--- /dev/null
+From cd11d1a6114bd4bc6450ae59f6e110ec47362126 Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee.jones@linaro.org>
+Date: Fri, 8 Jul 2022 08:40:09 +0100
+Subject: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
+
+From: Lee Jones <lee.jones@linaro.org>
+
+commit cd11d1a6114bd4bc6450ae59f6e110ec47362126 upstream.
+
+It is possible for a malicious device to forgo submitting a Feature
+Report. The HID Steam driver presently makes no prevision for this
+and de-references the 'struct hid_report' pointer obtained from the
+HID devices without first checking its validity. Let's change that.
+
+Cc: Jiri Kosina <jikos@kernel.org>
+Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Cc: linux-input@vger.kernel.org
+Fixes: c164d6abf3841 ("HID: add driver for Valve Steam Controller")
+Signed-off-by: Lee Jones <lee.jones@linaro.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hid/hid-steam.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/hid/hid-steam.c
++++ b/drivers/hid/hid-steam.c
+@@ -134,6 +134,11 @@ static int steam_recv_report(struct stea
+ int ret;
+
+ r = steam->hdev->report_enum[HID_FEATURE_REPORT].report_id_hash[0];
++ if (!r) {
++ hid_err(steam->hdev, "No HID_FEATURE_REPORT submitted - nothing to read\n");
++ return -EINVAL;
++ }
++
+ if (hid_report_len(r) < 64)
+ return -EINVAL;
+
+@@ -165,6 +170,11 @@ static int steam_send_report(struct stea
+ int ret;
+
+ r = steam->hdev->report_enum[HID_FEATURE_REPORT].report_id_hash[0];
++ if (!r) {
++ hid_err(steam->hdev, "No HID_FEATURE_REPORT submitted - nothing to read\n");
++ return -EINVAL;
++ }
++
+ if (hid_report_len(r) < 64)
+ return -EINVAL;
+
--- /dev/null
+From foo@baz Thu Sep 1 01:06:14 PM CEST 2022
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Thu, 1 Sep 2022 13:01:03 +0200
+Subject: Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit c968af565ca6c18b2f2af60fc1493c8db15abb3c which is
+commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 upstream.
+
+It is reported to cause problems, so drop it from the stable trees for
+now until it gets sorted out.
+
+Link: https://lore.kernel.org/r/47b775c5-57fa-5edf-b59e-8a9041ffbee7@candelatech.com
+Reported-by: Ben Greear <greearb@candelatech.com>
+Cc: Stefan Roese <sr@denx.de>
+Cc: Bjorn Helgaas <bhelgaas@google.com>
+Cc: Pali Rohár <pali@kernel.org>
+Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
+Cc: Bharat Kumar Gogada <bharat.kumar.gogada@xilinx.com>
+Cc: Michal Simek <michal.simek@xilinx.com>
+Cc: Yao Hongbo <yaohongbo@linux.alibaba.com>
+Cc: Naveen Naidu <naveennaidu479@gmail.com>
+Cc: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/pcie/portdrv_core.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/drivers/pci/pcie/portdrv_core.c
++++ b/drivers/pci/pcie/portdrv_core.c
+@@ -222,8 +222,15 @@ static int get_port_device_capability(st
+
+ #ifdef CONFIG_PCIEAER
+ if (dev->aer_cap && pci_aer_available() &&
+- (pcie_ports_native || host->native_aer))
++ (pcie_ports_native || host->native_aer)) {
+ services |= PCIE_PORT_SERVICE_AER;
++
++ /*
++ * Disable AER on this port in case it's been enabled by the
++ * BIOS (the AER service driver will enable it when necessary).
++ */
++ pci_disable_pcie_error_reporting(dev);
++ }
+ #endif
+
+ /* Root Ports and Root Complex Event Collectors may generate PMEs */
io_uring-fix-uaf-due-to-missing-pollfree-handling.patch
kbuild-fix-include-path-in-scripts-makefile.modpost.patch
bluetooth-l2cap-fix-build-errors-in-some-archs.patch
+revert-pci-portdrv-don-t-disable-aer-reporting-in-get_port_device_capability.patch
+hid-steam-prevent-null-pointer-dereference-in-steam_-recv-send-_report.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
