4.9-stable patches

added patches:
	can-kvaser_usb-kvaser_usb_leaf-fix-some-info-leaks-to-usb-devices.patch
	media-dvb_frontend-ensure-that-inital-front-end-status-initialized.patch

diff --git a/queue-4.9/can-kvaser_usb-kvaser_usb_leaf-fix-some-info-leaks-to-usb-devices.patch b/queue-4.9/can-kvaser_usb-kvaser_usb_leaf-fix-some-info-leaks-to-usb-devices.patch
new file mode 100644 (file)
index 0000000..6297c76
--- /dev/null
+++ b/queue-4.9/can-kvaser_usb-kvaser_usb_leaf-fix-some-info-leaks-to-usb-devices.patch
@@ -0,0 +1,54 @@
+From da2311a6385c3b499da2ed5d9be59ce331fa93e9 Mon Sep 17 00:00:00 2001
+From: Xiaolong Huang <butterflyhuangxx@gmail.com>
+Date: Sat, 7 Dec 2019 22:40:24 +0800
+Subject: can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
+
+From: Xiaolong Huang <butterflyhuangxx@gmail.com>
+
+commit da2311a6385c3b499da2ed5d9be59ce331fa93e9 upstream.
+
+Uninitialized Kernel memory can leak to USB devices.
+
+Fix this by using kzalloc() instead of kmalloc().
+
+Signed-off-by: Xiaolong Huang <butterflyhuangxx@gmail.com>
+Fixes: 7259124eac7d ("can: kvaser_usb: Split driver into kvaser_usb_core.c and kvaser_usb_leaf.c")
+Cc: linux-stable <stable@vger.kernel.org> # >= v4.19
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+[bwh: Backported to 4.9: adjust filename, context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/usb/kvaser_usb.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/can/usb/kvaser_usb.c
++++ b/drivers/net/can/usb/kvaser_usb.c
+@@ -791,7 +791,7 @@ static int kvaser_usb_simple_msg_async(s
+       if (!urb)
+               return -ENOMEM;
+ 
+-      buf = kmalloc(sizeof(struct kvaser_msg), GFP_ATOMIC);
++      buf = kzalloc(sizeof(struct kvaser_msg), GFP_ATOMIC);
+       if (!buf) {
+               usb_free_urb(urb);
+               return -ENOMEM;
+@@ -1459,7 +1459,7 @@ static int kvaser_usb_set_opt_mode(const
+       struct kvaser_msg *msg;
+       int rc;
+ 
+-      msg = kmalloc(sizeof(*msg), GFP_KERNEL);
++      msg = kzalloc(sizeof(*msg), GFP_KERNEL);
+       if (!msg)
+               return -ENOMEM;
+ 
+@@ -1592,7 +1592,7 @@ static int kvaser_usb_flush_queue(struct
+       struct kvaser_msg *msg;
+       int rc;
+ 
+-      msg = kmalloc(sizeof(*msg), GFP_KERNEL);
++      msg = kzalloc(sizeof(*msg), GFP_KERNEL);
+       if (!msg)
+               return -ENOMEM;
+ 

diff --git a/queue-4.9/media-dvb_frontend-ensure-that-inital-front-end-status-initialized.patch b/queue-4.9/media-dvb_frontend-ensure-that-inital-front-end-status-initialized.patch
new file mode 100644 (file)
index 0000000..3efcdd6
--- /dev/null
+++ b/queue-4.9/media-dvb_frontend-ensure-that-inital-front-end-status-initialized.patch
@@ -0,0 +1,50 @@
+From a9e4998073d49a762a154a6b48a332ec6cb8e6b1 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Thu, 20 Jul 2017 18:12:07 -0400
+Subject: media: dvb_frontend: ensure that inital front end status initialized
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit a9e4998073d49a762a154a6b48a332ec6cb8e6b1 upstream.
+
+The fe_status variable s is not initialized meaning it can have any
+random garbage status.  This could be problematic if fe->ops.tune is
+false as s is not updated by the call to fe->ops.tune() and a
+subsequent check on the change status will using a garbage value.
+Fix this by adding FE_NONE to the enum fe_status and initializing
+s to this.
+
+Detected by CoverityScan, CID#112887 ("Uninitialized scalar variable")
+
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Reviewed-by: Shuah Khan <shuahkh@osg.samsung.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/dvb-core/dvb_frontend.c |    2 +-
+ include/uapi/linux/dvb/frontend.h     |    1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/media/dvb-core/dvb_frontend.c
++++ b/drivers/media/dvb-core/dvb_frontend.c
+@@ -629,7 +629,7 @@ static int dvb_frontend_thread(void *dat
+       struct dvb_frontend *fe = data;
+       struct dtv_frontend_properties *c = &fe->dtv_property_cache;
+       struct dvb_frontend_private *fepriv = fe->frontend_priv;
+-      enum fe_status s;
++      enum fe_status s = FE_NONE;
+       enum dvbfe_algo algo;
+       bool re_tune = false;
+       bool semheld = false;
+--- a/include/uapi/linux/dvb/frontend.h
++++ b/include/uapi/linux/dvb/frontend.h
+@@ -127,6 +127,7 @@ enum fe_sec_mini_cmd {
+  *                    to reset DiSEqC, tone and parameters
+  */
+ enum fe_status {
++      FE_NONE                 = 0x00,
+       FE_HAS_SIGNAL           = 0x01,
+       FE_HAS_CARRIER          = 0x02,
+       FE_HAS_VITERBI          = 0x04,

diff --git a/queue-4.9/series b/queue-4.9/series
index c889403973c7add8cf105964f9389ba3cfd395c2..5d24573a1577f31158c55e5783f586c7d0d893c5 100644 (file)
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -49,3 +49,5 @@ mm-slub-fix-a-memory-leak-in-sysfs_slab_add.patch
 fat-don-t-allow-to-mount-if-the-fat-length-0.patch
 perf-add-cond_resched-to-task_function_call.patch
 agp-intel-reinforce-the-barrier-after-gtt-updates.patch
+can-kvaser_usb-kvaser_usb_leaf-fix-some-info-leaks-to-usb-devices.patch
+media-dvb_frontend-ensure-that-inital-front-end-status-initialized.patch