Rebuild with bluetooth and efivar hotfixes

3 files changed, 113 insertions, 1 deletions

diff --git a/0003-Bluetooth-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch b/0003-Bluetooth-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch
new file mode 100644
index 0000000..f6bebdd
--- /dev/null
+++ b/0003-Bluetooth-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch
@@ -0,0 +1,48 @@
+From 4264c74c96e7907b60ee6ed82670317d19ed7ebe Mon Sep 17 00:00:00 2001
+From: Edward Vear <edwardvear@gmail.com>
+Date: Tue, 27 Oct 2020 00:02:03 -0700
+Subject: Bluetooth: Fix attempting to set RPA timeout when unsupported
+
+During controller initialization, an LE Set RPA Timeout command is sent
+to the controller if supported. However, the value checked to determine
+if the command is supported is incorrect. Page 1921 of the Bluetooth
+Core Spec v5.2 shows that bit 2 of octet 35 of the Supported_Commands
+field corresponds to the LE Set RPA Timeout command, but currently
+bit 6 of octet 35 is checked. This patch checks the correct value
+instead.
+
+This issue led to the error seen in the following btmon output during
+initialization of an adapter (rtl8761b) and prevented initialization
+from completing.
+
+< HCI Command: LE Set Resolvable Private Address Timeout (0x08|0x002e) plen 2
+        Timeout: 900 seconds
+> HCI Event: Command Complete (0x0e) plen 4
+      LE Set Resolvable Private Address Timeout (0x08|0x002e) ncmd 2
+        Status: Unsupported Remote Feature / Unsupported LMP Feature (0x1a)
+= Close Index: 00:E0:4C:6B:E5:03
+
+The error did not appear when running with this patch.
+
+Signed-off-by: Edward Vear <edwardvear@gmail.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+---
+ net/bluetooth/hci_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
+index be9cdf5dabe5..30a5267af490 100644
+--- a/net/bluetooth/hci_core.c
++++ b/net/bluetooth/hci_core.c
+@@ -763,7 +763,7 @@ static int hci_init3_req(struct hci_request *req, unsigned long opt)
+ 			hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
+ 		}
+ 
+-		if (hdev->commands[35] & 0x40) {
++		if (hdev->commands[35] & 0x04) {
+ 			__le16 rpa_timeout = cpu_to_le16(hdev->rpa_timeout);
+ 
+ 			/* Set RPA timeout */
+-- 
+cgit v1.2.3-1-gf6bb5
+
diff --git a/0004-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch b/0004-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
new file mode 100644
index 0000000..6589b85
--- /dev/null
+++ b/0004-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
@@ -0,0 +1,58 @@
+From a163474e9b86c2c25f20733385d8b1d6de492a7f Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Wed, 25 Nov 2020 08:45:55 +0100
+Subject: efivarfs: revert "fix memory leak in efivarfs_create()"
+
+The memory leak addressed by commit fe5186cf12e3 is a false positive:
+all allocations are recorded in a linked list, and freed when the
+filesystem is unmounted. This leads to double frees, and as reported
+by David, leads to crashes if SLUB is configured to self destruct when
+double frees occur.
+
+So drop the redundant kfree() again, and instead, mark the offending
+pointer variable so the allocation is ignored by kmemleak.
