rpms/kernel
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

linux v5.4.7

Browse source
This commit is contained in:
Justin Forbes 2019-12-31 18:25:36 -06:00
commit 23912b3a68
7 changed files with 11726 additions and 314 deletions
Download patch file Download diff file Expand all files Collapse all files

40
0001-libertas-fix-a-potential-NULL-pointer-dereference.patch
View file

@ -1,40 +0,0 @@
From 7da413a18583baaf35dd4a8eb414fa410367d7f2 Mon Sep 17 00:00:00 2001
From: Allen Pais <allen.pais@oracle.com>
Date: Wed, 18 Sep 2019 22:05:00 +0530
Subject: [PATCH] libertas: fix a potential NULL pointer dereference
alloc_workqueue is not checked for errors and as a result,
a potential NULL dereference could occur.
Signed-off-by: Allen Pais <allen.pais@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
---
drivers/net/wireless/marvell/libertas/if_sdio.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/wireless/marvell/libertas/if_sdio.c b/drivers/net/wireless/marvell/libertas/if_sdio.c
index 242d8845da3f..30f1025ecb9b 100644
--- a/drivers/net/wireless/marvell/libertas/if_sdio.c
+++ b/drivers/net/wireless/marvell/libertas/if_sdio.c
@@ -1179,6 +1179,10 @@ static int if_sdio_probe(struct sdio_func *func,
spin_lock_init(&card->lock);
card->workqueue = alloc_workqueue("libertas_sdio", WQ_MEM_RECLAIM, 0);
+ if (unlikely(!card->workqueue)) {
+ ret = -ENOMEM;
+ goto err_queue;
+ }
INIT_WORK(&card->packet_worker, if_sdio_host_to_card_worker);
init_waitqueue_head(&card->pwron_waitq);
@@ -1230,6 +1234,7 @@ static int if_sdio_probe(struct sdio_func *func,
lbs_remove_card(priv);
free:
destroy_workqueue(card->workqueue);
+err_queue:
while (card->packets) {
packet = card->packets;
card->packets = card->packets->next;
--
2.23.0

11721
alsa-5.5.patch Normal file
View file

File diff suppressed because it is too large Load diff

17
kernel.spec
View file

@ -56,7 +56,7 @@ Summary: The Linux kernel
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
%define stable_update 6
%define stable_update 7
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@ -555,9 +555,6 @@ Patch500: PATCH-v2-selinux-allow-labeling-before-policy-is-loaded.patch
# https://lkml.org/lkml/2019/8/29/1772
Patch505: ARM-fix-__get_user_check-in-case-uaccess_-calls-are-not-inlined.patch
# CVE-2019-19070 rhbz 1774957 1774958
Patch510: spi-gpio-prevent-memory-leak-in-spi_gpio_probe.patch
# CVE-2019-19068 rhbz 1774963 1774965
Patch511: rtl8xxxu-prevent-leaking-urb.patch
@ -573,12 +570,6 @@ Patch514: ipmi-Fix-memory-leak-in-__ipmi_bmc_register.patch
# CVE-2019-19064 rhbz 1775010 1775011
Patch516: spi-lpspi-fix-memory-leak-in-fsl_lpspi_probe.patch
# CVE-2019-19063 rhbz 1775015 1775016
Patch517: rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch
# CVE-2019-19057 rhbz 1775050 1775051
Patch520: mwifiex-pcie-Fix-memory-leak-in-mwifiex_pcie_init_evt_ring.patch
# CVE-2019-19053 rhbz 1775956 1775110
Patch521: rpmsg-char-release-allocated-memory.patch
@ -607,9 +598,6 @@ Patch531: 0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch
# CVE-2019-18809 rhbz 1777449 1777451
Patch532: 0001-media-usb-fix-memory-leak-in-af9005_identify_state.patch
# CVE-2019-16232 rhbz 1760351 1760352
Patch535: 0001-libertas-fix-a-potential-NULL-pointer-dereference.patch
# ALSA code from v5.5 (Intel ASoC Sound Open Firmware driver support)
Patch600: alsa-5.5.patch
@ -1860,6 +1848,9 @@ fi
#
#
%changelog
* Tue Dec 31 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 5.4.7-100
- Linux v5.4.7
* Mon Dec 30 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 5.4.6-100
- Linux v5.4.6 rebase

