summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThorsten Leemhuis <fedora@leemhuis.info>2021-01-07 05:40:45 +0100
committerThorsten Leemhuis <fedora@leemhuis.info>2021-01-07 05:40:45 +0100
commit6caba9ba76a7f8bdee939573e03da2c224ab2598 (patch)
treea47940262ae3cad007dc49d2494d8201395425dd
parent05f182f99b79893ebecc7866410038eb70ff188a (diff)
parentbcf7511badf20cdf8af0fa354502a8560b4d4caf (diff)
downloadkernel-6caba9ba76a7f8bdee939573e03da2c224ab2598.zip
kernel-6caba9ba76a7f8bdee939573e03da2c224ab2598.tar.gz
kernel-6caba9ba76a7f8bdee939573e03da2c224ab2598.tar.xz
Merge remote-tracking branch 'origin/stabilization' into stabilization-user-thl-vanilla-fedora
-rw-r--r--0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch86
-rw-r--r--0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch35
-rw-r--r--kernel.spec9
3 files changed, 130 insertions, 0 deletions
diff --git a/0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch b/0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch
new file mode 100644
index 0000000..fb9b5f5
--- /dev/null
+++ b/0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch
@@ -0,0 +1,86 @@
+From 4bfd6247fa9164c8e193a55ef9c0ea3ee22f82d8 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 4 Jan 2021 16:30:46 +0100
+Subject: [PATCH] ALSA: hda/via: Fix runtime PM for Clevo W35xSS
+
+Clevo W35xSS_370SS with VIA codec has had the runtime PM problem that
+looses the power state of some nodes after the runtime resume. This
+was worked around by disabling the default runtime PM via a denylist
+entry. Since 5.10.x made the runtime PM applied (casually) even
+though it's disabled in the denylist, this problem was revisited. The
+result was that disabling power_save_node feature suffices for the
+runtime PM problem.
+
+This patch implements the disablement of power_save_node feature in
+VIA codec for the device. It also drops the former denylist entry,
+too, as the runtime PM should work in the codec side properly now.
+
+Fixes: b529ef2464ad ("ALSA: hda: Add Clevo W35xSS_370SS to the power_save blacklist")
+Reported-by: Christian Labisch <clnetbox@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210104153046.19993-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+---
+ sound/pci/hda/hda_intel.c | 2 --
+ sound/pci/hda/patch_via.c | 13 +++++++++++++
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
+index 6852668f1bcb..770ad25f1907 100644
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -2220,8 +2220,6 @@ static const struct snd_pci_quirk power_save_denylist[] = {
+ SND_PCI_QUIRK(0x1849, 0x7662, "Asrock H81M-HDS", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+ SND_PCI_QUIRK(0x1043, 0x8733, "Asus Prime X370-Pro", 0),
+- /* https://bugzilla.redhat.com/show_bug.cgi?id=1581607 */
+- SND_PCI_QUIRK(0x1558, 0x3501, "Clevo W35xSS_370SS", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+ SND_PCI_QUIRK(0x1558, 0x6504, "Clevo W65_67SB", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+diff --git a/sound/pci/hda/patch_via.c b/sound/pci/hda/patch_via.c
+index 7ef8f3105cdb..0ab40a8a68fb 100644
+--- a/sound/pci/hda/patch_via.c
++++ b/sound/pci/hda/patch_via.c
+@@ -1002,6 +1002,7 @@ static const struct hda_verb vt1802_init_verbs[] = {
+ enum {
+ VIA_FIXUP_INTMIC_BOOST,
+ VIA_FIXUP_ASUS_G75,
++ VIA_FIXUP_POWER_SAVE,
+ };
+
