usbip: drop patch n/a to 4.12

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

2 files changed, 0 insertions, 133 deletions

diff --git a/queue/series b/queue/series
index 37f2520..32af363 100644
--- a/queue/series
+++ b/queue/series
@@ -7,7 +7,6 @@ USB-uas-and-storage-Add-US_FL_BROKEN_FUA-for-another.patch
 USB-core-prevent-malicious-bNumInterfaces-overflow.patch
 usbip-fix-stub_rx-get_pipe-to-validate-endpoint-numb.patch
 usbip-fix-stub_rx-harden-CMD_SUBMIT-path-to-handle-m.patch
-usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-.patch
 usbip-fix-stub_send_ret_submit-vulnerability-to-null.patch
 mmc-core-apply-NO_CMD23-quirk-to-some-specific-cards.patch
 ceph-drop-negative-child-dentries-before-try-pruning.patch
diff --git a/queue/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-.patch b/queue/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-.patch
deleted file mode 100644
index 076f83e..0000000
--- a/queue/usbip-prevent-vhci_hcd-driver-from-leaking-a-socket-.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 Mon Sep 17 00:00:00 2001
-From: Shuah Khan <shuahkh@osg.samsung.com>
-Date: Thu, 7 Dec 2017 14:16:49 -0700
-Subject: [PATCH] usbip: prevent vhci_hcd driver from leaking a socket pointer
- address
-
-commit 2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 upstream.
-
-When a client has a USB device attached over IP, the vhci_hcd driver is
-locally leaking a socket pointer address via the
-
-/sys/devices/platform/vhci_hcd/status file (world-readable) and in debug
-output when "usbip --debug port" is run.
-
-Fix it to not leak. The socket pointer address is not used at the moment
-and it was made visible as a convenient way to find IP address from socket
-pointer address by looking up /proc/net/{tcp,tcp6}.
-
-As this opens a security hole, the fix replaces socket pointer address with
-sockfd.
-
-Reported-by: Secunia Research <vuln@secunia.com>
-Cc: stable <stable@vger.kernel.org>
-Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-diff --git a/drivers/usb/usbip/usbip_common.h b/drivers/usb/usbip/usbip_common.h
-index e5de35c8c505..473fb8a87289 100644
---- a/drivers/usb/usbip/usbip_common.h
-+++ b/drivers/usb/usbip/usbip_common.h
-@@ -256,6 +256,7 @@ struct usbip_device {
- 	/* lock for status */
- 	spinlock_t lock;
- 
-+	int sockfd;
- 	struct socket *tcp_socket;
- 
- 	struct task_struct *tcp_rx;
-diff --git a/drivers/usb/usbip/vhci_sysfs.c b/drivers/usb/usbip/vhci_sysfs.c
-index e78f7472cac4..091f76b7196d 100644
---- a/drivers/usb/usbip/vhci_sysfs.c
-+++ b/drivers/usb/usbip/vhci_sysfs.c
-@@ -17,15 +17,20 @@
- 
- /*
-  * output example:
-- * hub port sta spd dev      socket           local_busid
-- * hs  0000 004 000 00000000         c5a7bb80 1-2.3
-+ * hub port sta spd dev       sockfd    local_busid
-+ * hs  0000 004 000 00000000  3         1-2.3
-  * ................................................
-- * ss  0008 004 000 00000000         d8cee980 2-3.4
-+ * ss  0008 004 000 00000000  4         2-3.4
-  * ................................................
-  *
-- * IP address can be retrieved from a socket pointer address by looking
-- * up /proc/net/{tcp,tcp6}. Also, a userland program may remember a
-- * port number and its peer IP address.
-+ * Output includes socket fd instead of socket pointer address to avoid
-+ * leaking kernel memory address in:
-+ *	/sys/devices/platform/vhci_hcd.0/status and in debug output.
-+ * The socket pointer address is not used at the moment and it was made
-+ * visible as a convenient way to find IP address from socket pointer
-+ * address by looking up /proc/net/{tcp,tcp6}. As this opens a security
-+ * hole, the change is made to use sockfd instead.
-+ *
-  */
- static void port_show_vhci(char **out, int hub, int port, struct vhci_device *vdev)
- {
-@@ -39,8 +44,8 @@ static void port_show_vhci(char **out, int hub, int port, struct vhci_device *vd
- 	if (vdev->ud.status == VDEV_ST_USED) {
- 		*out += sprintf(*out, "%03u %08x ",
- 				      vdev->speed, vdev->devid);
--		*out += sprintf(*out, "%16p %s",
--				      vdev->ud.tcp_socket,
-+		*out += sprintf(*out, "%u %s",
-+				      vdev->ud.sockfd,
- 				      dev_name(&vdev->udev->dev));
- 
- 	} else {
-@@ -160,7 +165,8 @@ static ssize_t nports_show(struct device *dev, struct device_attribute *attr,
- 	char *s = out;
- 
- 	/*
--	 * Half the ports are for SPEED_HIGH and half for SPEED_SUPER, thus the * 2.
-+	 * Half the ports are for SPEED_HIGH and half for SPEED_SUPER,
-+	 * thus the * 2.
- 	 */
- 	out += sprintf(out, "%d\n", VHCI_PORTS * vhci_num_controllers);
- 	return out - s;
-@@ -366,6 +372,7 @@ static ssize_t store_attach(struct device *dev, struct device_attribute *attr,
- 
- 	vdev->devid         = devid;
- 	vdev->speed         = speed;
-+	vdev->ud.sockfd     = sockfd;
- 	vdev->ud.tcp_socket = socket;
- 	vdev->ud.status     = VDEV_ST_NOTASSIGNED;
- 
-diff --git a/tools/usb/usbip/libsrc/vhci_driver.c b/tools/usb/usbip/libsrc/vhci_driver.c
-index 627d1dfc332b..c9c81614a66a 100644
---- a/tools/usb/usbip/libsrc/vhci_driver.c
-+++ b/tools/usb/usbip/libsrc/vhci_driver.c
-@@ -50,14 +50,14 @@ static int parse_status(const char *value)
- 
- 	while (*c != '\0') {
- 		int port, status, speed, devid;
--		unsigned long socket;
-+		int sockfd;
- 		char lbusid[SYSFS_BUS_ID_SIZE];
- 		struct usbip_imported_device *idev;
- 		char hub[3];
- 
--		ret = sscanf(c, "%2s  %d %d %d %x %lx %31s\n",
-+		ret = sscanf(c, "%2s  %d %d %d %x %u %31s\n",
- 				hub, &port, &status, &speed,
--				&devid, &socket, lbusid);
-+				&devid, &sockfd, lbusid);
- 
- 		if (ret < 5) {
- 			dbg("sscanf failed: %d", ret);
-@@ -66,7 +66,7 @@ static int parse_status(const char *value)
- 
- 		dbg("hub %s port %d status %d speed %d devid %x",
- 				hub, port, status, speed, devid);
--		dbg("socket %lx lbusid %s", socket, lbusid);
-+		dbg("sockfd %u lbusid %s", sockfd, lbusid);
- 
- 		/* if a device is connected, look at it */
- 		idev = &vhci_driver->idev[port];
--- 
-2.15.0
-