Merge 4.19.166 into android-4.19-stable
Changes in 4.19.166 Revert "mtd: spinand: Fix OOB read" dmaengine: at_hdmac: Substitute kzalloc with kmalloc dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate() dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate() kdev_t: always inline major/minor helper functions iio:imu:bmi160: Fix alignment and data leak issues iio:magnetometer:mag3110: Fix alignment and data leak issues. mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start Linux 4.19.166 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib7d0ce70832eb58e4aed2b7b6f29082184f64299
This commit is contained in:
Greg Kroah-Hartman
2
Makefile
2
Makefile
@@ -1,7 +1,7 @@
|
|||||||
# SPDX-License-Identifier: GPL-2.0
|
# SPDX-License-Identifier: GPL-2.0
|
||||||
VERSION = 4
|
VERSION = 4
|
||||||
PATCHLEVEL = 19
|
PATCHLEVEL = 19
|
||||||
SUBLEVEL = 165
|
SUBLEVEL = 166
|
||||||
EXTRAVERSION =
|
EXTRAVERSION =
|
||||||
NAME = "People's Front"
|
NAME = "People's Front"
|
||||||
|
|
||||||
|
|||||||
@@ -1683,9 +1683,11 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec,
|
|||||||
dma_cap_zero(mask);
|
dma_cap_zero(mask);
|
||||||
dma_cap_set(DMA_SLAVE, mask);
|
dma_cap_set(DMA_SLAVE, mask);
|
||||||
|
|
||||||
atslave = kzalloc(sizeof(*atslave), GFP_KERNEL);
|
atslave = kmalloc(sizeof(*atslave), GFP_KERNEL);
|
||||||
if (!atslave)
|
if (!atslave) {
|
||||||
|
put_device(&dmac_pdev->dev);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
atslave->cfg = ATC_DST_H2SEL_HW | ATC_SRC_H2SEL_HW;
|
atslave->cfg = ATC_DST_H2SEL_HW | ATC_SRC_H2SEL_HW;
|
||||||
/*
|
/*
|
||||||
@@ -1714,8 +1716,11 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec,
|
|||||||
atslave->dma_dev = &dmac_pdev->dev;
|
atslave->dma_dev = &dmac_pdev->dev;
|
||||||
|
|
||||||
chan = dma_request_channel(mask, at_dma_filter, atslave);
|
chan = dma_request_channel(mask, at_dma_filter, atslave);
|
||||||
if (!chan)
|
if (!chan) {
|
||||||
|
put_device(&dmac_pdev->dev);
|
||||||
|
kfree(atslave);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
atchan = to_at_dma_chan(chan);
|
atchan = to_at_dma_chan(chan);
|
||||||
atchan->per_if = dma_spec->args[0] & 0xff;
|
atchan->per_if = dma_spec->args[0] & 0xff;
|
||||||
|
|||||||
@@ -110,6 +110,13 @@ enum bmi160_sensor_type {
|
|||||||
|
|
||||||
struct bmi160_data {
|
struct bmi160_data {
|
||||||
struct regmap *regmap;
|
struct regmap *regmap;
|
||||||
|
/*
|
||||||
|
* Ensure natural alignment for timestamp if present.
|
||||||
|
* Max length needed: 2 * 3 channels + 4 bytes padding + 8 byte ts.
|
||||||
|
* If fewer channels are enabled, less space may be needed, as
|
||||||
|
* long as the timestamp is still aligned to 8 bytes.
