From 48063c9cbf35d441c75d17b791cb0240903375f6 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 3 Dec 2024 13:05:22 +0100 Subject: [PATCH] drop jffs2-prevent-rtime-decompress-memory-corruption.patch --- ...t-rtime-decompress-memory-corruption.patch | 34 ------------------- queue-4.19/series | 1 - ...t-rtime-decompress-memory-corruption.patch | 34 ------------------- queue-5.10/series | 1 - ...t-rtime-decompress-memory-corruption.patch | 34 ------------------- queue-5.15/series | 1 - ...t-rtime-decompress-memory-corruption.patch | 34 ------------------- queue-5.4/series | 1 - ...t-rtime-decompress-memory-corruption.patch | 34 ------------------- queue-6.1/series | 1 - ...t-rtime-decompress-memory-corruption.patch | 34 ------------------- queue-6.11/series | 1 - ...t-rtime-decompress-memory-corruption.patch | 34 ------------------- queue-6.12/series | 1 - ...t-rtime-decompress-memory-corruption.patch | 34 ------------------- queue-6.6/series | 1 - 16 files changed, 280 deletions(-) delete mode 100644 queue-4.19/jffs2-prevent-rtime-decompress-memory-corruption.patch delete mode 100644 queue-5.10/jffs2-prevent-rtime-decompress-memory-corruption.patch delete mode 100644 queue-5.15/jffs2-prevent-rtime-decompress-memory-corruption.patch delete mode 100644 queue-5.4/jffs2-prevent-rtime-decompress-memory-corruption.patch delete mode 100644 queue-6.1/jffs2-prevent-rtime-decompress-memory-corruption.patch delete mode 100644 queue-6.11/jffs2-prevent-rtime-decompress-memory-corruption.patch delete mode 100644 queue-6.12/jffs2-prevent-rtime-decompress-memory-corruption.patch delete mode 100644 queue-6.6/jffs2-prevent-rtime-decompress-memory-corruption.patch diff --git a/queue-4.19/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-4.19/jffs2-prevent-rtime-decompress-memory-corruption.patch deleted file mode 100644 index 078df2a6d66..00000000000 --- a/queue-4.19/jffs2-prevent-rtime-decompress-memory-corruption.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 -From: Kinsey Moore -Date: Tue, 23 Jul 2024 15:58:05 -0500 -Subject: jffs2: Prevent rtime decompress memory corruption - -From: Kinsey Moore - -commit fe051552f5078fa02d593847529a3884305a6ffe upstream. - -The rtime decompression routine does not fully check bounds during the -entirety of the decompression pass and can corrupt memory outside the -decompression buffer if the compressed data is corrupted. This adds the -required check to prevent this failure mode. - -Cc: stable@vger.kernel.org -Signed-off-by: Kinsey Moore -Signed-off-by: Richard Weinberger -Signed-off-by: Greg Kroah-Hartman ---- - fs/jffs2/compr_rtime.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign - - positions[value]=outpos; - if (repeat) { -+ if ((outpos + repeat) >= destlen) { -+ return 1; -+ } - if (backoffs + repeat >= outpos) { - while(repeat) { - cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-4.19/series b/queue-4.19/series index f1bcc71a740..ec7946f1b8b 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -114,7 +114,6 @@ ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch um-ubd-do-not-use-drvdata-in-release.patch um-net-do-not-use-drvdata-in-release.patch serial-8250-omap-move-pm_runtime_get_sync.patch -jffs2-prevent-rtime-decompress-memory-corruption.patch um-vector-do-not-use-drvdata-in-release.patch sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch arm64-tls-fix-context-switching-of-tpidrro_el0-when-kpti-is-enabled.patch diff --git a/queue-5.10/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-5.10/jffs2-prevent-rtime-decompress-memory-corruption.patch deleted file mode 100644 index 078df2a6d66..00000000000 --- a/queue-5.10/jffs2-prevent-rtime-decompress-memory-corruption.