netfilter: nft_reject_bridge: enable reject with bridge vlan
netfilter: ipset: Fix subcounter update skip
netfilter: nfnetlink_cthelper: unbreak userspace helper support
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
esp6: get the right proto for transport mode in esp6_gso_encap
bnxt_en: Fix accumulation of bp->net_stats_prev.
xsk: Add overflow check for u64 division, stored into u32
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
crypto: chelsio/chtls: properly set tp->lsndtime
bonding: Fix reference count leak in bond_sysfs_slave_add.
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
Linux 4.19.126
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic7ffeb4cbc4d3f1b49c60d97a5d113fcad1d098a
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl63u5UACgkQONu9yGCS
aT7RVg//R5c/j20EeNgajbroWic+Ljf/oUyH1ybE+W1ITYr1iB8f9dRrsXOoO4LS
USmmzhcdC1UXNdqY+LDzsJ6ybKptfrRDlxGpbpOWyQziC2XYn4QiBt6Lp87Irsd3
ZLWiDtSJRXVApLa/8iDtLqaR4V2w2bYNuuBlRJJxRHtWMDbi7Qj21zF74Ey0EtqI
/lBLg/GJxGlNc7qi6USzflPOSj8zPBJsmmOhScGFDvk33HsNnU0d4dXckqAX5pt4
ZIUA9ID13djY0X4tw5aTO8nrYm5ok9B4BSsFaLtkpT4A5JpHbXQ8FDM+cwuHbNYw
AXeeJM/91obOS71JmJQ5wmilE4JHS8BWNfz1fMqyiIGaYZFwL9deKLPCB/NExzRb
kzXe6ppVtibze9HwQXVjOj6VP9LlbSbQnCmGeAASL5g80HhbTIvKR5/KEnHoXG+M
toPjfSCZDIXoJX5BJ10iKSD3QXLO05roefZz532b3I9wo6h+uLmEEpTu9BM7czJr
onrXpuwqIxstwQrB//N3vNqyyhjj91YJJexF24gHXmvWjpkGs0+xFgNZrZCWCLJc
J5JL76kLwdTfToaNxbrY20t6nOqARNAgeHVE3ZPinqk8oML/AhWfayqUlYPy63Z6
bl9zHi6SR4Ye8F23KJlzpSnuTdAPioIQjbNT9PRPM73s49mVwVI=
=t5+R
-----END PGP SIGNATURE-----
Merge 4.19.122 into android-4.19
Changes in 4.19.122
vhost: vsock: kick send_pkt worker once device is started
powerpc/pci/of: Parse unassigned resources
ASoC: topology: Check return value of pcm_new_ver
selftests/ipc: Fix test failure seen after initial test run
ASoC: sgtl5000: Fix VAG power-on handling
usb: dwc3: gadget: Properly set maxpacket limit
ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode
ASoC: rsnd: Fix HDMI channel mapping for multi-SSI mode
ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry
drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii)
wimax/i2400m: Fix potential urb refcnt leak
net: stmmac: fix enabling socfpga's ptp_ref_clock
net: stmmac: Fix sub-second increment
ASoC: rsnd: Don't treat master SSI in multi SSI setup as parent
ASoC: rsnd: Fix "status check failed" spam for multi-SSI
cifs: protect updating server->dstaddr with a spinlock
s390/ftrace: fix potential crashes when switching tracers
scripts/config: allow colons in option strings for sed
lib/mpi: Fix building for powerpc with clang
net: bcmgenet: suppress warnings on failed Rx SKB allocations
net: systemport: suppress warnings on failed Rx SKB allocations
sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event
lib: devres: add a helper function for ioremap_uc
mfd: intel-lpss: Use devm_ioremap_uc for MMIO
hexagon: clean up ioremap
hexagon: define ioremap_uc
ALSA: hda: Match both PCI ID and SSID for driver blacklist
platform/x86: GPD pocket fan: Fix error message when temp-limits are out of range
mac80211: add ieee80211_is_any_nullfunc()
cgroup, netclassid: remove double cond_resched
drm/atomic: Take the atomic toys away from X
Linux 4.19.122
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7257fc5afa0c25d3ba2f6884822ec315d556426a
commit 30b2f0be23fb40e58d0ad2caf8702c2a44cda2e1 upstream.
