Merge remote-tracking branch 'origin/f30' into f30-user-thl-vanilla-fedora

3 files changed, 63 insertions, 124 deletions

diff --git a/0001-e1000e-Add-support-for-Comet-Lake.patch b/0001-e1000e-Add-support-for-Comet-Lake.patch
new file mode 100644
index 000000000..63da67535
--- /dev/null
+++ b/0001-e1000e-Add-support-for-Comet-Lake.patch
@@ -0,0 +1,54 @@
+From 914ee9c436cbe90c8ca8a46ec8433cb614a2ada5 Mon Sep 17 00:00:00 2001
+From: Sasha Neftin <sasha.neftin@intel.com>
+Date: Thu, 10 Oct 2019 13:15:39 +0300
+Subject: [PATCH] e1000e: Add support for Comet Lake
+
+Add devices ID's for the next LOM generations that will be
+available on the next Intel Client platform (Comet Lake)
+This patch provides the initial support for these devices
+
+Signed-off-by: Sasha Neftin <sasha.neftin@intel.com>
+Tested-by: Aaron Brown <aaron.f.brown@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+---
+ drivers/net/ethernet/intel/e1000e/hw.h     | 6 ++++++
+ drivers/net/ethernet/intel/e1000e/netdev.c | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h
+index eff75bd8a8f0..11fdc27faa82 100644
+--- a/drivers/net/ethernet/intel/e1000e/hw.h
++++ b/drivers/net/ethernet/intel/e1000e/hw.h
+@@ -86,6 +86,12 @@ struct e1000_hw;
+ #define E1000_DEV_ID_PCH_ICP_I219_V8		0x15E0
+ #define E1000_DEV_ID_PCH_ICP_I219_LM9		0x15E1
+ #define E1000_DEV_ID_PCH_ICP_I219_V9		0x15E2
++#define E1000_DEV_ID_PCH_CMP_I219_LM10		0x0D4E
++#define E1000_DEV_ID_PCH_CMP_I219_V10		0x0D4F
++#define E1000_DEV_ID_PCH_CMP_I219_LM11		0x0D4C
++#define E1000_DEV_ID_PCH_CMP_I219_V11		0x0D4D
++#define E1000_DEV_ID_PCH_CMP_I219_LM12		0x0D53
++#define E1000_DEV_ID_PCH_CMP_I219_V12		0x0D55
+
+ #define E1000_REVISION_4	4
+
+diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
+index 42f57ab8fb8e..731e1b3e103a 100644
+--- a/drivers/net/ethernet/intel/e1000e/netdev.c
++++ b/drivers/net/ethernet/intel/e1000e/netdev.c
+@@ -7749,6 +7749,12 @@ static const struct pci_device_id e1000_pci_tbl[] = {
+ 	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_ICP_I219_V8), board_pch_cnp },
+ 	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_ICP_I219_LM9), board_pch_cnp },
+ 	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_ICP_I219_V9), board_pch_cnp },
++	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_LM10), board_pch_cnp },
++	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_V10), board_pch_cnp },
++	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_LM11), board_pch_cnp },
++	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_V11), board_pch_cnp },
++	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_LM12), board_pch_spt },
++	{ PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_CMP_I219_V12), board_pch_spt },
+
+ 	{ 0, 0, 0, 0, 0, 0, 0 }	/* terminate list */
+ };
+-- 
+2.24.1
+
diff --git a/kernel.spec b/kernel.spec
index bd49aae8c..fc58e6ad2 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -576,10 +576,6 @@ Patch504: ARM-fix-__get_user_check-in-case-uaccess_-calls-are-not-inlined.patch
 # CVE-2019-19054 rhbz 1775063 1775117
 Patch523: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch
 
-# CVE-2019-14896 rhbz 1774875 1776143
-# CVE-2019-14897 rhbz 1774879 1776146
-Patch525: libertas-Fix-two-buffer-overflows-at-parsing-bss-descriptor.patch
-
 # CVE-2019-18808 rhbz 1777418 1777421
 Patch527: 0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch
 
@@ -589,6 +585,9 @@ Patch612: drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1772498#c101
 Patch602: ASoC-topology-fix-soc_tplg_fe_link_create-link-dobj-.patch
 
