mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-20 09:31:09 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Larry Finger 5c039a9921 b43legacy: Fix case where channel status is corrupted 
commit ec4d3e3a05 upstream.

This patch fixes commit 75388acd0c ("add mac80211-based driver for
legacy BCM43xx devices")

In https://bugzilla.kernel.org/show_bug.cgi?id=207093, a defect in
b43legacy is reported. Upon testing, thus problem exists on PPC and
X86 platforms, is present in the oldest kernel tested (3.2), and
has been present in the driver since it was first added to the kernel.

The problem is a corrupted channel status received from the device.
Both the internal card in a PowerBook G4 and the PCMCIA version
(Broadcom BCM4306 with PCI ID 14e4:4320) have the problem. Only Rev, 2
(revision 4 of the 802.11 core) of the chip has been tested. No other
devices using b43legacy are available for testing.

Various sources of the problem were considered. Buffer overrun and
other sources of corruption within the driver were rejected because
the faulty channel status is always the same, not a random value.
It was concluded that the faulty data is coming from the device, probably
due to a firmware bug. As that source is not available, the driver
must take appropriate action to recover.

At present, the driver reports the error, and them continues to process
the bad packet. This is believed that to be a mistake, and the correct
action is to drop the correpted packet.

Fixes: 75388acd0c ("add mac80211-based driver for legacy BCM43xx devices")
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-and-tested by: F. Erhard <erhard_f@mailbox.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200407190043.1686-1-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-06-22 09:31:19 +02:00
..
accessibility
acpi ACPI/IORT: Fix PMCG node single ID mapping handling 2020-06-22 09:30:54 +02:00
amba
android binderfs: use refcount for binder control devices too 2020-03-25 08:25:50 +01:00
ata libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set 2020-04-17 10:50:22 +02:00
atm fore200e: Fix incorrect checks of NULL pointer dereference 2020-02-24 08:36:36 +01:00
auxdisplay
base x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation 2020-06-10 20:24:57 +02:00
bcma
block block/floppy: fix contended case in floppy_queue_rq() 2020-06-17 16:40:38 +02:00
bluetooth Bluetooth: hci_bcm: fix freeing not-requested IRQ 2020-06-22 09:31:18 +02:00
bus bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads 2020-04-17 10:49:56 +02:00
cdrom
char agp/intel: Reinforce the barrier after GTT updates 2020-06-17 16:40:36 +02:00
clk PM: runtime: clk: Fix clk_pm_runtime_get() error path 2020-06-17 16:40:30 +02:00
clocksource clocksource: dw_apb_timer_of: Fix missing clockevent timers 2020-06-22 09:30:55 +02:00
connector
counter counter: 104-quad-8: Add lock guards - generic interface 2020-05-02 08:48:44 +02:00
cpufreq cpufreq: Fix up cpufreq_boost_set_sw() 2020-06-17 16:40:33 +02:00
cpuidle cpuidle: Fix three reference count leaks 2020-06-22 09:31:10 +02:00
crypto crypto: stm32/crc32 - fix multi-instance 2020-06-22 09:31:07 +02:00
dax device-dax: don't leak kernel memory to user space after unloading kmem 2020-05-27 17:46:48 +02:00
dca
devfreq PM / devfreq: Add missing locking while setting suspend_freq 2020-05-10 10:31:34 +02:00
dio
dma dmaengine: owl: Use correct lock in owl_dma_get_pchan() 2020-05-27 17:46:43 +02:00
dma-buf dma-buf: Fix SET_NAME ioctl uapi 2020-05-06 08:15:01 +02:00
edac EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable 2020-06-17 16:40:33 +02:00
eisa
extcon extcon: axp288: Add wakeup support 2020-04-08 09:08:43 +02:00
firewire
firmware efi/libstub/x86: Work around LLVM ELF quirk build regression 2020-06-22 09:30:52 +02:00
fpga fpga: dfl: pci: fix return value of cci_pci_sriov_configure 2020-04-29 16:33:22 +02:00
fsi
gnss
gpio gpio: fix locking open drain IRQ lines 2020-06-03 08:21:28 +02:00
gpu drm/amdgpu: Sync with VM root BO when switching VM to CPU update mode 2020-06-22 09:31:08 +02:00
greybus
hid HID: i2c-hid: add Schneider SCL142ALM to descriptor override 2020-06-07 13:18:47 +02:00
hsi
hv Drivers: hv: vmbus: Always handle the VMBus messages on CPU0 2020-06-22 09:31:00 +02:00
hwmon hwmon: (nct7904) Fix incorrect range of temperature limit registers 2020-06-03 08:21:14 +02:00
hwspinlock
hwtracing stm class: sys-t: Fix the use of time_after() 2020-03-25 08:25:56 +01:00
i2c i2c: altera: Fix race between xfer_msg and isr thread 2020-06-07 13:18:50 +02:00
i3c
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:36:53 +01:00
idle
iio iio: adc: stm32-adc: fix a wrong error message when probing interrupts 2020-06-10 20:24:56 +02:00
