commit ad326970d25cc85128cd22d62398751ad072efff Author: Greg Kroah-Hartman Date: Sat Oct 17 10:12:58 2020 +0200 Linux 4.19.152 Tested-by: Pavel Machek (CIP) Tested-by: Jon Hunter Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Link: https://lore.kernel.org/r/20201016090437.301376476@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman commit e2c5f02307795960c595bf5a9fef4fc3b0cb858d Author: Dominik Przychodni Date: Mon Aug 31 11:59:59 2020 +0100 crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA commit 45cb6653b0c355fc1445a8069ba78a4ce8720511 upstream. Return -EINVAL for authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)) and authenc(hmac(sha512),cbc(aes)) if the cipher length is not multiple of the AES block. This is to prevent an undefined device behaviour. Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface") Cc: Signed-off-by: Dominik Przychodni [giovanni.cabiddu@intel.com: reworded commit message] Signed-off-by: Giovanni Cabiddu Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman commit fc86d27bdb53384b97f317272efdff70efb0c839 Author: Herbert Xu Date: Fri Oct 2 17:55:22 2020 +1000 crypto: bcm - Verify GCM/CCM key length in setkey commit 10a2f0b311094ffd45463a529a410a51ca025f27 upstream. The setkey function for GCM/CCM algorithms didn't verify the key length before copying the key and subtracting the salt length. This patch delays the copying of the key til after the verification has been done. It also adds checks on the key length to ensure that it's at least as long as the salt. Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver") Cc: Reported-by: kiyin(尹亮) Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman commit bc9c21f81faf4df23dcc11b2bc1b6d3bc00b0d84 Author: Arnaud Patard Date: Fri Aug 2 10:32:40 2019 +0200 drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case commit d934423ac26ed373dfe089734d505dca5ff679b6 upstream. Orion5.x systems are still using machine files and not device-tree. Commit 96cb4342382290c9 ("net: mvmdio: allow up to three clocks to be specified for orion-mdio") has replaced devm_clk_get() with of_clk_get(), leading to a oops at boot and not working network, as reported in https://lists.debian.org/debian-arm/2019/07/msg00088.html and possibly in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908712. Link: https://lists.debian.org/debian-arm/2019/07/msg00088.html Fixes: 96cb4342382290c9 ("net: mvmdio: allow up to three clocks to be specified for orion-mdio") Signed-off-by: Arnaud Patard Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 9fd231b255b7e81330969cb6d97782bbf0888f13 Author: Jan Kara Date: Wed Sep 30 17:08:20 2020 +0200 reiserfs: Fix oops during mount commit c2bb80b8bdd04dfe32364b78b61b6a47f717af52 upstream. With suitably crafted reiserfs image and mount command reiserfs will crash when trying to verify that XATTR_ROOT directory can be looked up in / as that recurses back to xattr code like: xattr_lookup+0x24/0x280 fs/reiserfs/xattr.c:395 reiserfs_xattr_get+0x89/0x540 fs/reiserfs/xattr.c:677 reiserfs_get_acl+0x63/0x690 fs/reiserfs/xattr_acl.c:209 get_acl+0x152/0x2e0 fs/posix_acl.c:141 check_acl fs/namei.c:277 [inline] acl_permission_check fs/namei.c:309 [inline] generic_permission+0x2ba/0x550 fs/namei.c:353 do_inode_permission fs/namei.c:398 [inline] inode_permission+0x234/0x4a0 fs/namei.c:463 lookup_one_len+0xa6/0x200 fs/namei.c:2557 reiserfs_lookup_privroot+0x85/0x1e0 fs/reiserfs/xattr.c:972 reiserfs_fill_super+0x2b51/0x3240 fs/reiserfs/super.c:2176 mount_bdev+0x24f/0x360 fs/super.c:1417 Fix the problem by bailing from reiserfs_xattr_get() when xattrs are not yet initialized. CC: stable@vger.kernel.org Reported-by: syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 0364aee683c37679ae91f7bf9e399c5cd6eba126 Author: Jan Kara Date: Mon Sep 21 15:08:50 2020 +0200 reiserfs: Initialize inode keys properly commit 4443390e08d34d5771ab444f601cf71b3c9634a4 upstream. reiserfs_read_locked_inode() didn't initialize key length properly. Use _make_cpu_key() macro for key initialization so that all key member are properly initialized. CC: stable@vger.kernel.org Reported-by: syzbot+d94d02749498bb7bab4b@syzkaller.appspotmail.com Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 