|
||||||
|
*/
|
||||||
|
__le16 buf[12] __aligned(8);
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct regmap_config bmi160_regmap_config = {
|
const struct regmap_config bmi160_regmap_config = {
|
||||||
@@ -385,8 +392,6 @@ static irqreturn_t bmi160_trigger_handler(int irq, void *p)
|
|||||||
struct iio_poll_func *pf = p;
|
struct iio_poll_func *pf = p;
|
||||||
struct iio_dev *indio_dev = pf->indio_dev;
|
struct iio_dev *indio_dev = pf->indio_dev;
|
||||||
struct bmi160_data *data = iio_priv(indio_dev);
|
struct bmi160_data *data = iio_priv(indio_dev);
|
||||||
__le16 buf[12];
|
|
||||||
/* 2 sens x 3 axis x __le16 + 2 x __le16 pad + 4 x __le16 tstamp */
|
|
||||||
int i, ret, j = 0, base = BMI160_REG_DATA_MAGN_XOUT_L;
|
int i, ret, j = 0, base = BMI160_REG_DATA_MAGN_XOUT_L;
|
||||||
__le16 sample;
|
__le16 sample;
|
||||||
|
|
||||||
@@ -396,10 +401,10 @@ static irqreturn_t bmi160_trigger_handler(int irq, void *p)
|
|||||||
&sample, sizeof(sample));
|
&sample, sizeof(sample));
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto done;
|
goto done;
|
||||||
buf[j++] = sample;
|
data->buf[j++] = sample;
|
||||||
}
|
}
|
||||||
|
|
||||||
iio_push_to_buffers_with_timestamp(indio_dev, buf,
|
iio_push_to_buffers_with_timestamp(indio_dev, data->buf,
|
||||||
iio_get_time_ns(indio_dev));
|
iio_get_time_ns(indio_dev));
|
||||||
done:
|
done:
|
||||||
iio_trigger_notify_done(indio_dev->trig);
|
iio_trigger_notify_done(indio_dev->trig);
|
||||||
|
|||||||
@@ -56,6 +56,12 @@ struct mag3110_data {
|
|||||||
struct mutex lock;
|
struct mutex lock;
|
||||||
u8 ctrl_reg1;
|
u8 ctrl_reg1;
|
||||||
int sleep_val;
|
int sleep_val;
|
||||||
|
/* Ensure natural alignment of timestamp */
|
||||||
|
struct {
|
||||||
|
__be16 channels[3];
|
||||||
|
u8 temperature;
|
||||||
|
s64 ts __aligned(8);
|
||||||
|
} scan;
|
||||||
};
|
};
|
||||||
|
|
||||||
static int mag3110_request(struct mag3110_data *data)
|
static int mag3110_request(struct mag3110_data *data)
|
||||||
@@ -387,10 +393,9 @@ static irqreturn_t mag3110_trigger_handler(int irq, void *p)
|
|||||||
struct iio_poll_func *pf = p;
|
struct iio_poll_func *pf = p;
|
||||||
struct iio_dev *indio_dev = pf->indio_dev;
|
struct iio_dev *indio_dev = pf->indio_dev;
|
||||||
struct mag3110_data *data = iio_priv(indio_dev);
|
struct mag3110_data *data = iio_priv(indio_dev);
|
||||||
u8 buffer[16]; /* 3 16-bit channels + 1 byte temp + padding + ts */
|
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = mag3110_read(data, (__be16 *) buffer);
|
ret = mag3110_read(data, data->scan.channels);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@@ -399,10 +404,10 @@ static irqreturn_t mag3110_trigger_handler(int irq, void *p)
|
|||||||
MAG3110_DIE_TEMP);
|
MAG3110_DIE_TEMP);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto done;
|
goto done;
|
||||||
buffer[6] = ret;
|
data->scan.temperature = ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
iio_push_to_buffers_with_timestamp(indio_dev, buffer,
|
iio_push_to_buffers_with_timestamp(indio_dev, &data->scan,
|
||||||
iio_get_time_ns(indio_dev));
|
iio_get_time_ns(indio_dev));
|
||||||
|
|
||||||
done:
|
done:
|
||||||
|
|||||||
@@ -378,10 +378,6 @@ static int spinand_write_to_cache_op(struct spinand_device *spinand,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (req->ooblen)
|
|
||||||
memcpy(req->oobbuf.in, spinand->oobbuf + req->ooboffs,
|
|
||||||
req->ooblen);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -877,6 +877,8 @@ mwifiex_cmd_802_11_ad_hoc_start(struct mwifiex_private *priv,
|
|||||||
|
|
||||||
memset(adhoc_start->ssid, 0, IEEE80211_MAX_SSID_LEN);
|
