Home Home > GIT Browse > SLE11-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichal Hocko <mhocko@suse.com>2019-01-14 12:59:48 +0100
committerMichal Hocko <mhocko@suse.com>2019-01-14 12:59:48 +0100
commit16e2270e1acbbf507dbf92148a9c9f24c387b6f3 (patch)
treeaef8d8b78864b3b12ceed7d1f274254b5a048dcd
parent1a062b417090bd7426260654afe0fc449ebd8ea5 (diff)
Revert "- patches.suse/0001-USB-check-usb_get_extra_descriptor-for-proper-size-F.patch:"
This reverts commit 2cb1f2c23d7c2cec24545d9b8c50089318834b83 as it breaks build on 32b.
-rw-r--r--patches.suse/0001-USB-check-usb_get_extra_descriptor-for-proper-size-F.patch115
-rw-r--r--series.conf1
2 files changed, 0 insertions, 116 deletions
diff --git a/patches.suse/0001-USB-check-usb_get_extra_descriptor-for-proper-size-F.patch b/patches.suse/0001-USB-check-usb_get_extra_descriptor-for-proper-size-F.patch
deleted file mode 100644
index 613532bb2b..0000000000
--- a/patches.suse/0001-USB-check-usb_get_extra_descriptor-for-proper-size-F.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From a5bbd694fa41d1117c6fec90a72e4baa67572d58 Mon Sep 17 00:00:00 2001
-From: Oliver Neukum <oneukum@suse.com>
-Date: Tue, 18 Dec 2018 14:52:56 +0100
-Subject: [PATCH] USB: check usb_get_extra_descriptor for proper size (For
- SUSE)
-Patch-mainline: Never (the upstream version breaks kABI)
-References: bsc#1119714 CVE-2018-20169
-
-This is an adaptation of the upstream fix:
-
-commit 704620afc70cf47abb9d6a1a57f3825d2bca49cf
-Author: Mathias Payer <mathias.payer@nebelwelt.net>
-Date: Wed Dec 5 21:19:59 2018 +0100
-
- USB: check usb_get_extra_descriptor for proper size
-
- When reading an extra descriptor, we need to properly check the minimum
- and maximum size allowed, to prevent from invalid data being sent by a
- device.
-
-As it relies on changing a macro we cannot use it as such. Old code
-must keep running and compiling, albeit at the unavoidable drawback
-of keeping the system vulnerable.
-Hence the old buggy version is kept and a clean _suse_ version is
-introduced.
-
-Signed-off-by: Oliver Neukum <oneukum@suse.com>
----
- drivers/usb/core/hub.c | 4 ++--
- drivers/usb/core/usb.c | 32 +++++++++++++++++++++++++++++++-
- include/linux/usb.h | 6 ++++--
- 3 files changed, 37 insertions(+), 5 deletions(-)
-
---- a/drivers/usb/core/hub.c
-+++ b/drivers/usb/core/hub.c
-@@ -1686,9 +1686,9 @@ static int usb_enumerate_device_otg(stru
- struct usb_bus *bus = udev->bus;
-
- /* descriptor may appear anywhere in config */
-- if (__usb_get_extra_descriptor (udev->rawdescriptors[0],
-+ if (__usb_sue_get_extra_descriptor (udev->rawdescriptors[0],
- le16_to_cpu(udev->config[0].desc.wTotalLength),
-- USB_DT_OTG, (void **) &desc) == 0) {
-+ USB_DT_OTG, (void **) &desc, sizeof(*desc)) == 0) {
- if (desc->bmAttributes & USB_OTG_HNP) {
- unsigned port1 = udev->portnum;
-
---- a/drivers/usb/core/usb.c
-+++ b/drivers/usb/core/usb.c
-@@ -681,10 +681,11 @@ int __usb_get_extra_descriptor(char *buf
- {
- struct usb_descriptor_header *header;
-
-+ WARN_ONCE(1, KERN_CRIT"An external module is leaving this system open to CVE-2018-20169\n ");
- while (size >= sizeof(struct usb_descriptor_header)) {
- header = (struct usb_descriptor_header *)buffer;
-
-- if (header->bLength < 2) {
-+ if (header->bLength < 2 || header->bLength > size) {
- printk(KERN_ERR
- "%s: bogus descriptor, type %d length %d\n",
- usbcore_name,
-@@ -1145,6 +1146,35 @@ static void __exit usb_exit(void)
- usb_debugfs_cleanup();
- }
-
-+int __usb_suse_get_extra_descriptor(char *buffer, unsigned size,
-+ unsigned char type, void **ptr, size_t minsize)
-+{
-+ struct usb_descriptor_header *header;
-+
-+ while (size >= sizeof(struct usb_descriptor_header)) {
-+ header = (struct usb_descriptor_header *)buffer;
-+
-+ if (header->bLength < 2 || header->bLength > size) {
-+ printk(KERN_ERR
-+ "%s: bogus descriptor, type %d length %d\n",
-+ usbcore_name,
-+ header->bDescriptorType,
-+ header->bLength);
-+ return -1;
-+ }
-+
-+ if (header->bDescriptorType == type && header->bLength >= minsize) {
-+ *ptr = header;
-+ return 0;
-+ }
-+
-+ buffer += header->bLength;
-+ size -= header->bLength;
-+ }
-+ return -1;
-+}
-+EXPORT_SYMBOL_GPL(__usb_suse_get_extra_descriptor);
-+
- subsys_initcall(usb_init);
- module_exit(usb_exit);
- MODULE_LICENSE("GPL");
---- a/include/linux/usb.h
-+++ b/include/linux/usb.h
-@@ -308,10 +308,12 @@ struct usb_host_config {
-
- int __usb_get_extra_descriptor(char *buffer, unsigned size,
- unsigned char type, void **ptr);
-+int __usb_suse_get_extra_descriptor(char *buffer, unsigned size,
-+ unsigned char type, void **ptr, size_t min);
- #define usb_get_extra_descriptor(ifpoint, type, ptr) \
-- __usb_get_extra_descriptor((ifpoint)->extra, \
-+ __usb_suse_get_extra_descriptor((ifpoint)->extra, \
- (ifpoint)->extralen, \
-- type, (void **)ptr)
-+ type, (void **)ptr, sizeof(**(ptr)))
-
- /* ----------------------------------------------------------------------- */
-
diff --git a/series.conf b/series.conf
index b54ea7dee6..f1e6e64441 100644
--- a/series.conf
+++ b/series.conf
@@ -4400,7 +4400,6 @@
#ugly stuff
patches.fixes/avoid_ehci_xhci_switch_for_BT_PB430.patch
patches.fixes/0001-Do-not-switch-webcams-in-some-HP-ProBooks-to-XHCI.patch
- patches.suse/0001-USB-check-usb_get_extra_descriptor-for-proper-size-F.patch
#wdm patches
patches.drivers/0002-USB-cdc-wdm-sanitize-error-returns.patch