Linux v4.5-6229-gf7813ad5cbfd

- ipmi, mfd, sound merges
2016-03-18 16:52:17 -04:00 · 2016-03-18 16:52:17 -04:00 · 96bb3e4edb
parent 9b73a1330f
commit 96bb3e4edb
8 changed files with 20 additions and 127 deletions
--- a/ALSA-usb-audio-Add-sanity-checks-for-endpoint-access.patch
+++ b/ALSA-usb-audio-Add-sanity-checks-for-endpoint-access.patch
@ -1,80 +0,0 @@
-From 873156565ca67779bbf5a3475ccd08ea3bb92522 Mon Sep 17 00:00:00 2001
-From: Takashi Iwai <tiwai@suse.de>
-Date: Tue, 15 Mar 2016 15:20:58 +0100
-Subject: [PATCH 2/2] ALSA: usb-audio: Add sanity checks for endpoint accesses
-
-Add some sanity check codes before actually accessing the endpoint via
-get_endpoint() in order to avoid the invalid access through a
-malformed USB descriptor.  Mostly just checking bNumEndpoints, but in
-one place (snd_microii_spdif_default_get()), the validity of iface and
-altsetting index is checked as well.
-
-Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125
-Cc: <stable@vger.kernel.org>
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
- sound/usb/clock.c        | 2 ++
- sound/usb/endpoint.c     | 3 +++
- sound/usb/mixer_quirks.c | 4 ++++
- sound/usb/pcm.c          | 2 ++
- 4 files changed, 11 insertions(+)
-
-diff --git a/sound/usb/clock.c b/sound/usb/clock.c
-index 2ed260b10f6d..7ccbcaf6a147 100644
--- a/sound/usb/clock.c
-+++ b/sound/usb/clock.c
-@@ -285,6 +285,8 @@ static int set_sample_rate_v1(struct snd_usb_audio *chip, int iface,
- 	unsigned char data[3];
- 	int err, crate;
- 
-+	if (get_iface_desc(alts)->bNumEndpoints < 1)
-+		return -EINVAL;
- 	ep = get_endpoint(alts, 0)->bEndpointAddress;
- 
- 	/* if endpoint doesn't have sampling rate control, bail out */
-diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
-index e6f71894ecdc..c2131b851602 100644
--- a/sound/usb/endpoint.c
-+++ b/sound/usb/endpoint.c
-@@ -415,6 +415,9 @@ exit_clear:
-  *
-  * New endpoints will be added to chip->ep_list and must be freed by
-  * calling snd_usb_endpoint_free().
-+ *
-+ * For SND_USB_ENDPOINT_TYPE_SYNC, the caller needs to guarantee that
-+ * bNumEndpoints > 1 beforehand.
-  */
- struct snd_usb_endpoint *snd_usb_add_endpoint(struct snd_usb_audio *chip,
- 					      struct usb_host_interface *alts,
-diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
-index d3608c0a29f3..2d724e3c4cc0 100644
--- a/sound/usb/mixer_quirks.c
-+++ b/sound/usb/mixer_quirks.c
-@@ -1518,7 +1518,11 @@ static int snd_microii_spdif_default_get(struct snd_kcontrol *kcontrol,
- 
- 	/* use known values for that card: interface#1 altsetting#1 */
- 	iface = usb_ifnum_to_if(chip->dev, 1);
-+	if (!iface || iface->num_altsetting < 2)
-+		return -EINVAL;
- 	alts = &iface->altsetting[1];
-+	if (get_iface_desc(alts)->bNumEndpoints < 1)
-+		return -EINVAL;
- 	ep = get_endpoint(alts, 0)->bEndpointAddress;
- 
- 	err = snd_usb_ctl_msg(chip->dev,
-diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c
-index cdac5179db3f..4da64896df6d 100644
--- a/sound/usb/pcm.c
-+++ b/sound/usb/pcm.c
-@@ -159,6 +159,8 @@ static int init_pitch_v1(struct snd_usb_audio *chip, int iface,
- 	unsigned char data[1];
- 	int err;
- 
-+	if (get_iface_desc(alts)->bNumEndpoints < 1)
-+		return -EINVAL;
- 	ep = get_endpoint(alts, 0)->bEndpointAddress;
- 
- 	data[0] = 1;
-- 
-2.5.0
-
--- a/ALSA-usb-audio-Fix-NULL-dereference-in-create_fixed_.patch
+++ b/ALSA-usb-audio-Fix-NULL-dereference-in-create_fixed_.patch
@ -1,40 +0,0 @@
-From b0bb5691b38e2f439b071e226bad9f699c33b77d Mon Sep 17 00:00:00 2001
-From: Takashi Iwai <tiwai@suse.de>
-Date: Tue, 15 Mar 2016 12:09:10 +0100
-Subject: [PATCH 1/2] ALSA: usb-audio: Fix NULL dereference in
- create_fixed_stream_quirk()
-
-create_fixed_stream_quirk() may cause a NULL-pointer dereference by
-accessing the non-existing endpoint when a USB device with a malformed
-USB descriptor is used.
-
-This patch avoids it simply by adding a sanity check of bNumEndpoints
-before the accesses.
-
-Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125
-Cc: <stable@vger.kernel.org>
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
- sound/usb/quirks.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
-index eef9b8e4b949..e128ca62eb44 100644
--- a/sound/usb/quirks.c
-+++ b/sound/usb/quirks.c
-@@ -177,6 +177,12 @@ static int create_fixed_stream_quirk(struct snd_usb_audio *chip,
- 	}
- 	alts = &iface->altsetting[fp->altset_idx];
- 	altsd = get_iface_desc(alts);
-+	if (altsd->bNumEndpoints < 1) {
-+		kfree(fp);
-+		kfree(rate_table);
-+		return -EINVAL;
-+	}
-+
- 	fp->protocol = altsd->bInterfaceProtocol;
- 
- 	if (fp->datainterval == 0)
-- 
-2.5.0
-
--- a/1
+++ b/1
@ -227,6 +227,7 @@ CONFIG_PWM_SUN4I=m
 CONFIG_USB_MUSB_SUNXI=m
 CONFIG_CRYPTO_DEV_SUN4I_SS=m
 CONFIG_SND_SUN4I_CODEC=m
+CONFIG_SND_SUN4I_SPDIF=m
 CONFIG_SUNXI_RSB=m
 CONFIG_NVMEM_SUNXI_SID=m