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 -From: Kinsey Moore -Date: Tue, 23 Jul 2024 15:58:05 -0500 -Subject: jffs2: Prevent rtime decompress memory corruption - -From: Kinsey Moore - -commit fe051552f5078fa02d593847529a3884305a6ffe upstream. - -The rtime decompression routine does not fully check bounds during the -entirety of the decompression pass and can corrupt memory outside the -decompression buffer if the compressed data is corrupted. This adds the -required check to prevent this failure mode. - -Cc: stable@vger.kernel.org -Signed-off-by: Kinsey Moore -Signed-off-by: Richard Weinberger -Signed-off-by: Greg Kroah-Hartman ---- - fs/jffs2/compr_rtime.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign - - positions[value]=outpos; - if (repeat) { -+ if ((outpos + repeat) >= destlen) { -+ return 1; -+ } - if (backoffs + repeat >= outpos) { - while(repeat) { - cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-5.10/series b/queue-5.10/series index bd523d03a32..1b91f1c5ac5 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -260,7 +260,6 @@ ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch um-ubd-do-not-use-drvdata-in-release.patch um-net-do-not-use-drvdata-in-release.patch serial-8250-omap-move-pm_runtime_get_sync.patch -jffs2-prevent-rtime-decompress-memory-corruption.patch um-vector-do-not-use-drvdata-in-release.patch sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch arm64-tls-fix-context-switching-of-tpidrro_el0-when-kpti-is-enabled.patch diff --git a/queue-5.15/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-5.15/jffs2-prevent-rtime-decompress-memory-corruption.patch deleted file mode 100644 index 078df2a6d66..00000000000 --- a/queue-5.15/jffs2-prevent-rtime-decompress-memory-corruption.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 -From: Kinsey Moore -Date: Tue, 23 Jul 2024 15:58:05 -0500 -Subject: jffs2: Prevent rtime decompress memory corruption - -From: Kinsey Moore - -commit fe051552f5078fa02d593847529a3884305a6ffe upstream. - -The rtime decompression routine does not fully check bounds during the -entirety of the decompression pass and can corrupt memory outside the -decompression buffer if the compressed data is corrupted. This adds the -required check to prevent this failure mode. - -Cc: stable@vger.kernel.org -Signed-off-by: Kinsey Moore -Signed-off-by: Richard Weinberger -Signed-off-by: Greg Kroah-Hartman ---- - fs/jffs2/compr_rtime.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign - - positions[value]=outpos; - if (repeat) { -+ if ((outpos + repeat) >= destlen) { -+ return 1; -+ } - if (backoffs + repeat >= outpos) { - while(repeat) { - cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-5.15/series b/queue-5.15/series index 5692b3fe1ed..46f4e72e20a 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -321,7 +321,6 @@ ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch um-ubd-do-not-use-drvdata-in-release.patch um-net-do-not-use-drvdata-in-release.patch serial-8250-omap-move-pm_runtime_get_sync.patch -jffs2-prevent-rtime-decompress-memory-corruption.patch um-vector-do-not-use-drvdata-in-release.patch sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch arm64-tls-fix-context-switching-of-tpidrro_el0-when-kpti-is-enabled.patch diff --git a/queue-5.4/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-5.4/jffs2-prevent-rtime-decompress-memory-corruption.patch deleted file mode 100644 index 078df2a6d66..00000000000 --- a/queue-5.4/jffs2-prevent-rtime-decompress-memory-corruption.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 -From: Kinsey Moore -Date: Tue, 23 Jul 2024 15:58:05 -0500 -Subject: jffs2: Prevent rtime decompress memory corruption - -From: Kinsey Moore - -commit fe051552f5078fa02d593847529a3884305a6ffe upstream. - -The rtime decompression routine does not fully check bounds during the -entirety of the decompression pass and can corrupt memory outside the -decompression buffer if the compressed data is corrupted. This adds the -required check to prevent this failure mode. - -Cc: stable@vger.kernel.org -Signed-off-by: Kinsey Moore -Signed-off-by: Richard Weinberger -Signed-off-by: Greg Kroah-Hartman ---- - fs/jffs2/compr_rtime.