commit 08a5bdde3812 ("mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED")
Fixed a bug where we failed to take into account a
nullfunc frame can be either non-QoS or QoS. It turns out
there is at least one more bug in
ieee80211_sta_tx_notify(), introduced in
commit 7b6ddeaf27 ("mac80211: use QoS NDP for AP probing"),
where we forgot to check for the QoS variant and so
assumed the QoS nullfunc frame never went out
Fix this by adding a helper ieee80211_is_any_nullfunc()
which consolidates the check for non-QoS and QoS nullfunc
frames. Replace existing compound conditionals and add a
couple more missing checks for QoS variant.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Link: https://lore.kernel.org/r/20200114055940.18502-3-thomas@adapt-ip.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6F6HkACgkQONu9yGCS
aT7FkxAAgZOwRDVRkqjfSE+MBAqbE41sO3iAWmv9gQazdK+APGdQaasQ73gBdcuQ
wliG5W9k9J0qkcnUIAnEgooAWXB9+7p4NF1BZHmpmYleXZckmXtaDK3cKgFWAOVD
KMQgiEYHgdm6otlNf328uOmoaggN1wRqmMsW/PZys0AvQ183oTsidhQwfOofCt3k
LwJiu5o+gJCIePrqKuHtkteKmjFR1KQ2RZHPmJ2ApoxVymBreJWKMl8ZVCRyteDx
JoWZfprPnZZaqb83ylkpE/lXyut0etT2zmI+W/Bg4LFDZTVfqw+HPB7opvITfP0p
6H0YwH9Qn/BiOcP6JncVUPLe8/bEiOJ/jsJwPRCcl0C7PmDrn6uhBNVfrY4CreAL
h38/vKSwK8iduyPpne6zq6hQDYBTdEpBDtXFsnElNBmyIE7yIH3ta8qDYsW13Fr7
x9U7F9KagIR1AH2b/uMzjlTDv85hvzGP8vS06S1gJn6RJP0WSDtpE7RNT6MkfMIw
Ti16a9nEJ3H+Zn76vdvlLirmziETsIVpxHSDRu/X9QfxJmXHnXg7581bu8aGZ1zN
6xwWP9mWA8KJzbX5mxXChHoZ9qQ/o4D10MxS+7DXFYiya4prHWphyTS2MYbzMzIl
TIOJ54FVg01QiQbh29X05hvd3RMOkdzJ9Tggq8oTSLvgTIUSmi0=
=jtGQ
-----END PGP SIGNATURE-----
Merge 4.19.114 into android-4.19
Changes in 4.19.114
mmc: core: Allow host controllers to require R1B for CMD6
mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for erase/trim/discard
mmc: core: Respect MMC_CAP_NEED_RSP_BUSY for eMMC sleep command
mmc: sdhci-omap: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY
Revert "drm/dp_mst: Skip validating ports during destruction, just ref"
geneve: move debug check after netdev unregister
hsr: fix general protection fault in hsr_addr_is_self()
macsec: restrict to ethernet devices
mlxsw: spectrum_mr: Fix list iteration in error path
net: cbs: Fix software cbs to consider packet sending time
net: dsa: Fix duplicate frames flooded by learning
net: mvneta: Fix the case where the last poll did not process all rx
net/packet: tpacket_rcv: avoid a producer race condition
net: qmi_wwan: add support for ASKEY WWHC050
net_sched: cls_route: remove the right filter from hashtable
net_sched: keep alloc_hash updated after hash allocation
net: stmmac: dwmac-rk: fix error path in rk_gmac_probe
NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
slcan: not call free_netdev before rtnl_unlock in slcan_open
bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets()
bnxt_en: Reset rings if ring reservation fails during open()
net: ip_gre: Separate ERSPAN newlink / changelink callbacks
net: ip_gre: Accept IFLA_INFO_DATA-less configuration
net: dsa: mt7530: Change the LINK bit to reflect the link status
net: phy: mdio-mux-bcm-iproc: check clk_prepare_enable() return value
r8169: re-enable MSI on RTL8168c
tcp: repair: fix TCP_QUEUE_SEQ implementation
vxlan: check return value of gro_cells_init()
hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
hsr: add restart routine into hsr_get_node_list()
hsr: set .netnsok flag
cgroup-v1: cgroup_pidlist_next should update position index
nfs: add minor version to nfs_server_key for fscache
cpupower: avoid multiple definition with gcc -fno-common
drivers/of/of_mdio.c:fix of_mdiobus_register()
cgroup1: don't call release_agent when it is ""
dt-bindings: net: FMan erratum A050385
arm64: dts: ls1043a: FMan erratum A050385
fsl/fman: detect FMan erratum A050385
s390/qeth: handle error when backing RX buffer
scsi: ipr: Fix softlockup when rescanning devices in petitboot
mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
sxgbe: Fix off by one in samsung driver strncpy size arg
ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare()
i2c: hix5hd2: add missed clk_disable_unprepare in remove
Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
Input: synaptics - enable RMI on HP Envy 13-ad105ng
Input: avoid BIT() macro usage in the serio.h UAPI header
ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL
ARM: dts: dra7: Add bus_dma_limit for L3 bus
ARM: dts: omap5: Add bus_dma_limit for L3 bus
perf probe: Do not depend on dwfl_module_addrsym()
tools: Let O= makes handle a relative path with -C option
scripts/dtc: Remove redundant YYLOC global declaration
scsi: sd: Fix optimal I/O size for devices that change reported values
nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type
mac80211: mark station unauthorized before key removal
gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk
gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model
RDMA/core: Ensure security pkey modify is not lost
genirq: Fix reference leaks on irq affinity notifiers
xfrm: handle NETDEV_UNREGISTER for xfrm device
vti[6]: fix packet tx through bpf_redirect() in XinY cases
RDMA/mlx5: Block delay drop to unprivileged users
xfrm: fix uctx len check in verify_sec_ctx_len
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
xfrm: policy: Fix doulbe free in xfrm_policy_timer
afs: Fix some tracing details
netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6}
netfilter: nft_fwd_netdev: validate family and chain type
bpf/btf: Fix BTF verification of enum members in struct/union
vti6: Fix memory leak of skb if input policy check fails
Revert "r8169: check that Realtek PHY driver module is loaded"
mac80211: add option for setting control flags
mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX
USB: serial: option: add support for ASKEY WWHC050
USB: serial: option: add BroadMobi BM806U
USB: serial: option: add Wistron Neweb D19Q1
USB: cdc-acm: restore capability check order
USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
usb: musb: fix crash with highmen PIO and usbmon
media: flexcop-usb: fix endpoint sanity check
media: usbtv: fix control-message timeouts
staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
ahci: Add Intel Comet Lake H RAID PCI ID
libfs: fix infoleak in simple_attr_read()
media: ov519: add missing endpoint sanity checks
media: dib0700: fix rc endpoint lookup
media: stv06xx: add missing descriptor sanity checks
media: xirlink_cit: add missing descriptor sanity checks
mac80211: Check port authorization in the ieee80211_tx_dequeue() case
mac80211: fix authentication with iwlwifi/mvm
vt: selection, introduce vc_is_sel
vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines
vt: switch vt_dont_switch to bool
vt: vt_ioctl: remove unnecessary console allocation checks
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
vt: vt_ioctl: fix use-after-free in vt_in_use()
platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table
bpf: Explicitly memset the bpf_attr structure
bpf: Explicitly memset some bpf info structures declared on the stack
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model
net: ks8851-ml: Fix IO operations, again
arm64: alternative: fix build with clang integrated assembler
perf map: Fix off by one in strncpy() size argument
ARM: dts: oxnas: Fix clear-mask property
ARM: bcm2835-rpi-zero-w: Add missing pinctrl name
ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage
ARM: dts: N900: fix onenand timings
arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id
arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode
Linux 4.19.114
Change-Id: Icc165d2e49aba750e1b5a8856d9774c149e59ce7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit be8c827f50a0bcd56361b31ada11dc0a3c2fd240 upstream.