111
mwifiex-pcie-Fix-memory-leak-in-mwifiex_pcie_init_evt_ring.patch
View file

@ -1,111 +0,0 @@
From patchwork Fri Oct 4 20:16:48 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Navid Emamdoost <navid.emamdoost@gmail.com>
X-Patchwork-Id: 11175265
X-Patchwork-Delegate: kvalo@adurom.com
Return-Path: <SRS0=IBNP=X5=vger.kernel.org=linux-wireless-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
[172.30.200.123])
by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8B95B16B1
for <patchwork-linux-wireless@patchwork.kernel.org>;
Fri, 4 Oct 2019 20:17:03 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id 695CE222BE
for <patchwork-linux-wireless@patchwork.kernel.org>;
Fri, 4 Oct 2019 20:17:03 +0000 (UTC)
Authentication-Results: mail.kernel.org;
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=gmail.com header.i=@gmail.com header.b="eKzyOkdw"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1731313AbfJDUQ7 (ORCPT
<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
Fri, 4 Oct 2019 16:16:59 -0400
Received: from mail-io1-f66.google.com ([209.85.166.66]:38177 "EHLO
mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1727978AbfJDUQ7 (ORCPT
<rfc822;linux-wireless@vger.kernel.org>);
Fri, 4 Oct 2019 16:16:59 -0400
Received: by mail-io1-f66.google.com with SMTP id u8so16270784iom.5;
Fri, 04 Oct 2019 13:16:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=from:to:cc:subject:date:message-id;
bh=hT/oExY7ats1AqepuNnxgrg+W5xUde0ZFah/AwhjxeA=;
b=eKzyOkdwTVgDQ2K7yVdvbQpQ2Y5o9gQHjf1ZLs/0TtknuoSEf88gRE3B/VgSXRe2nM
MaPWiP+DFmtmMOa4V+/fIXuzmU7h0LfbH92QwqYCh6xpzlPF6Y4etarqtYGFwcN8YIFh
KTbhy9t0/3m87L4UKRDIPV+aiyoEDLA1YrY+pxytqsh/8wTp82JG4WTVt4pgwk2YsDFT
TYQK7y3xY2D8O2nwUROYE+zlwF6oua9EA/ixXRVx4CRlh/lRFc124Qw5TlMD2GZdMIPJ
3GHq32K5Z1F8XMQnUSU6+WxybmUN18B736DtQMDHjjnt70M8oCb/qgoMbH3Bx6xDBx4t
mwIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id;
bh=hT/oExY7ats1AqepuNnxgrg+W5xUde0ZFah/AwhjxeA=;
b=OCKRhcqw7kz4tZ/5U2VB84zj0RK/HtQHQ0/BUR0GLJMYOM7HJ1WBdSXnPtJs7UfIX1
+C4Eq7PaUUpYg+OTWL+BOB7HpPh2AWvmoN/pElS49IYwKCcF9gUb/yfz1ZPSZBZrILg5
pLgkiiBqoKOaUgVMzBGUs53mAhE7h0RuUDK3i3lptARoQDhVnRCk3HW6uz9G1pjCG6+m
nOC9rnGsphMQZ30AbdG6u8z1oVH+F63nWumldsiz4sNMs++qwDXS5a9ho2EjS9cZwCnL