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign - - positions[value]=outpos; - if (repeat) { -+ if ((outpos + repeat) >= destlen) { -+ return 1; -+ } - if (backoffs + repeat >= outpos) { - while(repeat) { - cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-5.4/series b/queue-5.4/series index af32e3b4222..461f09f4df7 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -162,7 +162,6 @@ ubi-wl-put-source-peb-into-correct-list-if-trying-locking-leb-failed.patch um-ubd-do-not-use-drvdata-in-release.patch um-net-do-not-use-drvdata-in-release.patch serial-8250-omap-move-pm_runtime_get_sync.patch -jffs2-prevent-rtime-decompress-memory-corruption.patch um-vector-do-not-use-drvdata-in-release.patch sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch arm64-tls-fix-context-switching-of-tpidrro_el0-when-kpti-is-enabled.patch diff --git a/queue-6.1/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-6.1/jffs2-prevent-rtime-decompress-memory-corruption.patch deleted file mode 100644 index 078df2a6d66..00000000000 --- a/queue-6.1/jffs2-prevent-rtime-decompress-memory-corruption.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 -From: Kinsey Moore -Date: Tue, 23 Jul 2024 15:58:05 -0500 -Subject: jffs2: Prevent rtime decompress memory corruption - -From: Kinsey Moore - -commit fe051552f5078fa02d593847529a3884305a6ffe upstream. - -The rtime decompression routine does not fully check bounds during the -entirety of the decompression pass and can corrupt memory outside the -decompression buffer if the compressed data is corrupted. This adds the -required check to prevent this failure mode. - -Cc: stable@vger.kernel.org -Signed-off-by: Kinsey Moore -Signed-off-by: Richard Weinberger -Signed-off-by: Greg Kroah-Hartman ---- - fs/jffs2/compr_rtime.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign - - positions[value]=outpos; - if (repeat) { -+ if ((outpos + repeat) >= destlen) { -+ return 1; -+ } - if (backoffs + repeat >= outpos) { - while(repeat) { - cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-6.1/series b/queue-6.1/series index 6bde0b156b6..a3332b2da54 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -409,7 +409,6 @@ um-net-do-not-use-drvdata-in-release.patch dt-bindings-serial-rs485-fix-rs485-rts-delay-property.patch serial-8250_fintek-add-support-for-f81216e.patch serial-8250-omap-move-pm_runtime_get_sync.patch -jffs2-prevent-rtime-decompress-memory-corruption.patch um-vector-do-not-use-drvdata-in-release.patch sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch ublk-fix-ublk_ch_mmap-for-64k-page-size.patch diff --git a/queue-6.11/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-6.11/jffs2-prevent-rtime-decompress-memory-corruption.patch deleted file mode 100644 index 078df2a6d66..00000000000 --- a/queue-6.11/jffs2-prevent-rtime-decompress-memory-corruption.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 -From: Kinsey Moore -Date: Tue, 23 Jul 2024 15:58:05 -0500 -Subject: jffs2: Prevent rtime decompress memory corruption - -From: Kinsey Moore - -commit fe051552f5078fa02d593847529a3884305a6ffe upstream. - -The rtime decompression routine does not fully check bounds during the -entirety of the decompression pass and can corrupt memory outside the -decompression buffer if the compressed data is corrupted. This adds the -required check to prevent this failure mode. - -Cc: stable@vger.kernel.org -Signed-off-by: Kinsey Moore -Signed-off-by: Richard Weinberger -Signed-off-by: Greg Kroah-Hartman ---- - fs/jffs2/compr_rtime.