mirror of
https://github.com/openwrt/openwrt.git
synced 2025-02-04 18:21:07 +00:00
1d94f72439
Rebased patches:
* generic: 273-batman-adv-Convert-packet.h-to-uapi-header.patch
* ipq806x: 0065-arm-override-compiler-flags.patch
* mvebu: 513-arm64-dts-marvell-armada37xx-Add-emmc-sdio-pinctrl-d.patch
Removed patches:
Fixed upstream:
* ar71xx: 821-serial-core-add-support-for-boot-console-with-arbitr.patch
* ath79: 921-serial-core-add-support-for-boot-console-with-arbitr.patch
- in 4.14.256 via 9112e7ef87149b3d8093e7446d784117f6e18d69
* mvebu: 527-PCI-aardvark-allow-to-specify-link-capability.patch
- in 4.14.257 via 62a3dc9b65a2b24800fc4267b8cf590fad135034
* mvebu: 524-PCI-aardvark-set-host-and-device-to-the-same-MAX-payload-size.patch
- should be hopefully fixed by the bunch of changes in .256 and .257
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Fixes: CVE-2021-3640
Signed-off-by: Petr Štetiar <ynezz@true.cz>
58 lines
1.7 KiB
Diff
58 lines
1.7 KiB
Diff
--- a/drivers/ata/libata-core.c
|
|
+++ b/drivers/ata/libata-core.c
|
|
@@ -1598,6 +1598,14 @@ unsigned ata_exec_internal_sg(struct ata
|
|
return AC_ERR_SYSTEM;
|
|
}
|
|
|
|
+ if (ap->ops->acquire_hw && !ap->ops->acquire_hw(ap, 0, 0)) {
|
|
+ spin_unlock_irqrestore(ap->lock, flags);
|
|
+ if (!ap->ops->acquire_hw(ap, 1, (2*HZ))) {
|
|
+ return AC_ERR_TIMEOUT;
|
|
+ }
|
|
+ spin_lock_irqsave(ap->lock, flags);
|
|
+ }
|
|
+
|
|
/* initialize internal qc */
|
|
|
|
/* XXX: Tag 0 is used for drivers with legacy EH as some
|
|
@@ -5166,6 +5174,9 @@ struct ata_queued_cmd *ata_qc_new_init(s
|
|
if (unlikely(ap->pflags & ATA_PFLAG_FROZEN))
|
|
return NULL;
|
|
|
|
+ if (ap->ops->qc_new && ap->ops->qc_new(ap))
|
|
+ return NULL;
|
|
+
|
|
/* libsas case */
|
|
if (ap->flags & ATA_FLAG_SAS_HOST) {
|
|
tag = ata_sas_allocate_tag(ap);
|
|
@@ -5211,6 +5222,8 @@ void ata_qc_free(struct ata_queued_cmd *
|
|
qc->tag = ATA_TAG_POISON;
|
|
if (ap->flags & ATA_FLAG_SAS_HOST)
|
|
ata_sas_free_tag(tag, ap);
|
|
+ if (ap->ops->qc_free)
|
|
+ ap->ops->qc_free(qc);
|
|
}
|
|
}
|
|
|
|
--- a/include/linux/libata.h
|
|
+++ b/include/linux/libata.h
|
|
@@ -925,6 +925,8 @@ struct ata_port_operations {
|
|
enum ata_completion_errors (*qc_prep)(struct ata_queued_cmd *qc);
|
|
unsigned int (*qc_issue)(struct ata_queued_cmd *qc);
|
|
bool (*qc_fill_rtf)(struct ata_queued_cmd *qc);
|
|
+ int (*qc_new)(struct ata_port *ap);
|
|
+ void (*qc_free)(struct ata_queued_cmd *qc);
|
|
|
|
/*
|
|
* Configuration and exception handling
|
|
@@ -1015,6 +1017,9 @@ struct ata_port_operations {
|
|
void (*phy_reset)(struct ata_port *ap);
|
|
void (*eng_timeout)(struct ata_port *ap);
|
|
|
|
+ int (*acquire_hw)(struct ata_port *ap, int may_sleep,
|
|
+ int timeout_jiffies);
|
|
+
|
|
/*
|
|
* ->inherits must be the last field and all the preceding
|
|
* fields must be pointers.
|