kernel-5.12.11-0
* Wed Jun 16 2021 Justin M. Forbes <jforbes@fedoraproject.org> [5.12.11-0] - Bluetooth: btqca: Don't modify firmware contents in-place (Connor Abbott) Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
Justin M. Forbes
parent
eb00041066
commit
b8ba37b6cf
|
|
@ -1,3 +1,6 @@
|
|||
https://gitlab.com/cki-project/kernel-ark/-/commit/d6845a028944f7b9ee8fe7b5fe0239fa6c363c90
|
||||
d6845a028944f7b9ee8fe7b5fe0239fa6c363c90 Bluetooth: btqca: Don't modify firmware contents in-place
|
||||
|
||||
https://gitlab.com/cki-project/kernel-ark/-/commit/b2d7ee79e7db6c474f9aa4ff14f53d860f6df8c1
|
||||
b2d7ee79e7db6c474f9aa4ff14f53d860f6df8c1 Bluetooth: use correct lock to prevent UAF of hdev object
|
||||
|
||||
|
|
|
|||
11
kernel.spec
11
kernel.spec
|
|
@ -106,7 +106,7 @@ Summary: The Linux kernel
|
|||
%define primary_target rhel
|
||||
%endif
|
||||
|
||||
%define rpmversion 5.12.10
|
||||
%define rpmversion 5.12.11
|
||||
%define stableversion 5.12
|
||||
%define pkgrelease 200
|
||||
|
||||
|
|
@ -623,7 +623,7 @@ BuildRequires: clang
|
|||
# exact git commit you can run
|
||||
#
|
||||
# xzcat -qq ${TARBALL} | git get-tar-commit-id
|
||||
Source0: linux-5.12.10.tar.xz
|
||||
Source0: linux-5.12.11.tar.xz
|
||||
|
||||
Source1: Makefile.rhelver
|
||||
|
||||
|
|
@ -1277,8 +1277,8 @@ ApplyOptionalPatch()
|
|||
fi
|
||||
}
|
||||
|
||||
%setup -q -n kernel-5.12.10 -c
|
||||
mv linux-5.12.10 linux-%{KVERREL}
|
||||
%setup -q -n kernel-5.12.11 -c
|
||||
mv linux-5.12.11 linux-%{KVERREL}
|
||||
|
||||
cd linux-%{KVERREL}
|
||||
cp -a %{SOURCE1} .
|
||||
|
|
@ -2792,6 +2792,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Wed Jun 16 2021 Justin M. Forbes <jforbes@fedoraproject.org> [5.12.11-0]
|
||||
- Bluetooth: btqca: Don't modify firmware contents in-place (Connor Abbott)
|
||||
|
||||
* Thu Jun 10 2021 Justin M. Forbes <jforbes@fedoraproject.org> [5.12.10-0]
|
||||
- Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma)
|
||||
- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (Krzysztof Kozlowski)
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@
|
|||
drivers/acpi/pci_mcfg.c | 7 ++
|
||||
drivers/acpi/scan.c | 9 ++
|
||||
drivers/ata/libahci.c | 18 +++
|
||||
drivers/bluetooth/btqca.c | 27 +++--
|
||||
drivers/char/ipmi/ipmi_dmi.c | 15 +++
|
||||
drivers/char/ipmi/ipmi_msghandler.c | 16 ++-
|
||||
drivers/firmware/efi/Makefile | 1 +
|
||||
|
|
@ -40,7 +41,7 @@
|
|||
security/lockdown/lockdown.c | 1 +
|
||||
security/security.c | 6 +
|
||||
security/selinux/hooks.c | 3 +-
|
||||
42 files changed, 621 insertions(+), 178 deletions(-)
|
||||
43 files changed, 641 insertions(+), 185 deletions(-)
|
||||
|
||||
diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admin-guide/kdump/kdump.rst
|
||||
index 75a9dd98e76e..3ff3291551f9 100644
|
||||
|
|
@ -65,7 +66,7 @@ index 75a9dd98e76e..3ff3291551f9 100644
|
|||
|
||||
Boot into System Kernel
|
||||
diff --git a/Makefile b/Makefile
|
||||
index ebc02c56db03..13bbf56b1bd3 100644
|
||||
index 82ca490ce5f4..75fbedcd7e67 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -495,6 +495,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE
|
||||
|
|
@ -340,6 +341,74 @@ index fec2e9754aed..bea4e2973259 100644
|
|||
/* wait for engine to stop. This could be as long as 500 msec */
|
||||
tmp = ata_wait_register(ap, port_mmio + PORT_CMD,
|
||||
PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500);
|
||||
diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c
|
||||
index 25114f0d1319..bd71dfc9c974 100644
|
||||