2b00a51112f47080471c6e576ae33a54fcee715c Author: Mychaela N. Falconia Date: Wed Sep 16 01:56:29 2020 +0000 USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters commit 6cf87e5edd9944e1d3b6efd966ea401effc304ee upstream. There exist many FT2232-based JTAG+UART adapter designs in which FT2232 Channel A is used for JTAG and Channel B is used for UART. The best way to handle them in Linux is to have the ftdi_sio driver create a ttyUSB device only for Channel B and not for Channel A: a ttyUSB device for Channel A would be bogus and will disappear as soon as the user runs OpenOCD or other applications that access Channel A for JTAG from userspace, causing undesirable noise for users. The ftdi_sio driver already has a dedicated quirk for such JTAG+UART FT2232 adapters, and it requires assigning custom USB IDs to such adapters and adding these IDs to the driver with the ftdi_jtag_quirk applied. Boutique hardware manufacturer Falconia Partners LLC has created a couple of JTAG+UART adapter designs (one buffered, one unbuffered) as part of FreeCalypso project, and this hardware is specifically made to be used with Linux hosts, with the intent that Channel A will be accessed only from userspace via appropriate applications, and that Channel B will be supported by the ftdi_sio kernel driver, presenting a standard ttyUSB device to userspace. Toward this end the hardware manufacturer will be programming FT2232 EEPROMs with custom USB IDs, specifically with the intent that these IDs will be recognized by the ftdi_sio driver with the ftdi_jtag_quirk applied. Signed-off-by: Mychaela N. Falconia [johan: insert in PID order and drop unused define] Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit cd86e2ee197dc2065ad84b73cb1db44f8e920dfd Author: Scott Chen Date: Thu Sep 24 14:27:45 2020 +0800 USB: serial: pl2303: add device-id for HP GC device commit 031f9664f8f9356cee662335bc56c93d16e75665 upstream. This is adds a device id for HP LD381 which is a pl2303GC-base device. Signed-off-by: Scott Chen Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit a9a19989b45a183925cd7790f25d44bc7f181d6d Author: Anant Thazhemadam Date: Sat Oct 10 13:59:32 2020 +0530 staging: comedi: check validity of wMaxPacketSize of usb endpoints found commit e1f13c879a7c21bd207dc6242455e8e3a1e88b40 upstream. While finding usb endpoints in vmk80xx_find_usb_endpoints(), check if wMaxPacketSize = 0 for the endpoints found. Some devices have isochronous endpoints that have wMaxPacketSize = 0 (as required by the USB-2 spec). However, since this doesn't apply here, wMaxPacketSize = 0 can be considered to be invalid. Reported-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com Tested-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com Signed-off-by: Anant Thazhemadam Cc: stable Link: https://lore.kernel.org/r/20201010082933.5417-1-anant.thazhemadam@gmail.com Signed-off-by: Greg Kroah-Hartman Signed-off-by: Greg Kroah-Hartman commit aa803a62b3e2c0d7e5d6a50c2a24724721df0b39 Author: Leonid Bloch Date: Sun Oct 4 18:58:13 2020 +0300 USB: serial: option: Add Telit FT980-KS composition commit 924a9213358fb92fa3c3225d6d042aa058167405 upstream. This commit adds the following Telit FT980-KS composition: 0x1054: rndis, diag, adb, nmea, modem, modem, aux AT commands can be sent to /dev/ttyUSB2. Signed-off-by: Leonid Bloch Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/ce86bc05-f4e2-b199-0cdc-792715e3f275@asocscloud.com Link: https://lore.kernel.org/r/20201004155813.2342-1-lb.workbox@gmail.com Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit 32f09ec40aa0c7e511c97ac40a96d727c3708a0f Author: Wilken Gottwalt Date: Sat Oct 3 11:40:29 2020 +0200 USB: serial: option: add Cellient MPL200 card commit 3e765cab8abe7f84cb80d4a7a973fc97d5742647 upstream. Add usb ids of the Cellient MPL200 card. Signed-off-by: Wilken Gottwalt Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/3db5418fe9e516f4b290736c5a199c9796025e3c.1601715478.git.wilken.gottwalt@mailbox.org Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit d4503a3fd3bbf8ddecddb4d71be7110d7651eb8a Author: Oliver Neukum Date: Thu Sep 24 11:14:10 2020 +0200 media: usbtv: Fix refcounting mixup commit bf65f8aabdb37bc1a785884374e919477fe13e10 upstream. The