+ static void via_fixup_intmic_boost(struct hda_codec *codec,
+@@ -1011,6 +1012,13 @@ static void via_fixup_intmic_boost(struct hda_codec *codec,
+ override_mic_boost(codec, 0x30, 0, 2, 40);
+ }
+
++static void via_fixup_power_save(struct hda_codec *codec,
++ const struct hda_fixup *fix, int action)
++{
++ if (action == HDA_FIXUP_ACT_PRE_PROBE)
++ codec->power_save_node = 0;
++}
++
+ static const struct hda_fixup via_fixups[] = {
+ [VIA_FIXUP_INTMIC_BOOST] = {
+ .type = HDA_FIXUP_FUNC,
+@@ -1025,11 +1033,16 @@ static const struct hda_fixup via_fixups[] = {
+ { }
+ }
+ },
++ [VIA_FIXUP_POWER_SAVE] = {
++ .type = HDA_FIXUP_FUNC,
++ .v.func = via_fixup_power_save,
++ },
+ };
+
+ static const struct snd_pci_quirk vt2002p_fixups[] = {
+ SND_PCI_QUIRK(0x1043, 0x1487, "Asus G75", VIA_FIXUP_ASUS_G75),
+ SND_PCI_QUIRK(0x1043, 0x8532, "Asus X202E", VIA_FIXUP_INTMIC_BOOST),
++ SND_PCI_QUIRK(0x1558, 0x3501, "Clevo W35xSS_370SS", VIA_FIXUP_POWER_SAVE),
+ {}
+ };
+
+--
+2.29.2
+
diff --git a/0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch b/0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch
new file mode 100644
index 0000000..48ef591
--- /dev/null
+++ b/0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch
@@ -0,0 +1,35 @@
+From 5c455c5ab332773464d02ba17015acdca198f03d Mon Sep 17 00:00:00 2001
+From: Zhang Xiaohui <ruc_zhangxiaohui@163.com>
+Date: Sun, 6 Dec 2020 16:48:01 +0800
+Subject: [PATCH] mwifiex: Fix possible buffer overflows in
+ mwifiex_cmd_802_11_ad_hoc_start
+
+mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking
+the destination size may trigger a buffer overflower,
+which a local user could use to cause denial of service
+or the execution of arbitrary code.
+Fix it by putting the length check before calling memcpy().
+
+Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@163.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/20201206084801.26479-1-ruc_zhangxiaohui@163.com
+---
+ drivers/net/wireless/marvell/mwifiex/join.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/wireless/marvell/mwifiex/join.c b/drivers/net/wireless/marvell/mwifiex/join.c
+index 5934f7147547..173ccf79cbfc 100644
+--- a/drivers/net/wireless/marvell/mwifiex/join.c
++++ b/drivers/net/wireless/marvell/mwifiex/join.c
+@@ -877,6 +877,8 @@ mwifiex_cmd_802_11_ad_hoc_start(struct mwifiex_private *priv,
+
+ memset(adhoc_start->ssid, 0, IEEE80211_MAX_SSID_LEN);
+
++ if (req_ssid->ssid_len > IEEE80211_MAX_SSID_LEN)
++ req_ssid->ssid_len = IEEE80211_MAX_SSID_LEN;
+ memcpy(adhoc_start->ssid, req_ssid->ssid, req_ssid->ssid_len);
+
+ mwifiex_dbg(adapter, INFO, "info: ADHOC_S_CMD: SSID = %s\n",
+--
+2.29.2
+
diff --git a/kernel.spec b/kernel.spec
index 82bf732..828017a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -864,6 +864,11 @@ Patch102: 0001-update-phy-on-pine64-a64-devices.patch
# OMAP Pandaboard fix
Patch103: arm-pandaboard-fix-add-bluetooth.patch
+# Fix CVE-2020-36158 rhbz 1913348 1913349
+Patch104: 0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch
+
+Patch105: 0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -2980,6 +2985,10 @@ fi
#
#
%changelog
+* Wed Jan 6 12:53:15 CST 2021 Justin M. Forbes <jforbes@fedoraproject.org> - 5.10.5-200
+- Linux v5.10.5
+- Fix CVE-2020-36158 (rhbz 1913348 1913349)
+
* Wed Dec 30 11:51:28 CST 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.10.4-200
- Linux v5.10.4