+
+Cc: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
+Fixes: fe5186cf12e3 ("efivarfs: fix memory leak in efivarfs_create()")
+Reported-by: David Laight <David.Laight@aculab.com>
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+---
+ fs/efivarfs/inode.c | 2 ++
+ fs/efivarfs/super.c | 1 -
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/efivarfs/inode.c b/fs/efivarfs/inode.c
+index 96c0c86f3fff..0297ad95eb5c 100644
+--- a/fs/efivarfs/inode.c
++++ b/fs/efivarfs/inode.c
+@@ -7,6 +7,7 @@
+ #include <linux/efi.h>
+ #include <linux/fs.h>
+ #include <linux/ctype.h>
++#include <linux/kmemleak.h>
+ #include <linux/slab.h>
+ #include <linux/uuid.h>
+ 
+@@ -103,6 +104,7 @@ static int efivarfs_create(struct inode *dir, struct dentry *dentry,
+ 	var->var.VariableName[i] = '\0';
+ 
+ 	inode->i_private = var;
++	kmemleak_ignore(var);
+ 
+ 	err = efivar_entry_add(var, &efivarfs_list);
+ 	if (err)
+diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
+index f943fd0b0699..15880a68faad 100644
+--- a/fs/efivarfs/super.c
++++ b/fs/efivarfs/super.c
+@@ -21,7 +21,6 @@ LIST_HEAD(efivarfs_list);
+ static void efivarfs_evict_inode(struct inode *inode)
+ {
+ 	clear_inode(inode);
+-	kfree(inode->i_private);
+ }
+ 
+ static const struct super_operations efivarfs_ops = {
+-- 
+cgit v1.2.3-1-gf6bb5
+
diff --git a/PKGBUILD b/PKGBUILD
index 1636588..ce98980 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -31,7 +31,7 @@ _ckpatchversion=ck1
   else
     pkgver=${_supver}.${_majver}.${_minver}
   fi
-pkgrel=1
+pkgrel=2
 pkgdesc='Linux-ck'
 url='https://kernel.org'
 #url='http://ck.kolivas.org/patches/'
@@ -48,6 +48,8 @@ source=(
   https://www.kernel.org/pub/linux/kernel/v${_supver}.x/${_srcname}.tar.{xz,sign}
   0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
   0002-Bluetooth-Fix-LL-PRivacy-BLE-device-fails-to-connect.patch
+  0003-Bluetooth-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch
+  0004-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
   linux-ck-patch-${_supver}.${_majver}-${_ckpatchversion}.xz::http://ck.kolivas.org/patches/${_supver}.0/${_supver}.${_majver}/${_supver}.${_majver}-${_ckpatchversion}/patch-${_supver}.${_majver}-${_ckpatchversion}.xz
   kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz
   ath9k-regdom-hack.patch
@@ -64,6 +66,8 @@ b2sums=('fbcf8b93e4a37e0f45c2de4275ecdfdb80ade1a6cf7e2b62cb331cce2d8fc247eedc14c
         'SKIP'
         'c1e9177debee553e03873dff9293e7a21a53297fc4b3df8b9f54a8839cf1c7d6803945fc7d64676fe8c04cb54ef331b59c4348fbc9915060162177be503d9e96'
         '647c9a8580f3f716e39e0bc086acff1fc34d3592011c931c8e00259c395cdd7fff94d71b963cd87850b8e0f67dd31b719ce4f1cc855e553e42a5694ff6bd53dc'
+        '6729b31b33dc2dc8ee6222ae3782d31bd567e002ee9655f7453ec80c6deda247153b59b9c71f0c60095e491165ab1c8c7bdbff5cc538e9ea920bec889870edec'
+        'e71dc75ea9d5c20c88672dfb094e18527bde7a4afb095d2060e9dcf58f3acfb762643dabae736496539aac8772c47aea0ee0857a40ef44e1e5521882d200b7ff'
         'c19099ad66168db4608dee44e1913c07c035bc002a91267abc2e1eadf1788ddb5be3b17e3fdfeddcba96526dfa2b9fcc43a5dd0f8236d94c864e6477924a6718'
         '7f1eb5938472f57748216bd00e0c875feab99fc1c5cb89babfea467ee30ca5c8e9fc5a691efe2e602bef1ea79820c5383822d7cec354b48d23321ccda8ee8127'
         'b6ef77035611139fa9a6d5b8d30570e2781bb4da483bb569884b0bd0129b62e0b82a5a6776fefe43fee801c70d39de1ea4d4c177f7cedd5ac135e3c64f7b895a'
@@ -89,6 +93,8 @@ prepare() {
   echo "Applying hotfixes"
   patch -p1 -i ../0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
   patch -p1 -i ../0002-Bluetooth-Fix-LL-PRivacy-BLE-device-fails-to-connect.patch
+  patch -p1 -i ../0003-Bluetooth-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch
+  patch -p1 -i ../0004-efivarfs-revert-fix-memory-leak-in-efivarfs_create.patch
   patch -p1 -i ../sphinx-workaround.patch