memset(adhoc_start->ssid, 0, IEEE80211_MAX_SSID_LEN);
|
||||||
|
|
||||||
|
if (req_ssid->ssid_len > IEEE80211_MAX_SSID_LEN)
|
||||||
|
req_ssid->ssid_len = IEEE80211_MAX_SSID_LEN;
|
||||||
memcpy(adhoc_start->ssid, req_ssid->ssid, req_ssid->ssid_len);
|
memcpy(adhoc_start->ssid, req_ssid->ssid, req_ssid->ssid_len);
|
||||||
|
|
||||||
mwifiex_dbg(adapter, INFO, "info: ADHOC_S_CMD: SSID = %s\n",
|
mwifiex_dbg(adapter, INFO, "info: ADHOC_S_CMD: SSID = %s\n",
|
||||||
|
|||||||
@@ -21,61 +21,61 @@
|
|||||||
})
|
})
|
||||||
|
|
||||||
/* acceptable for old filesystems */
|
/* acceptable for old filesystems */
|
||||||
static inline bool old_valid_dev(dev_t dev)
|
static __always_inline bool old_valid_dev(dev_t dev)
|
||||||
{
|
{
|
||||||
return MAJOR(dev) < 256 && MINOR(dev) < 256;
|
return MAJOR(dev) < 256 && MINOR(dev) < 256;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline u16 old_encode_dev(dev_t dev)
|
static __always_inline u16 old_encode_dev(dev_t dev)
|
||||||
{
|
{
|
||||||
return (MAJOR(dev) << 8) | MINOR(dev);
|
return (MAJOR(dev) << 8) | MINOR(dev);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline dev_t old_decode_dev(u16 val)
|
static __always_inline dev_t old_decode_dev(u16 val)
|
||||||
{
|
{
|
||||||
return MKDEV((val >> 8) & 255, val & 255);
|
return MKDEV((val >> 8) & 255, val & 255);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline u32 new_encode_dev(dev_t dev)
|
static __always_inline u32 new_encode_dev(dev_t dev)
|
||||||
{
|
{
|
||||||
unsigned major = MAJOR(dev);
|
unsigned major = MAJOR(dev);
|
||||||
unsigned minor = MINOR(dev);
|
unsigned minor = MINOR(dev);
|
||||||
return (minor & 0xff) | (major << 8) | ((minor & ~0xff) << 12);
|
return (minor & 0xff) | (major << 8) | ((minor & ~0xff) << 12);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline dev_t new_decode_dev(u32 dev)
|
static __always_inline dev_t new_decode_dev(u32 dev)
|
||||||
{
|
{
|
||||||
unsigned major = (dev & 0xfff00) >> 8;
|
unsigned major = (dev & 0xfff00) >> 8;
|
||||||
unsigned minor = (dev & 0xff) | ((dev >> 12) & 0xfff00);
|
unsigned minor = (dev & 0xff) | ((dev >> 12) & 0xfff00);
|
||||||
return MKDEV(major, minor);
|
return MKDEV(major, minor);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline u64 huge_encode_dev(dev_t dev)
|
static __always_inline u64 huge_encode_dev(dev_t dev)
|
||||||
{
|
{
|
||||||
return new_encode_dev(dev);
|
return new_encode_dev(dev);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline dev_t huge_decode_dev(u64 dev)
|
static __always_inline dev_t huge_decode_dev(u64 dev)
|
||||||
{
|
{
|
||||||
return new_decode_dev(dev);
|
return new_decode_dev(dev);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int sysv_valid_dev(dev_t dev)
|
static __always_inline int sysv_valid_dev(dev_t dev)
|
||||||
{
|
{
|
||||||
return MAJOR(dev) < (1<<14) && MINOR(dev) < (1<<18);
|
return MAJOR(dev) < (1<<14) && MINOR(dev) < (1<<18);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline u32 sysv_encode_dev(dev_t dev)
|
static __always_inline u32 sysv_encode_dev(dev_t dev)
|
||||||
{
|
{
|
||||||
return MINOR(dev) | (MAJOR(dev) << 18);
|
return MINOR(dev) | (MAJOR(dev) << 18);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline unsigned sysv_major(u32 dev)
|
static __always_inline unsigned sysv_major(u32 dev)
|
||||||
{
|
{
|
||||||
return (dev >> 18) & 0x3fff;
|
return (dev >> 18) & 0x3fff;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline unsigned sysv_minor(u32 dev)
|
static __always_inline unsigned sysv_minor(u32 dev)
|
||||||
{
|
{
|
||||||
return dev & 0x3ffff;
|
return dev & 0x3ffff;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user