The original patch didn't copy the ieee80211_is_data() condition
because on most drivers the management frames don't go through
this path. However, they do on iwlwifi/mvm, so we do need to keep
the condition here.
Cc: stable@vger.kernel.org
Fixes: ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Woody Suwalski <terraluna977@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ce2e1ca703071723ca2dd94d492a5ab6d15050da upstream.
mac80211 used to check port authorization in the Data frame enqueue case
when going through start_xmit(). However, that authorization status may
change while the frame is waiting in a queue. Add a similar check in the
dequeue case to avoid sending previously accepted frames after
authorization change. This provides additional protection against
potential leaking of frames after a station has been disconnected and
the keys for it are being removed.
Cc: stable@vger.kernel.org
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20200326155133.ced84317ea29.I34d4c47cd8cc8a4042b38a76f16a601fbcbfd9b3@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit b95d2ccd2ccb834394d50347d0e40dc38a954e4a ]
When a frame is transmitted via the nl80211 TX rather than as a
normal frame, IEEE80211_TX_CTRL_PORT_CTRL_PROTO wasn't set and
this will lead to wrong decisions (rate control etc.) being made
about the frame; fix this.
Fixes: 9118064914 ("mac80211: Add support for tx_control_port")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200326155333.f183f52b02f0.I4054e2a8c11c2ddcb795a0103c87be3538690243@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b16798f5b907733966fd1a558fca823b3c67e4a1 upstream.
If a station is still marked as authorized, mark it as no longer
so before removing its keys. This allows frames transmitted to it
to be rejected, providing additional protection against leaking
plain text data during the disconnection flow.
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200326155133.ccb4fb0bb356.If48f0f0504efdcf16b8921f48c6d3bb2cb763c99@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ba32679cac50c38fdf488296f96b1f3175532b8e ]
When trying to transmit to an unknown destination, the mesh code would
unconditionally transmit a HWMP PREQ even if HWMP is not the current
path selection algorithm.
Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Link: https://lore.kernel.org/r/20200305140409.12204-1-cavallar@lri.fr
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
802.11ay specification defines Enhanced Directional Multi-Gigabit
(EDMG) STA and AP which allow channel bonding of 2 channels and more.
Introduce new NL attributes that are needed for enabling and
configuring EDMG support.
Two new attributes are used by kernel to publish driver's EDMG
capabilities to the userspace:
NL80211_BAND_ATTR_EDMG_CHANNELS - bitmap field that indicates the 2.16
GHz channel(s) that are supported by the driver.
When this attribute is not set it means driver does not support EDMG.
NL80211_BAND_ATTR_EDMG_BW_CONFIG - represent the channel bandwidth
configurations supported by the driver.
Additional two new attributes are used by the userspace for connect
command and for AP configuration:
NL80211_ATTR_WIPHY_EDMG_CHANNELS
NL80211_ATTR_WIPHY_EDMG_BW_CONFIG
New rate info flag - RATE_INFO_FLAGS_EDMG, can be reported from driver
and used for bitrate calculation that will take into account EDMG
according to the 802.11ay specification.
Change-Id: I06d3f04d16b68d35c1dd9cd3624916302e8725a1
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Link: https://lore.kernel.org/r/1566138918-3823-2-git-send-email-ailizaro@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 2a38075cd0beefa4da326380cf54c7b365ddc035
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
[ailizaro@codeaurora.org: fix conflict due to missing NLA policy]
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
(cherry picked from commit afd697d007)
Bug: 150628559
Signed-off-by: Connor O'Brien <connoro@google.com>
[ Upstream commit 253216ffb2a002a682c6f68bd3adff5b98b71de8 ]
local->sta_mtx is held in __ieee80211_check_fast_rx_iface().
No need to use list_for_each_entry_rcu() as it also requires
a cond argument to avoid false lockdep warnings when not used in
RCU read-side section (with CONFIG_PROVE_RCU_LIST).