--- a/11
+++ b/11
@ -4479,6 +4479,14 @@ CONFIG_MFD_VIPERBOARD=m
 # CONFIG_INTEL_SOC_PMIC is not set
 # CONFIG_MFD_ATMEL_FLEXCOM is not set
 # CONFIG_TS4800_IRQ is not set
+# CONFIG_MFD_ACT8945A is not set
+# CONFIG_MFD_AXP20X_I2C is not set
+# CONFIG_MFD_AXP20X_RSB is not set
+# CONFIG_MFD_88PM800 is not set
+# CONFIG_MFD_88PM805 is not set
+# CONFIG_MFD_MAX77686 is not set
+# CONFIG_MFD_MAX8907 is not set
+# CONFIG_MFD_TPS65086 is not set

 #
 # File systems
@ -5244,6 +5252,8 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
 # CONFIG_SND_SOC_PCM3168A_SPI is not set
 # CONFIG_SND_SOC_PCM512x_I2C is not set
 # CONFIG_SND_SOC_PCM512x_SPI is not set
+# CONFIG_SND_SOC_PCM179X_I2C is not set
+# CONFIG_SND_SOC_PCM179X_SPI is not set
 # CONFIG_SND_SOC_QCOM is not set
 # CONFIG_SND_SOC_SGTL5000 is not set
 # CONFIG_SND_SOC_SIRF_AUDIO_CODEC is not set
@ -5294,6 +5304,7 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
 # CONFIG_SND_SOC_CS42L51_I2C is not set
 # CONFIG_SND_SOC_CS4271_I2C is not set
 # CONFIG_SND_SOC_CS4271_SPI is not set
+# CONFIG_SND_SOC_RT5616 is not set
 # CONFIG_SND_SOC_RT5631 is not set
 # CONFIG_SND_SOC_TFA9879 is not set
 # CONFIG_SND_SOC_TLV320AIC23_I2C is not set
--- a/1
+++ b/1
@ -573,6 +573,7 @@ CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
 CONFIG_SND_SOC_AC97_CODEC=m
 # CONFIG_SND_SOC_TAS571X is not set
 # CONFIG_SND_SUN4I_CODEC is not set
+# CONFIG_SND_SUN4I_SPDIF is not set

 # CONFIG_INTEL_POWERCLAMP is not set
 CONFIG_X86_PKG_TEMP_THERMAL=m
--- a/2
+++ b/2
@ -1 +1 @@
-9ea446352047d8350553250db51da2c73a610688
+f7813ad5cbfd1fab2899914281b72a1ba0805c80
--- a/kernel.spec
+++ b/kernel.spec
@ -69,7 +69,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 0
 # The git snapshot level
-%define gitrev 10
+%define gitrev 11
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@ -624,10 +624,6 @@ Patch667: intel_pstate-Do-not-call-wrmsrl_on_cpu-with-disabled.patch
 #rhbz 1318596
 Patch668: x86-tsc-Prevent-NULL-pointer-deref-in-calibrate_dela.patch

-#CVE-2016-2184 rhbz 1317012 1317470
-Patch670: ALSA-usb-audio-Fix-NULL-dereference-in-create_fixed_.patch
-Patch671: ALSA-usb-audio-Add-sanity-checks-for-endpoint-access.patch
-
 #CVE-2016-3137 rhbz 1317010 1316996
 Patch672: cypress_m8-add-sanity-checking.patch

@ -2167,6 +2163,10 @@ fi
 #
 # 
 %changelog
+* Fri Mar 18 2016 Josh Boyer <jwboyer@fedoraproject.org> - 4.6.0-0.rc0.git11.1
+- Linux v4.5-6229-gf7813ad5cbfd
+- ipmi, mfd, sound merges
+
 * Fri Mar 18 2016 Josh Boyer <jwboyer@fedoraproject.org>
 - Change requires to updated package names and correctly Requires findutils
  in -devel package (rhbz 1319131)
--- a/2
+++ b/2
@ -1,3 +1,3 @@
 a60d48eee08ec0536d5efb17ca819aef  linux-4.5.tar.xz
 6f557fe90b800b615c85c2ca04da6154  perf-man-4.5.tar.gz
-26a52dd2221f960d380a83cb01cf0af7  patch-4.5-git10.xz
+085abf64e5402f2b588b9c64f09a6f44  patch-4.5-git11.xz