+# This is already in 5.5 rhbz 1794369
+Patch603: 0001-e1000e-Add-support-for-Comet-Lake.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1831,6 +1830,12 @@ fi
 #
 #
 %changelog
+* Thu Jan 30 2020 Jeremy Cline <jcline@redhat.com> - 5.4.16-100
+- Linux v5.4.16
+
+* Wed Jan 29 2020 Justin Forbes <jforbes@fedoraproject.org>
+- Add support for Comet Lake (rhbz 1794369)
+
 * Mon Jan 27 2020 Jeremy Cline <jcline@redhat.com> - 5.4.15-100
 - Linux v5.4.15
 
diff --git a/libertas-Fix-two-buffer-overflows-at-parsing-bss-descriptor.patch b/libertas-Fix-two-buffer-overflows-at-parsing-bss-descriptor.patch
deleted file mode 100644
index e8c4c4b64..000000000
--- a/libertas-Fix-two-buffer-overflows-at-parsing-bss-descriptor.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From patchwork Fri Nov 22 05:29:17 2019
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: huangwenabc@gmail.com
-X-Patchwork-Id: 11257187
-X-Patchwork-Delegate: kvalo@adurom.com
-Return-Path: <SRS0=Y0IC=ZO=vger.kernel.org=linux-wireless-owner@kernel.org>
-Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
- [172.30.200.123])
-	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 032DA112B
-	for <patchwork-linux-wireless@patchwork.kernel.org>;
- Fri, 22 Nov 2019 05:29:36 +0000 (UTC)
-Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
-	by mail.kernel.org (Postfix) with ESMTP id D68A920707
-	for <patchwork-linux-wireless@patchwork.kernel.org>;
- Fri, 22 Nov 2019 05:29:35 +0000 (UTC)
-Authentication-Results: mail.kernel.org;
-	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
- header.b="WaDUta6X"
-Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
-        id S1726719AbfKVF3f (ORCPT
-        <rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
-        Fri, 22 Nov 2019 00:29:35 -0500
-Received: from mail-pf1-f194.google.com ([209.85.210.194]:43041 "EHLO
-        mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
-        with ESMTP id S1726529AbfKVF3e (ORCPT
-        <rfc822;linux-wireless@vger.kernel.org>);
-        Fri, 22 Nov 2019 00:29:34 -0500
-Received: by mail-pf1-f194.google.com with SMTP id 3so2912048pfb.10
-        for <linux-wireless@vger.kernel.org>;
- Thu, 21 Nov 2019 21:29:34 -0800 (PST)
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
-        d=gmail.com; s=20161025;
-        h=from:to:cc:subject:date:message-id;
-        bh=9G4UM2vhuEG4TSdFZTVuZ71GTOHLABBI6xxxI/2Oncw=;
-        b=WaDUta6XODn4hzzqR0np+iPcfBChaSE05EpSM8UrALWvgf7x/9f0e8SMvgXTGXaN74
-         Irmx+lKSr5piR/mhpfRO+HVN7bu7ukOSsxCxlNav6kvJn3SG/q0TV9VGoWEKM+8yISrK
-         Bc5MtndhyGLDrWQFgc5fSdMf+/79HC0AWnnavMoEKxnAti/HKBQnIPreGoLnrWIpbhXZ
-         EdU3ei0kxlwAUbNl8/FywUG2qzQeoeh5RranVfooFhbBQ0QfNtx3k3ARWrVdT9uV7QtX
-         pcpYtJsjn94TXL0llHTzpE182eTvmUrzxf89ubigJh+EYnryHC+HUHZoVtjYtbjidWoV
-         I0FQ==
-X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
-        d=1e100.net; s=20161025;
-        h=x-gm-message-state:from:to:cc:subject:date:message-id;
