From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 1 Sep 2022 11:11:21 +0000 (+0200)
Subject: 5.15-stable patches
X-Git-Tag: v4.9.327~41
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=82443ab6d287f80edd32edf2201a209efbb0ecbf;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	hid-steam-prevent-null-pointer-dereference-in-steam_-recv-send-_report.patch
	revert-pci-portdrv-don-t-disable-aer-reporting-in-get_port_device_capability.patch
---

diff --git a/queue-5.15/hid-steam-prevent-null-pointer-dereference-in-steam_-recv-send-_report.patch b/queue-5.15/hid-steam-prevent-null-pointer-dereference-in-steam_-recv-send-_report.patch
new file mode 100644
index 00000000000..6f1ed22b689
--- /dev/null
+++ b/queue-5.15/hid-steam-prevent-null-pointer-dereference-in-steam_-recv-send-_report.patch
@@ -0,0 +1,51 @@
+From cd11d1a6114bd4bc6450ae59f6e110ec47362126 Mon Sep 17 00:00:00 2001
+From: Lee Jones <lee.jones@linaro.org>
+Date: Fri, 8 Jul 2022 08:40:09 +0100
+Subject: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
+
+From: Lee Jones <lee.jones@linaro.org>
+
+commit cd11d1a6114bd4bc6450ae59f6e110ec47362126 upstream.
+
+It is possible for a malicious device to forgo submitting a Feature
+Report.  The HID Steam driver presently makes no prevision for this
+and de-references the 'struct hid_report' pointer obtained from the
+HID devices without first checking its validity.  Let's change that.
+
+Cc: Jiri Kosina <jikos@kernel.org>
+Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Cc: linux-input@vger.kernel.org
+Fixes: c164d6abf3841 ("HID: add driver for Valve Steam Controller")
+Signed-off-by: Lee Jones <lee.jones@linaro.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hid/hid-steam.c |   10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/hid/hid-steam.c
++++ b/drivers/hid/hid-steam.c
+@@ -134,6 +134,11 @@ static int steam_recv_report(struct stea
+ 	int ret;
+ 
+ 	r = steam->hdev->report_enum[HID_FEATURE_REPORT].report_id_hash[0];
++	if (!r) {
++		hid_err(steam->hdev, "No HID_FEATURE_REPORT submitted -  nothing to read\n");
++		return -EINVAL;
++	}
++
+ 	if (hid_report_len(r) < 64)
+ 		return -EINVAL;
+ 
+@@ -165,6 +170,11 @@ static int steam_send_report(struct stea
+ 	int ret;
+ 
+ 	r = steam->hdev->report_enum[HID_FEATURE_REPORT].report_id_hash[0];
++	if (!r) {
++		hid_err(steam->hdev, "No HID_FEATURE_REPORT submitted -  nothing to read\n");
++		return -EINVAL;
++	}
++
+ 	if (hid_report_len(r) < 64)
+ 		return -EINVAL;
+ 
diff --git a/queue-5.15/revert-pci-portdrv-don-t-disable-aer-reporting-in-get_port_device_capability.patch b/queue-5.15/revert-pci-portdrv-don-t-disable-aer-reporting-in-get_port_device_capability.patch
new file mode 100644
index 00000000000..85dbcfd7e03
--- /dev/null
+++ b/queue-5.15/revert-pci-portdrv-don-t-disable-aer-reporting-in-get_port_device_capability.patch
@@ -0,0 +1,48 @@
+From foo@baz Thu Sep  1 01:06:14 PM CEST 2022
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Thu, 1 Sep 2022 13:01:03 +0200
+Subject: Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit c968af565ca6c18b2f2af60fc1493c8db15abb3c which is
+commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 upstream.
+
+It is reported to cause problems, so drop it from the stable trees for
+now until it gets sorted out.
+
+Link: https://lore.kernel.org/r/47b775c5-57fa-5edf-b59e-8a9041ffbee7@candelatech.com
+Reported-by: Ben Greear <greearb@candelatech.com>
+Cc: Stefan Roese <sr@denx.de>
+Cc: Bjorn Helgaas <bhelgaas@google.com>
+Cc: Pali Rohár <pali@kernel.org>
+Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
+Cc: Bharat Kumar Gogada <bharat.kumar.gogada@xilinx.com>
+Cc: Michal Simek <michal.simek@xilinx.com>
+Cc: Yao Hongbo <yaohongbo@linux.alibaba.com>
+Cc: Naveen Naidu <naveennaidu479@gmail.com>
+Cc: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/pcie/portdrv_core.c |    9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/drivers/pci/pcie/portdrv_core.c
++++ b/drivers/pci/pcie/portdrv_core.c
+@@ -222,8 +222,15 @@ static int get_port_device_capability(st
+ 
+ #ifdef CONFIG_PCIEAER
+ 	if (dev->aer_cap && pci_aer_available() &&
+-	    (pcie_ports_native || host->native_aer))
++	    (pcie_ports_native || host->native_aer)) {
+ 		services |= PCIE_PORT_SERVICE_AER;
++
++		/*
++		 * Disable AER on this port in case it's been enabled by the
++		 * BIOS (the AER service driver will enable it when necessary).
++		 */
++		pci_disable_pcie_error_reporting(dev);
++	}
+ #endif
+ 
+ 	/* Root Ports and Root Complex Event Collectors may generate PMEs */
diff --git a/queue-5.15/series b/queue-5.15/series
index c039acd878e..4eecf4886ca 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -23,3 +23,5 @@ io_uring-fix-wrong-arm_poll-error-handling.patch
 io_uring-fix-uaf-due-to-missing-pollfree-handling.patch
 kbuild-fix-include-path-in-scripts-makefile.modpost.patch
 bluetooth-l2cap-fix-build-errors-in-some-archs.patch
+revert-pci-portdrv-don-t-disable-aer-reporting-in-get_port_device_capability.patch
+hid-steam-prevent-null-pointer-dereference-in-steam_-recv-send-_report.patch