Therefore use list_for_each_entry();
Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
Link: https://lore.kernel.org/r/20200223143302.15390-1-madhuparnabhowmik10@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a04564c99bb4a92f805a58e56b2d22cc4978f152 ]
We only use the parsing CRC for checking if a beacon changed,
and elements with an ID > 63 cannot be represented in the
filter. Thus, like we did before with WMM and Cisco vendor
elements, just statically add these forgotten items to the
CRC:
- WLAN_EID_VHT_OPERATION
- WLAN_EID_OPMODE_NOTIF
I guess that in most cases when VHT/HE operation change, the HT
operation also changed, and so the change was picked up, but we
did notice that pure operating mode notification changes were
ignored.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/20200131111300.891737-22-luca@coelho.fi
[restrict to VHT for the mac80211 branch]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 6f601265215a421f425ba3a4850a35861d024643 ]
TKIP replay protection was skipped for the very first frame received
after a new key is configured. While this is potentially needed to avoid
dropping a frame in some cases, this does leave a window for replay
attacks with group-addressed frames at the station side. Any earlier
frame sent by the AP using the same key would be accepted as a valid
frame and the internal RSC would then be updated to the TSC from that
frame. This would allow multiple previously transmitted group-addressed
frames to be replayed until the next valid new group-addressed frame
from the AP is received by the station.
Fix this by limiting the no-replay-protection exception to apply only
for the case where TSC=0, i.e., when this is for the very first frame
protected using the new key, and the local RSC had not been set to a
higher value when configuring the key (which may happen with GTK).
Signed-off-by: Jouni Malinen <j@w1.fi>
Link: https://lore.kernel.org/r/20200107153545.10934-1-j@w1.fi
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 26ec17a1dc5ecdd8d91aba63ead6f8b5ad5dea0d ]
In case a radar event of CAC_FINISHED or RADAR_DETECTED
happens during another phy is during CAC we might need
to cancel that CAC.
If we got a radar in a channel that another phy is now
doing CAC on then the CAC should be canceled there.
If, for example, 2 phys doing CAC on the same channels,
or on comptable channels, once on of them will finish his
CAC the other might need to cancel his CAC, since it is no
longer relevant.
To fix that the commit adds an callback and implement it in
mac80211 to end CAC.
This commit also adds a call to said callback if after a radar
event we see the CAC is no longer relevant
Signed-off-by: Orr Mazor <Orr.Mazor@tandemg.com>
Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Link: https://lore.kernel.org/r/20191222145449.15792-1-Orr.Mazor@tandemg.com
[slightly reformat/reword commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 95697f9907bfe3eab0ef20265a766b22e27dde64 ]
We can process deauth frames and all, but we drop them very
early in the RX path today - this could never have worked.
Fixes: 2cc59e784b ("mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSS")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/20191004123706.15768-2-luca@coelho.fi
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 56dd918ff06e3ee24d8067e93ed12b2a39e71394 ]
The group number needs to be multiplied by the number of rates per group
to get the full rate index
Fixes: 5935839ad7 ("mac80211: improve minstrel_ht rate sorting by throughput & probability")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://lore.kernel.org/r/20190820095449.45255-1-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 3e493173b7841259a08c5c8e5cbe90adb349da7e upstream.
The Layer 2 Update frame is used to update bridges when a station roams
to another AP even if that STA does not transmit any frames after the
reassociation. This behavior was described in IEEE Std 802.11F-2003 as
something that would happen based on MLME-ASSOCIATE.indication, i.e.,
before completing 4-way handshake. However, this IEEE trial-use
recommended practice document was published before RSN (IEEE Std
802.11i-2004) and as such, did not consider RSN use cases. Furthermore,
IEEE Std 802.11F-2003 was withdrawn in 2006 and as such, has not been
maintained amd should not be used anymore.
Sending out the Layer 2 Update frame immediately after association is
fine for open networks (and also when using SAE, FT protocol, or FILS
authentication when the station is actually authenticated by the time
association completes). However, it is not appropriate for cases where
RSN is used with PSK or EAP authentication since the station is actually
fully authenticated only once the 4-way handshake completes after
authentication and attackers might be able to use the unauthenticated
triggering of Layer 2 Update frame transmission to disrupt bridge
behavior.