--- a/drivers/bluetooth/btqca.c
|
||||
+++ b/drivers/bluetooth/btqca.c
|
||||
@@ -183,7 +183,7 @@ int qca_send_pre_shutdown_cmd(struct hci_dev *hdev)
|
||||
EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd);
|
||||
|
||||
static void qca_tlv_check_data(struct qca_fw_config *config,
|
||||
- const struct firmware *fw, enum qca_btsoc_type soc_type)
|
||||
+ u8 *fw_data, enum qca_btsoc_type soc_type)
|
||||
{
|
||||
const u8 *data;
|
||||
u32 type_len;
|
||||
@@ -194,7 +194,7 @@ static void qca_tlv_check_data(struct qca_fw_config *config,
|
||||
struct tlv_type_nvm *tlv_nvm;
|
||||
uint8_t nvm_baud_rate = config->user_baud_rate;
|
||||
|
||||
- tlv = (struct tlv_type_hdr *)fw->data;
|
||||
+ tlv = (struct tlv_type_hdr *)fw_data;
|
||||
|
||||
type_len = le32_to_cpu(tlv->type_len);
|
||||
length = (type_len >> 8) & 0x00ffffff;
|
||||
@@ -390,8 +390,9 @@ static int qca_download_firmware(struct hci_dev *hdev,
|
||||
enum qca_btsoc_type soc_type)
|
||||
{
|
||||
const struct firmware *fw;
|
||||
+ u8 *data;
|
||||
const u8 *segment;
|
||||
- int ret, remain, i = 0;
|
||||
+ int ret, size, remain, i = 0;
|
||||
|
||||
bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
|
||||
|
||||
@@ -402,10 +403,22 @@ static int qca_download_firmware(struct hci_dev *hdev,
|
||||
return ret;
|
||||
}
|
||||
|
||||
- qca_tlv_check_data(config, fw, soc_type);
|
||||
+ size = fw->size;
|
||||
+ data = vmalloc(fw->size);
|
||||
+ if (!data) {
|
||||
+ bt_dev_err(hdev, "QCA Failed to allocate memory for file: %s",
|
||||
+ config->fwname);
|
||||
+ release_firmware(fw);
|
||||
+ return -ENOMEM;
|
||||
+ }
|
||||
+
|
||||
+ memcpy(data, fw->data, size);
|
||||
+ release_firmware(fw);
|
||||
+
|
||||
+ qca_tlv_check_data(config, data, soc_type);
|
||||
|
||||
- segment = fw->data;
|
||||
- remain = fw->size;
|
||||
+ segment = data;
|
||||
+ remain = size;
|
||||
while (remain > 0) {
|
||||
int segsize = min(MAX_SIZE_PER_TLV_SEGMENT, remain);
|
||||
|
||||
@@ -435,7 +448,7 @@ static int qca_download_firmware(struct hci_dev *hdev,
|
||||
ret = qca_inject_cmd_complete_event(hdev);
|
||||
|
||||
out:
|
||||
- release_firmware(fw);
|
||||
+ vfree(data);
|
||||
|
||||
return ret;
|
||||
}
|
||||
diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c
|
||||
index bbf7029e224b..cf7faa970dd6 100644
|
||||
--- a/drivers/char/ipmi/ipmi_dmi.c
|
||||
|
|
|
|||
6
sources
6
sources
|
|
@ -1,3 +1,3 @@
|
|||
SHA512 (linux-5.12.10.tar.xz) = d5bd7acad98d6c2872b5ed38cd976bd8dcb69613eb3aafb50c3a94f382918772a5506aa4e67bd698d0a1fd464e544409dda6c126a530652a082337cd7959f8d7
|
||||
SHA512 (kernel-abi-whitelists-5.12.10-200.tar.bz2) = 279faf9ef19310907684bea80daaee57c8239e04167f0d9f93993d751d33999742a6c4100d6e41b63e82bc2f7318658e776ba65e57e559300216b85bee4aefb7
|
||||
SHA512 (kernel-kabi-dw-5.12.10-200.tar.bz2) = 3177f38d555e65042bf7c4db4c55913beeef1793c21bdf204f26f486d1c5a2603eb2c091179c42f7657b54a9a3944e9410030c13be0b7e1feb16271fca3ea0d4
|
||||
SHA512 (linux-5.12.11.tar.xz) = 84dba10c2d555372d043e0cbb9824e39903d9f1ae7494a519a9e465c17111738c7acf9b0344170dc7e830a0a0616c320f3ff1935abf23480209346d02241feb4
|
||||
SHA512 (kernel-abi-whitelists-5.12.11-200.tar.bz2) = 55a040fcbcfcbef51ff6ed517a3f56b434ebaf17f443da4540a03a16abbab665d3a8ff73238c7eb6c62daac46cc6ac7d6dc2721aab823c5b0c95f62bba44f559
|
||||
SHA512 (kernel-kabi-dw-5.12.11-200.tar.bz2) = 0d7f9d9ef6d2ed3ea642eca344b69b305e5625c3602b22bf12f1b19716e9ccaa996da082c191bc49b3fc484a5b432c657c4a04236e1b3a6f51770aac6fb357c2
|
||||
|
|
|
|||
Loading…
Reference in New Issue