diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-11-25 12:20:44 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-11-25 12:20:44 +0100 |
commit | 10bad4dff4727c1646fc4c93ec6084bfad0a5ed4 (patch) | |
tree | cdc6aac8d86252f9f499100d3dd3d7296c0e0ce0 | |
parent | 9b63b56d618718df378eacf2288e579f71f3d66b (diff) | |
download | queue-3.18-10bad4dff4727c1646fc4c93ec6084bfad0a5ed4.tar.gz |
drop patches already applied
-rw-r--r-- | ax88172a-fix-information-leak-on-short-answers.patch | 32 | ||||
-rw-r--r-- | series | 11 | ||||
-rw-r--r-- | slip-fix-memory-leak-in-slip_open-error-path.patch | 55 |
3 files changed, 0 insertions, 98 deletions
diff --git a/ax88172a-fix-information-leak-on-short-answers.patch b/ax88172a-fix-information-leak-on-short-answers.patch deleted file mode 100644 index 91e06d7..0000000 --- a/ax88172a-fix-information-leak-on-short-answers.patch +++ /dev/null @@ -1,32 +0,0 @@ -From foo@baz Mon 18 Nov 2019 09:22:09 AM CET -From: Oliver Neukum <oneukum@suse.com> -Date: Thu, 14 Nov 2019 11:16:01 +0100 -Subject: ax88172a: fix information leak on short answers - -From: Oliver Neukum <oneukum@suse.com> - -[ Upstream commit a9a51bd727d141a67b589f375fe69d0e54c4fe22 ] - -If a malicious device gives a short MAC it can elicit up to -5 bytes of leaked memory out of the driver. We need to check for -ETH_ALEN instead. - -Reported-by: syzbot+a8d4acdad35e6bbca308@syzkaller.appspotmail.com -Signed-off-by: Oliver Neukum <oneukum@suse.com> -Signed-off-by: David S. Miller <davem@davemloft.net> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - drivers/net/usb/ax88172a.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/drivers/net/usb/ax88172a.c -+++ b/drivers/net/usb/ax88172a.c -@@ -243,7 +243,7 @@ static int ax88172a_bind(struct usbnet * - - /* Get the MAC address */ - ret = asix_read_cmd(dev, AX_CMD_READ_NODE_ID, 0, 0, ETH_ALEN, buf); -- if (ret < 0) { -+ if (ret < ETH_ALEN) { - netdev_err(dev->net, "Failed to read MAC address: %d\n", ret); - goto free; - } @@ -1,11 +0,0 @@ -ax88172a-fix-information-leak-on-short-answers.patch -slip-fix-memory-leak-in-slip_open-error-path.patch -alsa-usb-audio-fix-missing-error-check-at-mixer-resolution-test.patch -alsa-usb-audio-not-submit-urb-for-stopped-endpoint.patch -input-ff-memless-kill-timer-in-destroy.patch -x86-quirks-disable-hpet-on-intel-coffe-lake-platforms.patch -mm-memcg-switch-to-css_tryget-in-get_mem_cgroup_from_mm.patch -mm-hugetlb-switch-to-css_tryget-in-hugetlb_cgroup_charge_cgroup.patch -slcan-fix-memory-leak-in-error-path.patch -net-cdc_ncm-signedness-bug-in-cdc_ncm_set_dgram_size.patch -libata-have-ata_scsi_rw_xlat-fail-invalid-passthrough-requests.patch diff --git a/slip-fix-memory-leak-in-slip_open-error-path.patch b/slip-fix-memory-leak-in-slip_open-error-path.patch deleted file mode 100644 index 19d6f4c..0000000 --- a/slip-fix-memory-leak-in-slip_open-error-path.patch +++ /dev/null @@ -1,55 +0,0 @@ -From foo@baz Mon 18 Nov 2019 09:22:09 AM CET -From: Jouni Hogander <jouni.hogander@unikie.com> -Date: Wed, 13 Nov 2019 13:45:02 +0200 -Subject: slip: Fix memory leak in slip_open error path - -From: Jouni Hogander <jouni.hogander@unikie.com> - -[ Upstream commit 3b5a39979dafea9d0cd69c7ae06088f7a84cdafa ] - -Driver/net/can/slcan.c is derived from slip.c. Memory leak was detected -by Syzkaller in slcan. Same issue exists in slip.c and this patch is -addressing the leak in slip.c. - -Here is the slcan memory leak trace reported by Syzkaller: - -BUG: memory leak unreferenced object 0xffff888067f65500 (size 4096): - comm "syz-executor043", pid 454, jiffies 4294759719 (age 11.930s) - hex dump (first 32 bytes): - 73 6c 63 61 6e 30 00 00 00 00 00 00 00 00 00 00 slcan0.......... - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ - backtrace: - [<00000000a06eec0d>] __kmalloc+0x18b/0x2c0 - [<0000000083306e66>] kvmalloc_node+0x3a/0xc0 - [<000000006ac27f87>] alloc_netdev_mqs+0x17a/0x1080 - [<0000000061a996c9>] slcan_open+0x3ae/0x9a0 - [<000000001226f0f9>] tty_ldisc_open.isra.1+0x76/0xc0 - [<0000000019289631>] tty_set_ldisc+0x28c/0x5f0 - [<000000004de5a617>] tty_ioctl+0x48d/0x1590 - [<00000000daef496f>] do_vfs_ioctl+0x1c7/0x1510 - [<0000000059068dbc>] ksys_ioctl+0x99/0xb0 - [<000000009a6eb334>] __x64_sys_ioctl+0x78/0xb0 - [<0000000053d0332e>] do_syscall_64+0x16f/0x580 - [<0000000021b83b99>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 - [<000000008ea75434>] 0xfffffffffffffff - -Cc: "David S. Miller" <davem@davemloft.net> -Cc: Oliver Hartkopp <socketcan@hartkopp.net> -Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com> -Signed-off-by: Jouni Hogander <jouni.hogander@unikie.com> -Signed-off-by: David S. Miller <davem@davemloft.net> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - drivers/net/slip/slip.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/drivers/net/slip/slip.c -+++ b/drivers/net/slip/slip.c -@@ -860,6 +860,7 @@ err_free_chan: - sl->tty = NULL; - tty->disc_data = NULL; - clear_bit(SLF_INUSE, &sl->flags); -+ free_netdev(sl->dev); - - err_exit: - rtnl_unlock(); |