premature free in the error path is blocked by V4L refcounting, not USB refcounting. Thanks to Ben Hutchings for review. [v2] corrected attributions Signed-off-by: Oliver Neukum Fixes: 50e704453553 ("media: usbtv: prevent double free in error case") CC: stable@vger.kernel.org Reported-by: Ben Hutchings Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman commit c1ad9bb3b04725c5c9a593abb1657e8a89c62fd7 Author: Luiz Augusto von Dentz Date: Wed May 20 14:20:14 2020 -0700 Bluetooth: Disconnect if E0 is used for Level 4 commit 8746f135bb01872ff412d408ea1aa9ebd328c1f5 upstream. E0 is not allowed with Level 4: BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C page 1319: '128-bit equivalent strength for link and encryption keys required using FIPS approved algorithms (E0 not allowed, SAFER+ not allowed, and P-192 not allowed; encryption key not shortened' SC enabled: > HCI Event: Read Remote Extended Features (0x23) plen 13 Status: Success (0x00) Handle: 256 Page: 1/2 Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Secure Simple Pairing (Host Support) LE Supported (Host) Secure Connections (Host Support) > HCI Event: Encryption Change (0x08) plen 4 Status: Success (0x00) Handle: 256 Encryption: Enabled with AES-CCM (0x02) SC disabled: > HCI Event: Read Remote Extended Features (0x23) plen 13 Status: Success (0x00) Handle: 256 Page: 1/2 Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Secure Simple Pairing (Host Support) LE Supported (Host) > HCI Event: Encryption Change (0x08) plen 4 Status: Success (0x00) Handle: 256 Encryption: Enabled with E0 (0x01) [May 8 20:23] Bluetooth: hci0: Invalid security: expect AES but E0 was used < HCI Command: Disconnect (0x01|0x0006) plen 3 Handle: 256 Reason: Authentication Failure (0x05) Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Cc: Hans-Christian Noren Egtvedt Signed-off-by: Greg Kroah-Hartman commit 3882085f1faf02932d9a69fb76adb76335c22a83 Author: Patrick Steinhardt Date: Wed Jul 15 19:43:33 2020 +0200 Bluetooth: Fix update of connection state in `hci_encrypt_cfm` commit 339ddaa626995bc6218972ca241471f3717cc5f4 upstream. Starting with the upgrade to v5.8-rc3, I've noticed I wasn't able to connect to my Bluetooth headset properly anymore. While connecting to the device would eventually succeed, bluetoothd seemed to be confused about the current connection state where the state was flapping hence and forth. Bisecting this issue led to commit 3ca44c16b0dc (Bluetooth: Consolidate encryption handling in hci_encrypt_cfm, 2020-05-19), which refactored `hci_encrypt_cfm` to also handle updating the connection state. The commit in question changed the code to call `hci_connect_cfm` inside `hci_encrypt_cfm` and to change the connection state. But with the conversion, we now only update the connection state if a status was set already. In fact, the reverse should be true: the status should be updated if no status is yet set. So let's fix the isuse by reversing the condition. Fixes: 3ca44c16b0dc ("Bluetooth: Consolidate encryption handling in hci_encrypt_cfm") Signed-off-by: Patrick Steinhardt Acked-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman commit 0c75831bc108ec23c663d969181a4dd7e4b651bb Author: Luiz Augusto von Dentz Date: Tue May 19 13:25:19 2020 -0700 Bluetooth: Consolidate encryption handling in hci_encrypt_cfm commit 3ca44c16b0dcc764b641ee4ac226909f5c421aa3 upstream. This makes hci_encrypt_cfm calls hci_connect_cfm in case the connection state is BT_CONFIG so callers don't have to check the state. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Cc: Hans-Christian Noren Egtvedt Signed-off-by: Greg Kroah-Hartman commit 7b2e80606a5dead486a9f0bff5da5ac818842e2e Author: Luiz Augusto von Dentz Date: Thu Aug 6 11:17:14 2020 -0700 Bluetooth: MGMT: Fix not checking if BT_HS is enabled commit b560a208cda0297fef6ff85bbfd58a8f0a52a543 upstream. This checks if BT_HS is enabled relecting it on MGMT_SETTING_HS instead of always reporting it as supported. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman commit 360f80e34292dbe91c23e893f90cd357aff8b68a Author: Luiz Augusto von Dentz Date: Thu Aug 6 11:17:12 2020 -0700 Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel commit f19425641cb2572a33cb074d5e30283720bd4d22 upstream. Only sockets will have the chan->data set to an actual sk, channels like A2MP would have its own data which would likely cause a crash when calling sk_filter, in order to fix this a new callback has been introduced so channels can implement their own filtering if necessary. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman commit 128278f444ab3a0d38759c4935092d256edc77d0 Author: Luiz Augusto von Dentz Date: Thu Aug 6 11:17:11 2020 -0700 Bluetooth: A2MP: Fix not initializing all members commit eddb7732119d53400f48a02536a84c509692faa8 upstream. This fixes various places where a stack variable is used uninitialized. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman commit 23759ba06279602c611a4349096ac0699c949b64 Author: Jason A. Donenfeld Date: Mon Jun 17 13:29:19 2019 +0100 ARM: 8867/1: vdso: pass --be8 to linker if necessary [ Upstream commit c5d0e49e8d8f1a23034fdf8e935afc0c8f7ae27d ] The commit fe00e50b2db8 ("ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO") removed the passing of CFLAGS, since ld doesn't take those directly. However, prior, big-endian ARM was relying on gcc to translate its -mbe8 option into ld's --be8 option. Lacking this, ld generated be32 code, making the VDSO generate SIGILL when called by userspace. This commit passes --be8 if CONFIG_CPU_ENDIAN_BE8 is enabled. Signed-off-by: Jason A. Donenfeld Cc: Masahiro Yamada Cc: Arnd Bergmann Cc: Ard Biesheuvel Signed-off-by: Russell King Signed-off-by: Sasha Levin commit 444a6d0fe930838444abf7c9ff5175f93e1a5d72 Author: Dmitry Golovin Date: Tue Nov 19 16:39:42 2019 +0100 ARM: 8939/1: kbuild: use correct nm executable [ Upstream commit 29c623d64f0dcd6aa10e0eabd16233e77114090b ] Since $(NM) variable can be easily overridden for the whole build, it's better to use it instead of $(CROSS_COMPILE)nm. The use of $(CROSS_COMPILE) prefixed variables where their calculated equivalents can be used is incorrect. This fixes issues with builds where $(NM) is set to llvm-nm. Link: https://github.com/ClangBuiltLinux/linux/issues/766 Signed-off-by: Dmitry Golovin Suggested-by: Nick Desaulniers Cc: Matthias Maennich Reviewed-by: Nathan Chancellor Tested-by: Nathan Chancellor Reviewed-by: Masahiro Yamada Reviewed-by: Nick Desaulniers Signed-off-by: Russell King Signed-off-by: Sasha Levin commit e7f04b0725ff3e2781a080dd34b76b2d5a447ef1 Author: Masahiro Yamada Date: Thu Apr 18 10:57:49 2019 +0100 ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO [ Upstream commit fe00e50b2db8c60e4ec90befad1f5bab8ca2c800 ] We use $(LD) to link vmlinux, modules, decompressors, etc. VDSO is the only exceptional case where $(CC) is used as the linker driver, but I do not know why we need to do so. VDSO uses a special linker script, and does not link standard libraries at all. I changed the Makefile to use $(LD) rather than $(CC). I confirmed the same vdso.so.raw was still produced. Users will be able to use their favorite linker (e.g. lld instead of of bfd) by passing LD= from the command line. My plan is to rewrite all VDSO Makefiles to use $(LD), then delete cc-ldoption. Signed-off-by: Masahiro Yamada Reviewed-by: Nick Desaulniers Signed-off-by: Russell King Signed-off-by: Sasha Levin commit b801d568c7d85f816f1afb6e869f069c3ebe8b66 Author: Leo Yan Date: Tue May 5 21:36:42 2020 +0800 perf cs-etm: Move definition of 'traceid_list' global variable from header file commit 168200b6d6ea0cb5765943ec5da5b8149701f36a upstream. The variable 'traceid_list' is defined in the header file cs-etm.h, if multiple C files include cs-etm.h the compiler might complaint for multiple definition of 'traceid_list'. To fix multiple definition error, move the definition of 'traceid_list' into cs-etm.c. Fixes: cd8bfd8c973e ("perf tools: Add processing of coresight metadata") Reported-by: Thomas Backlund Signed-off-by: Leo Yan Reviewed-by: Mathieu Poirier Reviewed-by: Mike Leach Tested-by: Mike Leach Tested-by: Thomas Backlund Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Suzuki Poulouse Cc: Tor Jeremiassen Cc: linux-arm-kernel@lists.infradead.org Link: http://lore.kernel.org/lkml/20200505133642.4756-1-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo Cc: Paul Barker Signed-off-by: Greg Kroah-Hartman