summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--HID-rmi-Check-that-a-device-is-a-RMI-device-before-c.patch54
-rw-r--r--kernel.spec6
2 files changed, 60 insertions, 0 deletions
diff --git a/HID-rmi-Check-that-a-device-is-a-RMI-device-before-c.patch b/HID-rmi-Check-that-a-device-is-a-RMI-device-before-c.patch
new file mode 100644
index 000000000..d6a8e6a52
--- /dev/null
+++ b/HID-rmi-Check-that-a-device-is-a-RMI-device-before-c.patch
@@ -0,0 +1,54 @@
+From ef14a4bf0910d06c7e202552914028d4956809cb Mon Sep 17 00:00:00 2001
+From: Andrew Duggan <aduggan@synaptics.com>
+Date: Tue, 17 Oct 2017 18:37:36 -0700
+Subject: [PATCH] HID: rmi: Check that a device is a RMI device before calling
+ RMI functions
+
+The hid-rmi driver may handle non rmi devices on composite USB devices.
+Callbacks need to make sure that the current device is a RMI device before
+calling RMI specific functions. Most callbacks already have this check, but
+this patch adds checks to the remaining callbacks.
+
+Reported-by: Hendrik Langer <hendrik.langer@gmx.de>
+Tested-by: Hendrik Langer <hendrik.langer@gmx.de>
+Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Andrew Duggan <aduggan@synaptics.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+---
+ drivers/hid/hid-rmi.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
+index ef241d66562e..0f43c4292685 100644
+--- a/drivers/hid/hid-rmi.c
++++ b/drivers/hid/hid-rmi.c
+@@ -368,6 +368,11 @@ static int rmi_check_sanity(struct hid_device *hdev, u8 *data, int size)
+ static int rmi_raw_event(struct hid_device *hdev,
+ struct hid_report *report, u8 *data, int size)
+ {
++ struct rmi_data *hdata = hid_get_drvdata(hdev);
++
++ if (!(hdata->device_flags & RMI_DEVICE))
++ return 0;
++
+ size = rmi_check_sanity(hdev, data, size);
+ if (size < 2)
+ return 0;
+@@ -713,9 +718,11 @@ static void rmi_remove(struct hid_device *hdev)
+ {
+ struct rmi_data *hdata = hid_get_drvdata(hdev);
+
+- clear_bit(RMI_STARTED, &hdata->flags);
+- cancel_work_sync(&hdata->reset_work);
+- rmi_unregister_transport_device(&hdata->xport);
++ if (hdata->device_flags & RMI_DEVICE) {
++ clear_bit(RMI_STARTED, &hdata->flags);
++ cancel_work_sync(&hdata->reset_work);
++ rmi_unregister_transport_device(&hdata->xport);
++ }
+
+ hid_hw_stop(hdev);
+ }
+--
+2.14.3
+
diff --git a/kernel.spec b/kernel.spec
index 4e075e524..00fa78b50 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -723,6 +723,9 @@ Patch639: CVE-2017-16538.patch
# rhbz 1507931
Patch640: qxl_cursor_fix.patch
+# rhbz 1462175
+Patch641: HID-rmi-Check-that-a-device-is-a-RMI-device-before-c.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -2277,6 +2280,9 @@ fi
#
#
%changelog
+* Wed Nov 29 2017 Jeremy Cline <jeremy@jcline.org>
+- Fix USB null pointer dereference on ThinkPad X1 (rhbz 1462175)
+
* Mon Nov 27 2017 Jeremy Cline <jeremy@jcline.org> - 4.13.16-300
- Linux v4.13.16
- Fix CVE-2017-16649 (rhbz 1516267 1516274)
generated by cgit (git 2.34.1) at 2024-11-13 11:29:04 +0000