-        bh=9G4UM2vhuEG4TSdFZTVuZ71GTOHLABBI6xxxI/2Oncw=;
-        b=gNC3IOfmB1H65frnsn63mdzaxphxG6xvR0SHEIOJSaWI/Jx9VK+CfnGr+7pOQZ/Pyw
-         wORhpVi6EbFsE7mVKbjlJ7O96hk14FnUKSPVOhl9NH4xXBktd7sJc5Z36N3J6RRv9Cfc
-         gQWPy1otHKeNz1riMgHcbkaiKj3CANpJ6gaAE/R8EjWLXjS7Bw/vBgQSr5WnAVV27Ppw
-         Flrks3Qv8BGkRUCymKArD05r646Fx1ew/FI7oGyKQhxxWJPuv5RoVTGPbAC1unU+zjfN
-         2XNdr1yKKfY4R5S8q49FeHsN5Mb+lmriUPdLPL062UzQ7x/pTzfh3rI9Lf92jMJiJ9/n
-         9zPw==
-X-Gm-Message-State: APjAAAVgSeSrlZfb2Ch2KXDFaNq6RLCJCvq40zW4toublIDi1zh7feyc
-        srNh0xN+iNrBCzEMbsxDKJS2IOoUYXc=
-X-Google-Smtp-Source: 
- APXvYqwPwHZStvNKOZtUBWgPYiEFiNFqEQLMngqNoFN6jFqDKFjISduUPDUYh2y907mFwD+Qn6zs9w==
-X-Received: by 2002:a63:7456:: with SMTP id
- e22mr14245471pgn.314.1574400573682;
-        Thu, 21 Nov 2019 21:29:33 -0800 (PST)
-Received: from localhost ([38.121.20.202])
-        by smtp.gmail.com with ESMTPSA id
- x192sm5658165pfd.96.2019.11.21.21.29.32
-        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
-        Thu, 21 Nov 2019 21:29:32 -0800 (PST)
-From: huangwenabc@gmail.com
-To: linux-wireless@vger.kernel.org
-Cc: linux-distros@vs.openwall.org, security@kernel.org,
-        libertas-dev@lists.infradead.org
-Subject: [PATCH] libertas: Fix two buffer overflows at parsing bss descriptor
-Date: Fri, 22 Nov 2019 13:29:17 +0800
-Message-Id: <20191122052917.11309-1-huangwenabc@gmail.com>
-X-Mailer: git-send-email 2.17.1
-Sender: linux-wireless-owner@vger.kernel.org
-Precedence: bulk
-List-ID: <linux-wireless.vger.kernel.org>
-X-Mailing-List: linux-wireless@vger.kernel.org
-
-From: Wen Huang <huangwenabc@gmail.com>
-
-add_ie_rates() copys rates without checking the length 
-in bss descriptor from remote AP.when victim connects to 
-remote attacker, this may trigger buffer overflow.
-lbs_ibss_join_existing() copys rates without checking the length 
-in bss descriptor from remote IBSS node.when victim connects to 
-remote attacker, this may trigger buffer overflow.
-Fix them by putting the length check before performing copy.
-
-This fix addresses CVE-2019-14896 and CVE-2019-14897.
-
-Signed-off-by: Wen Huang <huangwenabc@gmail.com>
----
- drivers/net/wireless/marvell/libertas/cfg.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c
-index 57edfada0..290280764 100644
---- a/drivers/net/wireless/marvell/libertas/cfg.c
-+++ b/drivers/net/wireless/marvell/libertas/cfg.c
-@@ -273,6 +273,10 @@ add_ie_rates(u8 *tlv, const u8 *ie, int *nrates)
- 	int hw, ap, ap_max = ie[1];
- 	u8 hw_rate;
- 
-+	if (ap_max > MAX_RATES) {
-+		lbs_deb_assoc("invalid rates\n");
-+		return tlv;
-+	}
- 	/* Advance past IE header */
- 	ie += 2;
- 
-@@ -1777,6 +1781,10 @@ static int lbs_ibss_join_existing(struct lbs_private *priv,
- 	} else {
- 		int hw, i;
- 		u8 rates_max = rates_eid[1];
-+		if (rates_max > MAX_RATES) {
-+			lbs_deb_join("invalid rates");
-+			goto out;
-+		}
- 		u8 *rates = cmd.bss.rates;
- 		for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) {
- 			u8 hw_rate = lbs_rates[hw].bitrate / 5;