From bf6e2e5c451ec4c8cf99792c5174aed9fa65c6e1 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Tue, 26 Nov 2019 08:30:00 -0600
Subject: Fix CVE-2019-19082

---
 0001-drm-amd-display-prevent-memory-leak.patch | 82 ++++++++++++++++++++++++++
 kernel.spec                                    |  6 ++
 2 files changed, 88 insertions(+)
 create mode 100644 0001-drm-amd-display-prevent-memory-leak.patch

diff --git a/0001-drm-amd-display-prevent-memory-leak.patch b/0001-drm-amd-display-prevent-memory-leak.patch
new file mode 100644
index 000000000..e74ad2913
--- /dev/null
+++ b/0001-drm-amd-display-prevent-memory-leak.patch
@@ -0,0 +1,82 @@
+From 104c307147ad379617472dd91a5bcb368d72bd6d Mon Sep 17 00:00:00 2001
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+Date: Tue, 24 Sep 2019 23:23:56 -0500
+Subject: [PATCH] drm/amd/display: prevent memory leak
+
+In dcn*_create_resource_pool the allocated memory should be released if
+construct pool fails.
+
+Reviewed-by: Harry Wentland <harry.wentland@amd.com>
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+---
+ drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c | 1 +
+ drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c | 1 +
+ drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c | 1 +
+ drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c | 1 +
+ drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c   | 1 +
+ 5 files changed, 5 insertions(+)
+
+diff --git a/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c b/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
+index afc61055eca1..1787b9bf800a 100644
+--- a/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
++++ b/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
+@@ -1091,6 +1091,7 @@ struct resource_pool *dce100_create_resource_pool(
+ 	if (construct(num_virtual_links, dc, pool))
+ 		return &pool->base;
+
++	kfree(pool);
+ 	BREAK_TO_DEBUGGER();
+ 	return NULL;
+ }
+diff --git a/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c b/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c
+index c66fe170e1e8..318e9c2e2ca8 100644
+--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c
++++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c
+@@ -1462,6 +1462,7 @@ struct resource_pool *dce110_create_resource_pool(
+ 	if (construct(num_virtual_links, dc, pool, asic_id))
+ 		return &pool->base;
+
++	kfree(pool);
+ 	BREAK_TO_DEBUGGER();
+ 	return NULL;
+ }
+diff --git a/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c b/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c
+index 2b3a2917c168..83e1878161c9 100644
+--- a/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c
++++ b/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c
+@@ -1342,6 +1342,7 @@ struct resource_pool *dce112_create_resource_pool(
+ 	if (construct(num_virtual_links, dc, pool))
+ 		return &pool->base;
+
++	kfree(pool);
+ 	BREAK_TO_DEBUGGER();
+ 	return NULL;
+ }
+diff --git a/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c b/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
+index 236c4c0324b1..8b85e5274bba 100644
+--- a/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
++++ b/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
+@@ -1208,6 +1208,7 @@ struct resource_pool *dce120_create_resource_pool(
+ 	if (construct(num_virtual_links, dc, pool))
+ 		return &pool->base;
+
++	kfree(pool);
+ 	BREAK_TO_DEBUGGER();
+ 	return NULL;
+ }
+diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
+index 5a89e462e7cc..59305e411a66 100644
+--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
++++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
+@@ -1570,6 +1570,7 @@ struct resource_pool *dcn10_create_resource_pool(
+ 	if (construct(init_data->num_virtual_links, dc, pool))
+ 		return &pool->base;
+
++	kfree(pool);
+ 	BREAK_TO_DEBUGGER();
+ 	return NULL;
+ }
+-- 
+2.23.0
+
diff --git a/kernel.spec b/kernel.spec
index 5c137697e..3f5c4f2b8 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -667,6 +667,9 @@ Patch528: mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch
 # CVE-2019-19078 rhbz 1776354 1776353
 Patch529: ath10k-fix-memory-leak.patch
 
+# CVE-2019-19082 rhbz 1776832 1776833
+Patch530: 0001-drm-amd-display-prevent-memory-leak.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1868,6 +1871,9 @@ fi
 #
 #
 %changelog
+* Tue Nov 26 2019 Justin M. Forbes <jforbes@fedoraproject.org> 
+- Fix CVE-2019-19082 (rhbz 1776832 1776833)
+
 * Mon Nov 25 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 5.3.13-300
 - Fix CVE-2019-14895 (rhbz 1774870 1776139)
 - Fix CVE-2019-14896 (rhbz 1774875 1776143)
-- 
cgit