Fix this by postponing transmission of the Layer 2 Update frame from
station entry addition to the point when the station entry is marked
authorized. Similarly, send out the VLAN binding update only if the STA
entry has already been authorized.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 30ca1aa536211f5ac3de0173513a7a99a98a97f3 upstream.
Make ieee80211_send_layer2_update() a common function so other drivers
can re-use it.
Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
[bwh: Backported to 4.19 as dependency of commit 3e493173b784
"mac80211: Do not send Layer 2 Update frame before authorization"]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 08a5bdde3812993cb8eb7aa9124703df0de28e4b ]
Commit 7b6ddeaf27 ("mac80211: use QoS NDP for AP probing")
let STAs send QoS Null frames as PS triggers if the AP was
a QoS STA. However, the mac80211 PS stack relies on an
interface flag IEEE80211_STA_NULLFUNC_ACKED for
determining trigger frame ACK, which was not being set for
acked non-QoS Null frames. The effect is an inability to
trigger hardware sleep via IEEE80211_CONF_PS since the QoS
Null frame was seemingly never acked.
This bug only applies to drivers which set both
IEEE80211_HW_REPORTS_TX_ACK_STATUS and
IEEE80211_HW_PS_NULLFUNC_STACK.
Detect the acked QoS Null frame to restore STA power save.
Fixes: 7b6ddeaf27 ("mac80211: use QoS NDP for AP probing")
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Link: https://lore.kernel.org/r/20191119053538.25979-4-thomas@adapt-ip.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 285531f9e6774e3be71da6673d475ff1a088d675 ]
In the first 5 minutes after boot (time of INITIAL_JIFFIES),
ieee80211_sta_last_active() returns zero if last_ack is zero. This
leads to "inactive time" showing jiffies_to_msecs(jiffies).
# iw wlan0 station get fc:ec:da:64:a6:dd
Station fc:ec:da:64:a6:dd (on wlan0)
inactive time: 4294894049 ms
.
.
connected time: 70 seconds
Fix by returning last_rx if last_ack == 0.
Signed-off-by: Ahmed Zaki <anzaki@gmail.com>
Link: https://lore.kernel.org/r/20191031121243.27694-1-anzaki@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 972b66b86f85f4e8201db454f4c3e9d990cf9836 ]
Long/short preamble selection cannot be sampled separately, since it
depends on the BSS state. Because of that, sampling attempts to
currently not used preamble modes are not counted in the statistics,
which leads to CCK rates being sampled too often.
Fix statistics accounting for long/short preamble by increasing the
index where necessary.
Fix excessive CCK rate sampling by dropping unsupported sample attempts.
This improves throughput on 2.4 GHz channels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 80df9be67c44cb636bbc92caeddad8caf334c53c ]
Fixes a harmless underflow issue when CCK rates are actively being used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 37439f2d6e43ae79e22be9be159f0af157468f82 ]
mi->supported[MINSTREL_CCK_GROUP] needs to be updated
short preamble rates need to be marked as supported regardless of
whether it's currently enabled. Its state can change at any time without
a rate_update call.
Fixes: 782dda00ab ("mac80211: minstrel_ht: move short preamble check out of get_rate")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 77cbbc35a49b75969d98edce9400beb21720aa39 ]
After masking the he_oper_params, to get the requested values as
integers one must rshift and not lshift. Fix that by using the
le32_get_bits() macro.
Fixes: 41cbb0f5a2 ("mac80211: add support for HE")
Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
[converted to use le32_get_bits()]
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 4152561f5da3fca92af7179dd538ea89e248f9d0 upstream.
Although this shouldn't occur in practice, it's a good idea to bounds
check the length field of the SSID element prior to using it for things
like allocations or memcpy operations.
Cc: <stable@vger.kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Reported-by: Nicolas Waisman <nico@semmle.com>
Signed-off-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20191004095132.15777-1-will@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 8ed31a264065ae92058ce54aa3cc8da8d81dc6d7 ]
If the interface type is P2P_DEVICE or NAN, read the file of
'/sys/kernel/debug/ieee80211/phyx/netdev:wlanx/aqm' will get a
NULL pointer dereference. As for those interface type, the
pointer sdata->vif.txq is NULL.
