From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 7 Feb 2018 20:07:34 +0000 (-0800)
Subject: 4.9-stable patches
X-Git-Tag: v4.15.3~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bd9daa9f49bd2706675c4e49881f9e299e404916;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	b43-add-missing-module_firmware.patch
	keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch
	media-soc_camera-soc_scale_crop-add-missing-module_description-author-license.patch
---

diff --git a/queue-4.9/b43-add-missing-module_firmware.patch b/queue-4.9/b43-add-missing-module_firmware.patch
new file mode 100644
index 00000000000..28bcec72c53
--- /dev/null
+++ b/queue-4.9/b43-add-missing-module_firmware.patch
@@ -0,0 +1,43 @@
+From 3c89a72ad80c64bdbd5ff851ee9c328a191f7e01 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 4 May 2017 11:27:52 +0200
+Subject: b43: Add missing MODULE_FIRMWARE()
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 3c89a72ad80c64bdbd5ff851ee9c328a191f7e01 upstream.
+
+Some firmware entries were forgotten to be added via MODULE_FIRMWARE(), which
+may result in the non-functional state when the driver is loaded in initrd.
+
+Link: http://bugzilla.opensuse.org/show_bug.cgi?id=1037344
+Fixes: 15be8e89cdd9 ("b43: add more bcma cores")
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/broadcom/b43/main.c |   10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/b43/main.c
++++ b/drivers/net/wireless/broadcom/b43/main.c
+@@ -71,8 +71,18 @@ MODULE_FIRMWARE("b43/ucode11.fw");
+ MODULE_FIRMWARE("b43/ucode13.fw");
+ MODULE_FIRMWARE("b43/ucode14.fw");
+ MODULE_FIRMWARE("b43/ucode15.fw");
++MODULE_FIRMWARE("b43/ucode16_lp.fw");
+ MODULE_FIRMWARE("b43/ucode16_mimo.fw");
++MODULE_FIRMWARE("b43/ucode24_lcn.fw");
++MODULE_FIRMWARE("b43/ucode25_lcn.fw");
++MODULE_FIRMWARE("b43/ucode25_mimo.fw");
++MODULE_FIRMWARE("b43/ucode26_mimo.fw");
++MODULE_FIRMWARE("b43/ucode29_mimo.fw");
++MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
++MODULE_FIRMWARE("b43/ucode30_mimo.fw");
+ MODULE_FIRMWARE("b43/ucode5.fw");
++MODULE_FIRMWARE("b43/ucode40.fw");
++MODULE_FIRMWARE("b43/ucode42.fw");
+ MODULE_FIRMWARE("b43/ucode9.fw");
+ 
+ static int modparam_bad_frames_preempt;
diff --git a/queue-4.9/keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch b/queue-4.9/keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch
new file mode 100644
index 00000000000..614f8f12861
--- /dev/null
+++ b/queue-4.9/keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch
@@ -0,0 +1,68 @@
+From 794b4bc292f5d31739d89c0202c54e7dc9bc3add Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 8 Jun 2017 14:48:18 +0100
+Subject: KEYS: encrypted: fix buffer overread in valid_master_desc()
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 794b4bc292f5d31739d89c0202c54e7dc9bc3add upstream.
+
+With the 'encrypted' key type it was possible for userspace to provide a
+data blob ending with a master key description shorter than expected,
+e.g. 'keyctl add encrypted desc "new x" @s'.  When validating such a
+master key description, validate_master_desc() could read beyond the end
+of the buffer.  Fix this by using strncmp() instead of memcmp().  [Also
+clean up the code to deduplicate some logic.]