c3V0vn5HgDqWWVwakE75xEnYAmApdEOC+BtAw6/zMFPMGWoDI98gN1u2ej7Ig6VZ3sDY
GmXA==
X-Gm-Message-State: APjAAAUvXc/AEaa09LdQbBGOHXwA82YLzxvRaRqZB1BY9YQoSNU4yJRa
7zybbZ/DYfKfmszLK0NP4Vs=
X-Google-Smtp-Source:
APXvYqzNrXPxTps0mq67LtrgFhdE+kz3sXZyk7jqXZoSLFBjfwzONVFvHnNSmdK/pmDZR02HMuSgCw==
X-Received: by 2002:a6b:6e02:: with SMTP id d2mr5637516ioh.8.1570220218662;
Fri, 04 Oct 2019 13:16:58 -0700 (PDT)
Received: from cs-dulles.cs.umn.edu (cs-dulles.cs.umn.edu. [128.101.35.54])
by smtp.googlemail.com with ESMTPSA id
o5sm2830180ilc.68.2019.10.04.13.16.57
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 04 Oct 2019 13:16:58 -0700 (PDT)
From: Navid Emamdoost <navid.emamdoost@gmail.com>
Cc: emamd001@umn.edu, kjlu@umn.edu, smccaman@umn.edu,
Navid Emamdoost <navid.emamdoost@gmail.com>,
Amitkumar Karwar <amitkarwar@gmail.com>,
Nishant Sarmukadam <nishants@marvell.com>,
Ganapathi Bhat <gbhat@marvell.com>,
Xinming Hu <huxinming820@gmail.com>,
Kalle Valo <kvalo@codeaurora.org>,
"David S. Miller" <davem@davemloft.net>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
Date: Fri, 4 Oct 2019 15:16:48 -0500
Message-Id: <20191004201649.25087-1-navid.emamdoost@gmail.com>
X-Mailer: git-send-email 2.17.1
To: unlisted-recipients:; (no To-header on input)
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
In mwifiex_pcie_init_evt_ring, a new skb is allocated which should be
released if mwifiex_map_pci_memory() fails. The release for skb and
card->evtbd_ring_vbase is added.
Fixes: 0732484b47b5 ("mwifiex: separate ring initialization and ring creation routines")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Acked-by: Ganapathi Bhat <gbhat@marvell.com>
---
drivers/net/wireless/marvell/mwifiex/pcie.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
index eff06d59e9df..096334e941a1 100644
--- a/drivers/net/wireless/marvell/mwifiex/pcie.c
+++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
@@ -687,8 +687,11 @@ static int mwifiex_pcie_init_evt_ring(struct mwifiex_adapter *adapter)
skb_put(skb, MAX_EVENT_SIZE);
if (mwifiex_map_pci_memory(adapter, skb, MAX_EVENT_SIZE,
- PCI_DMA_FROMDEVICE))
+ PCI_DMA_FROMDEVICE)) {
+ kfree_skb(skb);
+ kfree(card->evtbd_ring_vbase);
return -1;
+ }
buf_pa = MWIFIEX_SKB_DMA_ADDR(skb);