Unable to handle kernel NULL pointer dereference at virtual address 00000011
CPU: 1 PID: 30936 Comm: cat Not tainted 4.14.104 #1
task: ffffffc0337e4880 task.stack: ffffff800cd20000
PC is at ieee80211_if_fmt_aqm+0x34/0xa0 [mac80211]
LR is at ieee80211_if_fmt_aqm+0x34/0xa0 [mac80211]
[...]
Process cat (pid: 30936, stack limit = 0xffffff800cd20000)
[...]
[<ffffff8000b7cd00>] ieee80211_if_fmt_aqm+0x34/0xa0 [mac80211]
[<ffffff8000b7c414>] ieee80211_if_read+0x60/0xbc [mac80211]
[<ffffff8000b7ccc4>] ieee80211_if_read_aqm+0x28/0x30 [mac80211]
[<ffffff80082eff94>] full_proxy_read+0x2c/0x48
[<ffffff80081eef00>] __vfs_read+0x2c/0xd4
[<ffffff80081ef084>] vfs_read+0x8c/0x108
[<ffffff80081ef494>] SyS_read+0x40/0x7c
Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/r/1569549796-8223-1-git-send-email-miaoqing@codeaurora.org
[trim useless data from commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e6f4051123fd33901e9655a675b22aefcdc5d277 ]
Commit 33d915d9e8ce ("{nl,mac}80211: allow 4addr AP operation on
crypto controlled devices") has introduced a change which allows
4addr operation on crypto controlled devices (ex: ath10k). This
change has inadvertently impacted the interface combinations logic
on such devices.
General rule is that software interfaces like AP/VLAN should not be
listed under supported interface combinations and should not be
considered during validation of these combinations; because of the
aforementioned change, AP/VLAN interfaces(if present) will be checked
against interfaces supported by the device and blocks valid interface
combinations.
Consider a case where an AP and AP/VLAN are up and running; when a
second AP device is brought up on the same physical device, this AP
will be checked against the AP/VLAN interface (which will not be
part of supported interface combinations of the device) and blocks
second AP to come up.
Add a new API cfg80211_iftype_allowed() to fix the problem, this
API works for all devices with/without SW crypto control.
Signed-off-by: Manikanta Pubbisetty <mpubbise@codeaurora.org>
Fixes: 33d915d9e8ce ("{nl,mac}80211: allow 4addr AP operation on crypto controlled devices")
Link: https://lore.kernel.org/r/1563779690-9716-1-git-send-email-mpubbise@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit f8b43c5cf4b62a19f2210a0f5367b84e1eff1ab9 upstream.
The noencrypt flag was intended to be set if the "frame was received
unencrypted" according to include/uapi/linux/nl80211.h. However, the
current behavior is opposite of this.
Cc: stable@vger.kernel.org
Fixes: 018f6fbf54 ("mac80211: Send control port frames over nl80211")
Signed-off-by: Denis Kenzior <denkenz@gmail.com>
Link: https://lore.kernel.org/r/20190827224120.14545-3-denkenz@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit c8a41c6afa27b8c3f61622dfd882b912da9d6721 upstream.
In ieee80211_deliver_skb_to_local_stack intercepts EAPoL frames if
mac80211 is configured to do so and forwards the contents over nl80211.
During this process some additional data is also forwarded, including
whether the frame was received encrypted or not. Unfortunately just
prior to the call to ieee80211_deliver_skb_to_local_stack, skb->cb is
cleared, resulting in incorrect data being exposed over nl80211.
Fixes: 018f6fbf54 ("mac80211: Send control port frames over nl80211")
Cc: stable@vger.kernel.org
Signed-off-by: Denis Kenzior <denkenz@gmail.com>
Link: https://lore.kernel.org/r/20190827224120.14545-2-denkenz@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5fd2f91ad483baffdbe798f8a08f1b41442d1e24 upstream.
If TDLS station addition is rejected, the sta memory is leaked.
Avoid this by moving the check before the allocation.