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign - - positions[value]=outpos; - if (repeat) { -+ if ((outpos + repeat) >= destlen) { -+ return 1; -+ } - if (backoffs + repeat >= outpos) { - while(repeat) { - cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-6.11/series b/queue-6.11/series index 8086035820b..05c2f394f2b 100644 --- a/queue-6.11/series +++ b/queue-6.11/series @@ -716,7 +716,6 @@ serial-8250_fintek-add-support-for-f81216e.patch serial-8250-omap-move-pm_runtime_get_sync.patch serial-amba-pl011-fix-rx-stall-when-dma-is-used.patch serial-amba-pl011-fix-build-regression.patch -jffs2-prevent-rtime-decompress-memory-corruption.patch mtd-ubi-fix-unreleased-fwnode_handle-in-find_volume_fwnode.patch block-prevent-potential-deadlock-in-blk_revalidate_disk_zones.patch um-vector-do-not-use-drvdata-in-release.patch diff --git a/queue-6.12/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-6.12/jffs2-prevent-rtime-decompress-memory-corruption.patch deleted file mode 100644 index 078df2a6d66..00000000000 --- a/queue-6.12/jffs2-prevent-rtime-decompress-memory-corruption.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 -From: Kinsey Moore -Date: Tue, 23 Jul 2024 15:58:05 -0500 -Subject: jffs2: Prevent rtime decompress memory corruption - -From: Kinsey Moore - -commit fe051552f5078fa02d593847529a3884305a6ffe upstream. - -The rtime decompression routine does not fully check bounds during the -entirety of the decompression pass and can corrupt memory outside the -decompression buffer if the compressed data is corrupted. This adds the -required check to prevent this failure mode. - -Cc: stable@vger.kernel.org -Signed-off-by: Kinsey Moore -Signed-off-by: Richard Weinberger -Signed-off-by: Greg Kroah-Hartman ---- - fs/jffs2/compr_rtime.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign - - positions[value]=outpos; - if (repeat) { -+ if ((outpos + repeat) >= destlen) { -+ return 1; -+ } - if (backoffs + repeat >= outpos) { - while(repeat) { - cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-6.12/series b/queue-6.12/series index 5d2f6d2c83e..3eabdbad43b 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -714,7 +714,6 @@ serial-8250-omap-move-pm_runtime_get_sync.patch serial-amba-pl011-fix-rx-stall-when-dma-is-used.patch serial-amba-pl011-fix-build-regression.patch revert-block-bfq-merge-bfq_release_process_ref-into-bfq_put_cooperator.patch -jffs2-prevent-rtime-decompress-memory-corruption.patch mtd-ubi-fix-unreleased-fwnode_handle-in-find_volume_fwnode.patch block-prevent-potential-deadlock-in-blk_revalidate_disk_zones.patch um-vector-do-not-use-drvdata-in-release.patch diff --git a/queue-6.6/jffs2-prevent-rtime-decompress-memory-corruption.patch b/queue-6.6/jffs2-prevent-rtime-decompress-memory-corruption.patch deleted file mode 100644 index 078df2a6d66..00000000000 --- a/queue-6.6/jffs2-prevent-rtime-decompress-memory-corruption.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fe051552f5078fa02d593847529a3884305a6ffe Mon Sep 17 00:00:00 2001 -From: Kinsey Moore -Date: Tue, 23 Jul 2024 15:58:05 -0500 -Subject: jffs2: Prevent rtime decompress memory corruption - -From: Kinsey Moore - -commit fe051552f5078fa02d593847529a3884305a6ffe upstream. - -The rtime decompression routine does not fully check bounds during the -entirety of the decompression pass and can corrupt memory outside the -decompression buffer if the compressed data is corrupted. This adds the -required check to prevent this failure mode. - -Cc: stable@vger.kernel.org -Signed-off-by: Kinsey Moore -Signed-off-by: Richard Weinberger -Signed-off-by: Greg Kroah-Hartman ---- - fs/jffs2/compr_rtime.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -95,6 +95,9 @@ static int jffs2_rtime_decompress(unsign - - positions[value]=outpos; - if (repeat) { -+ if ((outpos + repeat) >= destlen) { -+ return 1; -+ } - if (backoffs + repeat >= outpos) { - while(repeat) { - cpage_out[outpos++] = cpage_out[backoffs++]; diff --git a/queue-6.6/series b/queue-6.6/series index cc3daf1d9fd..d3f4cefbed3 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -526,7 +526,6 @@ um-net-do-not-use-drvdata-in-release.patch dt-bindings-serial-rs485-fix-rs485-rts-delay-property.patch serial-8250_fintek-add-support-for-f81216e.patch serial-8250-omap-move-pm_runtime_get_sync.patch -jffs2-prevent-rtime-decompress-memory-corruption.patch um-vector-do-not-use-drvdata-in-release.patch sh-cpuinfo-fix-a-warning-for-config_cpumask_offstack.patch iio-gts-fix-uninitialized-symbol-ret.patch -- 2.47.3