110
rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch
View file

@ -1,110 +0,0 @@
From patchwork Wed Sep 25 01:20:21 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Navid Emamdoost <navid.emamdoost@gmail.com>
X-Patchwork-Id: 1131161
Return-Path: <SRS0=wETr=XU=vger.kernel.org=linux-kernel-owner@kernel.org>
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
by smtp.lore.kernel.org (Postfix) with ESMTP id BC591C432C1
for <linux-kernel@archiver.kernel.org>; Wed, 25 Sep 2019 01:20:44 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mail.kernel.org (Postfix) with ESMTP id 8BCDC2146E
for <linux-kernel@archiver.kernel.org>; Wed, 25 Sep 2019 01:20:44 +0000 (UTC)
Authentication-Results: mail.kernel.org;
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=gmail.com header.i=@gmail.com header.b="SWiOz5xt"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S2411353AbfIYBUn (ORCPT
<rfc822;linux-kernel@archiver.kernel.org>);
Tue, 24 Sep 2019 21:20:43 -0400
Received: from mail-io1-f68.google.com ([209.85.166.68]:33885 "EHLO
mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S2392379AbfIYBUn (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 24 Sep 2019 21:20:43 -0400
Received: by mail-io1-f68.google.com with SMTP id q1so9351551ion.1;
Tue, 24 Sep 2019 18:20:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=from:to:cc:subject:date:message-id;
bh=mQUUiLblrejWrKd0KlOdzOcENXF40rH5GYEM9TuaSS4=;
b=SWiOz5xtaFHfAe7qhrZOfB3XaTTABaRoUA2WkntQTu6mZLAPtLqltcn1HSz4FOVdmc
C4hiQS6HxKitVmGPHJR6BnOiAdmb8p/ke41JsAiVtxDyJj/EtgPgcn000LqwSw2XXpRs
aJsehFF9sM31eMjJ3jPJMVhf1moysCBTI8rG+6ARu4tg//7sLz/cZpWsKuTFtLA41S2X
Moj049CPHidyuiCC+TLFAA4dTAVT1wk5YorB1e+xMSVKHkW4g3k4FuVp38c12CmbT13R
wsO2tqJ0iRFy2a/3SfO203+i0XYenfEQ/WWVu5ywTPrwX422oKO4PeywgDE5pL7ILA7N
5lXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id;
bh=mQUUiLblrejWrKd0KlOdzOcENXF40rH5GYEM9TuaSS4=;
b=PVpA/fyBIdoLH3ctyZntsZiwJLKRkFCP/mefxIVWehzdNs+J01dhg9UvthHik8uSD0
WAfXOKljH2T6Dz6LC8B/araiwV5iwm9zy3h1VlfLlervg6lYtMtGN8XfNFJccvIcoFIf
0rOQal8NWpkvib3lEqdVdolhDogapBQWxjPQApj9tuYkO3JWOpr994A5Legt0Ha/Mdpg
iLum0KUzciv2wLRhPIGTis08rgOJQbuV/lWNmEkCqbS6tSlvN/HH7apJEJU+Xm1vfhqB
SB2zOsviArNFeNhb/VpZyY329Au5/aGwh06J3nI6xfxyUSWEDCs24g1LN/PL7ESZvquK
+kzg==
X-Gm-Message-State: APjAAAWn+51fVnTld2M5xyo/OXfdxePecAEGRlXft7qNHI0Gnp9EyVgR
otCkul6uMkwDI6M6UjbBXIo20ZwJqcc=
X-Google-Smtp-Source:
APXvYqwYH0op/7MmCPiM8xAfMsxn7k8FX5LrV/HLNynk01ydo/cjks9o5mJOS8EhqcleAu7Y+qfNeQ==
X-Received: by 2002:a02:5ec4:: with SMTP id
h187mr2345350jab.101.1569374442036;
Tue, 24 Sep 2019 18:20:42 -0700 (PDT)
Received: from cs-dulles.cs.umn.edu (cs-dulles.cs.umn.edu. [128.101.35.54])
by smtp.googlemail.com with ESMTPSA id
r12sm28225ilq.70.2019.09.24.18.20.41
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 24 Sep 2019 18:20:41 -0700 (PDT)
From: Navid Emamdoost <navid.emamdoost@gmail.com>
Cc: emamd001@umn.edu, smccaman@umn.edu, kjlu@umn.edu,
Navid Emamdoost <navid.emamdoost@gmail.com>,
Ping-Ke Shih <pkshih@realtek.com>,
Kalle Valo <kvalo@codeaurora.org>,
"David S. Miller" <davem@davemloft.net>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] rtlwifi: prevent memory leak in rtl_usb_probe
Date: Tue, 24 Sep 2019 20:20:21 -0500
Message-Id: <20190925012022.13727-1-navid.emamdoost@gmail.com>
X-Mailer: git-send-email 2.17.1
To: unlisted-recipients:; (no To-header on input)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
In rtl_usb_probe if allocation for usb_data fails the allocated hw
should be released. In addition the allocated rtlpriv->usb_data should
be released on error handling path.
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
---
drivers/net/wireless/realtek/rtlwifi/usb.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 4b59f3b46b28..348b0072cdd6 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1021,8 +1021,10 @@ int rtl_usb_probe(struct usb_interface *intf,
rtlpriv->hw = hw;
rtlpriv->usb_data = kcalloc(RTL_USB_MAX_RX_COUNT, sizeof(u32),
GFP_KERNEL);
- if (!rtlpriv->usb_data)
+ if (!rtlpriv->usb_data) {
+ ieee80211_free_hw(hw);
return -ENOMEM;
+ }
/* this spin lock must be initialized early */
spin_lock_init(&rtlpriv->locks.usb_lock);
@@ -1083,6 +1085,7 @@ int rtl_usb_probe(struct usb_interface *intf,
_rtl_usb_io_handler_release(hw);
usb_put_dev(udev);
complete(&rtlpriv->firmware_loading_complete);
+ kfree(rtlpriv->usb_data);
return -ENODEV;
}
EXPORT_SYMBOL(rtl_usb_probe);