+
+Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Jin Qian <jinqian@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/keys/encrypted-keys/encrypted.c |   31 +++++++++++++++----------------
+ 1 file changed, 15 insertions(+), 16 deletions(-)
+
+--- a/security/keys/encrypted-keys/encrypted.c
++++ b/security/keys/encrypted-keys/encrypted.c
+@@ -141,23 +141,22 @@ static int valid_ecryptfs_desc(const cha
+  */
+ static int valid_master_desc(const char *new_desc, const char *orig_desc)
+ {
+-	if (!memcmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) {
+-		if (strlen(new_desc) == KEY_TRUSTED_PREFIX_LEN)
+-			goto out;
+-		if (orig_desc)
+-			if (memcmp(new_desc, orig_desc, KEY_TRUSTED_PREFIX_LEN))
+-				goto out;
+-	} else if (!memcmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) {
+-		if (strlen(new_desc) == KEY_USER_PREFIX_LEN)
+-			goto out;
+-		if (orig_desc)
+-			if (memcmp(new_desc, orig_desc, KEY_USER_PREFIX_LEN))
+-				goto out;
+-	} else
+-		goto out;
++	int prefix_len;
++
++	if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN))
++		prefix_len = KEY_TRUSTED_PREFIX_LEN;
++	else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN))
++		prefix_len = KEY_USER_PREFIX_LEN;
++	else
++		return -EINVAL;
++
++	if (!new_desc[prefix_len])
++		return -EINVAL;
++
++	if (orig_desc && strncmp(new_desc, orig_desc, prefix_len))
++		return -EINVAL;
++
+ 	return 0;
+-out:
+-	return -EINVAL;
+ }
+ 
+ /*
diff --git a/queue-4.9/media-soc_camera-soc_scale_crop-add-missing-module_description-author-license.patch b/queue-4.9/media-soc_camera-soc_scale_crop-add-missing-module_description-author-license.patch
new file mode 100644
index 00000000000..b9aeb228fdc
--- /dev/null
+++ b/queue-4.9/media-soc_camera-soc_scale_crop-add-missing-module_description-author-license.patch
@@ -0,0 +1,38 @@
+From 5331aec1bf9c9da557668174e0a4bfcee39f1121 Mon Sep 17 00:00:00 2001
+From: Jesse Chan <jc@linux.com>
+Date: Mon, 20 Nov 2017 15:56:28 -0500
+Subject: media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+
+From: Jesse Chan <jc@linux.com>
+
+commit 5331aec1bf9c9da557668174e0a4bfcee39f1121 upstream.
+
+This change resolves a new compile-time warning
+when built as a loadable module:
+
+WARNING: modpost: missing MODULE_LICENSE() in drivers/media/platform/soc_camera/soc_scale_crop.o
+see include/linux/module.h for more information
+
+This adds the license as "GPL", which matches the header of the file.
+
+MODULE_DESCRIPTION and MODULE_AUTHOR are also added.
+
+Signed-off-by: Jesse Chan <jc@linux.com>
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/platform/soc_camera/soc_scale_crop.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/media/platform/soc_camera/soc_scale_crop.c
++++ b/drivers/media/platform/soc_camera/soc_scale_crop.c
+@@ -418,3 +418,7 @@ void soc_camera_calc_client_output(struc
+ 	mf->height = soc_camera_shift_scale(rect->height, shift, scale_v);
+ }
+ EXPORT_SYMBOL(soc_camera_calc_client_output);
++
++MODULE_DESCRIPTION("soc-camera scaling-cropping functions");
++MODULE_AUTHOR("Guennadi Liakhovetski <kernel@pengutronix.de>");
++MODULE_LICENSE("GPL");
diff --git a/queue-4.9/series b/queue-4.9/series
index 52cf6c81fed..157e0391d7f 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -38,3 +38,6 @@ ipv6-fix-so_reuseport-udp-socket-with-implicit-sk_ipv6only.patch
 soreuseport-fix-mem-leak-in-reuseport_add_sock.patch
 x86-asm-fix-inline-asm-call-constraints-for-gcc-4.4.patch
 x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch
+media-soc_camera-soc_scale_crop-add-missing-module_description-author-license.patch
+b43-add-missing-module_firmware.patch
+keys-encrypted-fix-buffer-overread-in-valid_master_desc.patch