Cc: stable@vger.kernel.org
Fixes: 7ed5285396c2 ("mac80211: don't initiate TDLS connection if station is not associated to AP")
Link: https://lore.kernel.org/r/20190801073033.7892-1-johannes@sipsolutions.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 05aaa5c97dce4c10a9e7eae2f1569a684e0c5ced upstream.
In a very similar spirit to commit c470bdc1aa ("mac80211: don't WARN
on bad WMM parameters from buggy APs"), an AP may not transmit a
fully-formed WMM IE. For example, it may miss or repeat an Access
Category. The above loop won't catch that and will instead leave one of
the four ACs zeroed out. This triggers the following warning in
drv_conf_tx()
wlan0: invalid CW_min/CW_max: 0/0
and it may leave one of the hardware queues unconfigured. If we detect
such a case, let's just print a warning and fall back to the defaults.
Tested with a hacked version of hostapd, intentionally corrupting the
IEs in hostapd_eid_wmm().
Cc: stable@vger.kernel.org
Signed-off-by: Brian Norris <briannorris@chromium.org>
Link: https://lore.kernel.org/r/20190726224758.210953-1-briannorris@chromium.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit d2b3fe42bc629c2d4002f652b3abdfb2e72991c7 ]
ieee80211_set_wmm_default() normally sets up the initial CW min/max for
each queue, except that it skips doing this if the driver doesn't
support ->conf_tx. We still end up calling drv_conf_tx() in some cases
(e.g., ieee80211_reconfig()), which also still won't do anything
useful...except it complains here about the invalid CW parameters.
Let's just skip the WARN if we weren't going to do anything useful with
the parameters.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Link: https://lore.kernel.org/r/20190718015712.197499-1-briannorris@chromium.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f8891461a277ec0afc493fd30cd975a38048a038 ]
It is not a good idea to try to perform any work (e.g. send an auth
frame) during reconfigure flow.
Prevent this from happening, and at the end of the reconfigure flow
requeue all the works.
Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 563572340173865a9a356e6bb02579e6998a876d ]
In multiple SSID cases, it takes time to prepare every AP interface
to be ready in initializing phase. If a sta already knows everything it
needs to join one of the APs and sends authentication to the AP which
is not fully prepared at this point of time, AP's channel context
could be NULL. As a result, warning message occurs.
Even worse, if the AP is under attack via tools such as MDK3 and massive
authentication requests are received in a very short time, console will
be hung due to kernel warning messages.
WARN_ON_ONCE() could be a better way for indicating warning messages
without duplicate messages to flood the console.
Johannes: We still need to address the underlying problem, but we
don't really have a good handle on it yet. Suppress the
worst side-effects for now.
Signed-off-by: Zhi Chen <zhichen@codeaurora.org>
Signed-off-by: Yibo Zhao <yiboz@codeaurora.org>
[johannes: add note, change subject]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 0112fa557c3bb3a002bc85760dc3761d737264d3 ]
freeing peer keys after vif down is resulting in peer key uninstall
to fail due to interface lookup failure. so fix that.
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f2ffff085d287eec499f1fccd682796ad8010303 ]
spin_lock_bh() is used in table_path_del() but rcu_read_unlock()
is used for unlocking. Fix it by using spin_unlock_bh() instead
of rcu_read_unlock() in the error handling case.
Fixes: b4c3fbe63601 ("mac80211: Use linked list instead of rhashtable walk for mesh tables")
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a71fd9dac23613d96ba3c05619a8ef4fd6cdf9b9 upstream.
ieee80211_aes_gmac() uses the mic argument directly in sg_set_buf() and
that does not allow use of stack memory (e.g., BUG_ON() is hit in
sg_set_buf() with CONFIG_DEBUG_SG). BIP GMAC TX side is fine for this
since it can use the skb data buffer, but the RX side was using a stack
variable for deriving the local MIC value to compare against the
received one.
Fix this by allocating heap memory for the mic buffer.
This was found with hwsim test case ap_cipher_bip_gmac_128 hitting that
BUG_ON() and kernel panic.
Cc: stable@vger.kernel.org
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