infiniband RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated 2020-06-17 16:40:22 +02:00
input Input: synaptics - add a second working PNP_ID for Lenovo T470s 2020-06-17 16:40:21 +02:00
interconnect
iommu iommu: Fix reference count leak in iommu_group_alloc. 2020-06-03 08:21:28 +02:00
ipack ipack: tpci200: fix error return code in tpci200_register() 2020-05-27 17:46:47 +02:00
irqchip irqchip/mbigen: Free msi_desc on device teardown 2020-04-23 10:36:20 +02:00
isdn
leds leds: core: Fix warning message when init_data 2020-04-23 10:36:37 +02:00
lightnvm
macintosh macintosh: windfarm: fix MODINFO regression 2020-03-18 07:17:53 +01:00
mailbox
mcb
md bcache: fix refcount underflow in bcache_device_free() 2020-06-22 09:31:09 +02:00
media media: go7007: fix a miss of snd_card_free 2020-06-22 09:31:18 +02:00
memory
memstick
message
mfd mfd: intel-lpss: Use devm_ioremap_uc for MMIO 2020-05-10 10:31:30 +02:00
misc mei: release me_cl object reference 2020-05-27 17:46:47 +02:00
mmc mmc: sdhci-esdhc-imx: fix the mask for tuning start point 2020-06-22 09:31:10 +02:00
mtd mtd: Fix mtd not registered due to nvmem name collision 2020-05-27 17:46:22 +02:00
mux
net b43legacy: Fix case where channel status is corrupted 2020-06-22 09:31:19 +02:00
nfc NFC: st21nfca: add missed kfree_skb() in an error path 2020-06-10 20:24:54 +02:00
ntb
nubus
nvdimm libnvdimm: Out of bounds read in __nd_ioctl() 2020-04-23 10:36:42 +02:00
nvme nvme-tcp: use bh_lock in data_ready 2020-06-22 09:31:04 +02:00
nvmem nvmem: qfprom: remove incorrect write support 2020-06-10 20:24:57 +02:00
of of: overlay: kmemleak in dup_and_fixup_symbol_prop() 2020-04-23 10:36:23 +02:00
opp opp: Free static OPPs on errors while adding them 2020-02-24 08:36:34 +01:00
oprofile
parisc
parport
pci PCI: Program MPS for RCiEP devices 2020-06-22 09:31:17 +02:00
pcmcia
perf drivers/perf: hisi: Fix typo in events attribute array 2020-06-22 09:31:01 +02:00
phy phy: uniphier-usb3ss: Add Pro5 support 2020-04-23 10:36:33 +02:00
pinctrl pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler 2020-05-20 08:20:19 +02:00
platform platform/x86: asus_wmi: Reserve more space for struct bias_args 2020-06-22 09:31:11 +02:00
pnp
power power: supply: axp288_fuel_gauge: Broaden vendor check for Intel Compute Sticks. 2020-04-23 10:36:41 +02:00
powercap
pps
ps3
ptp
pwm pwm: bcm2835: Dynamically allocate base 2020-04-29 16:33:02 +02:00
rapidio rapidio: fix an error in get_user_pages_fast() error handling 2020-05-27 17:46:48 +02:00
ras
regulator regulator: qcom-rpmh: Fix typos in pm8150 and pm8150l 2020-06-22 09:30:58 +02:00
remoteproc remoteproc: Fix and restore the parenting hierarchy for vdev 2020-06-17 16:40:33 +02:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:36:41 +01:00
rpmsg
rtc rtc: 88pm860x: fix possible race condition 2020-04-23 10:36:31 +02:00
s390 s390/ism: fix error return code in ism_probe() 2020-05-20 08:20:26 +02:00
sbus
scsi scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type 2020-06-17 16:40:35 +02:00
sfi
sh
siox
slimbus
soc soc: mediatek: cmdq: return send msg error code 2020-06-03 08:21:19 +02:00
soundwire
spi spi: dw: Return any value retrieved from the dma_transfer callback 2020-06-22 09:31:10 +02:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-19 19:53:07 +01:00
ssb
staging media: cedrus: Program output format during each run 2020-06-22 09:31:18 +02:00
target scsi: target: Put lun_ref at end of tmr processing 2020-05-27 17:46:40 +02:00
tc
tee tee: optee: Fix compilation issue with nommu 2020-02-05 21:22:49 +00:00
thermal thermal: brcmstb_thermal: Do not use DT coefficients 2020-03-05 16:43:50 +01:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 17:22:13 +01:00
tty serial: 8250: Avoid error message on reprobe 2020-06-22 09:31:18 +02:00
uio uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() 2020-02-24 08:36:27 +01:00
usb CDC-ACM: heed quirk also in error handling 2020-06-10 20:24:57 +02:00
vfio vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() 2020-05-06 08:15:14 +02:00
vhost vhost/vsock: fix packet delivery order to monitoring devices 2020-05-27 17:46:31 +02:00
video video: fbdev: w100fb: Fix a potential double free. 2020-06-17 16:40:33 +02:00
virt
virtio virtio_ring: Fix mem leak with vring_new_virtqueue() 2020-03-18 07:17:55 +01:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:36:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:36:48 +01:00
w1
watchdog watchdog: imx_sc_wdt: Fix reboot on crash 2020-06-17 16:40:27 +02:00
xen xen/pvcalls-back: test for errors when calling backend_connect() 2020-06-17 16:40:38 +02:00
zorro
Kconfig
Makefile