2
sources
View file

@ -1,2 +1,2 @@
SHA512 (linux-5.4.tar.xz) = 9f60f77e8ab972b9438ac648bed17551c8491d6585a5e85f694b2eaa4c623fbc61eb18419b2656b6795eac5deec0edaa04547fc6723fbda52256bd7f3486898f
SHA512 (patch-5.4.6.xz) = 6f6d73c7ce71d47e810847149f4c258f5fb99c98fc67d385a3ff74889543a415bf8bb77c748a13f72b733bca770773731d84713a9be98d630b7377a792f11f5a
SHA512 (patch-5.4.7.xz) = 396eaf9fe88045e6e308cbe8e72217b3334b637bfa7e85f8d27cc4dd8e3d94c6f58d2b7b3e237defcf647d500610b85780ec2e21f1d91ac41c5f4ef3e74dc161

39
spi-gpio-prevent-memory-leak-in-spi_gpio_probe.patch
View file

@ -1,39 +0,0 @@
From d3b0ffa1d75d5305ebe34735598993afbb8a869d Mon Sep 17 00:00:00 2001
From: Navid Emamdoost <navid.emamdoost@gmail.com>
Date: Mon, 30 Sep 2019 15:52:40 -0500
Subject: spi: gpio: prevent memory leak in spi_gpio_probe
In spi_gpio_probe an SPI master is allocated via spi_alloc_master, but
this controller should be released if devm_add_action_or_reset fails,
otherwise memory leaks. In order to avoid leak spi_contriller_put must
be called in case of failure for devm_add_action_or_reset.
Fixes: 8b797490b4db ("spi: gpio: Make sure spi_master_put() is called in every error path")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Link: https://lore.kernel.org/r/20190930205241.5483-1-navid.emamdoost@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
---
drivers/spi/spi-gpio.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
(limited to 'drivers/spi/spi-gpio.c')
diff --git a/drivers/spi/spi-gpio.c b/drivers/spi/spi-gpio.c
index 1d3e23ec20a6..f9c5bbb74714 100644
--- a/drivers/spi/spi-gpio.c
+++ b/drivers/spi/spi-gpio.c
@@ -371,8 +371,10 @@ static int spi_gpio_probe(struct platform_device *pdev)
return -ENOMEM;
status = devm_add_action_or_reset(&pdev->dev, spi_gpio_put, master);
- if (status)
+ if (status) {
+ spi_master_put(master);
return status;
+ }
if (of_id)
status = spi_gpio_probe_dt(pdev, master);
--
cgit 1.2-0.3.lf.el7