1 files changed, 0 insertions, 107 deletions
diff --git a/recipes-kernel/linux/files/HID_CVE_patches/0002-HID-provide-a-helper-for-validating-hid-reports.patch b/recipes-kernel/linux/files/HID_CVE_patches/0002-HID-provide-a-helper-for-validating-hid-reports.patch
deleted file mode 100644
index 860d710..0000000
--- a/recipes-kernel/linux/files/HID_CVE_patches/0002-HID-provide-a-helper-for-validating-hid-reports.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 331415ff16a12147d57d5c953f3a961b7ede348b Mon Sep 17 00:00:00 2001
-From: Kees Cook <keescook@chromium.org>
-Date: Wed, 11 Sep 2013 21:56:50 +0200
-Subject: [PATCH] HID: provide a helper for validating hid reports
-Many drivers need to validate the characteristics of their HID report
-during initialization to avoid misusing the reports. This adds a common
-helper to perform validation of the report exisitng, the field existing,
-and the expected number of values within the field.
-Signed-off-by: Kees Cook <keescook@chromium.org>
-Cc: stable@vger.kernel.org
-Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
---
- drivers/hid/hid-core.c |   58 ++++++++++++++++++++++++++++++++++++++++++++++++
- include/linux/hid.h    |    4 ++++
- 2 files changed, 62 insertions(+)
-diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index ae88a97..be52c06 100644
--- a/drivers/hid/hid-core.c
-+++ b/drivers/hid/hid-core.c
-@@ -801,6 +801,64 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
- }
- EXPORT_SYMBOL_GPL(hid_parse_report);
- 
-+static const char * const hid_report_names[] = {
-+       "HID_INPUT_REPORT",
-+       "HID_OUTPUT_REPORT",
-+       "HID_FEATURE_REPORT",
-+};
-+/**
-+ * hid_validate_values - validate existing device report's value indexes
-+ *
-+ * @device: hid device
-+ * @type: which report type to examine
-+ * @id: which report ID to examine (0 for first)
-+ * @field_index: which report field to examine
-+ * @report_counts: expected number of values
-+ *
-+ * Validate the number of values in a given field of a given report, after
-+ * parsing.
-+ */
-+struct hid_report *hid_validate_values(struct hid_device *hid,
-+                                      unsigned int type, unsigned int id,
-+                                      unsigned int field_index,
-+                                      unsigned int report_counts)
-+{
-+       struct hid_report *report;
-+
-+       if (type > HID_FEATURE_REPORT) {
-+               hid_err(hid, "invalid HID report type %u\n", type);
-+               return NULL;
-+       }
-+
-+       if (id >= HID_MAX_IDS) {
-+               hid_err(hid, "invalid HID report id %u\n", id);
-+               return NULL;
-+       }
-+
-+       /*
-+        * Explicitly not using hid_get_report() here since it depends on
-+        * ->numbered being checked, which may not always be the case when
-+        * drivers go to access report values.
-+        */
-+       report = hid->report_enum[type].report_id_hash[id];
-+       if (!report) {
-+               hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
-+               return NULL;
-+       }
-+       if (report->maxfield <= field_index) {
-+               hid_err(hid, "not enough fields in %s %u\n",
-+                       hid_report_names[type], id);
-+               return NULL;
-+       }
-+       if (report->field[field_index]->report_count < report_counts) {
-+               hid_err(hid, "not enough values in %s %u field %u\n",
-+                       hid_report_names[type], id, field_index);
-+               return NULL;
-+       }
-+       return report;
-+}
-+EXPORT_SYMBOL_GPL(hid_validate_values);
-+
- /**
-  * hid_open_report - open a driver-specific device report
-  *
-diff --git a/include/linux/hid.h b/include/linux/hid.h
-index ee1ffc5..31b9d29 100644
--- a/include/linux/hid.h
-+++ b/include/linux/hid.h
-@@ -756,6 +756,10 @@ u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags);
- struct hid_device *hid_allocate_device(void);
- struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id);
- int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size);
-+struct hid_report *hid_validate_values(struct hid_device *hid,
-+                                      unsigned int type, unsigned int id,
-+                                      unsigned int field_index,
-+                                      unsigned int report_counts);
- int hid_open_report(struct hid_device *device);
- int hid_check_keys_pressed(struct hid_device *hid);
- int hid_connect(struct hid_device *hid, unsigned int connect_mask);
-- 
-1.7.9.5

diff --git a/recipes-kernel/linux/files/HID_CVE_patches/0002-HID-provide-a-helper-for-validating-hid-reports.patch b/recipes-kernel/linux/files/HID_CVE_patches/0002-HID-provide-a-helper-for-validating-hid-reports.patch deleted file mode 100644 index 860d710..0000000 --- a/recipes-kernel/linux/files/HID_CVE_patches/0002-HID-provide-a-helper-for-validating-hid-reports.patch +++ /dev/null
@@ -1,107 +0,0 @@
1	From 331415ff16a12147d57d5c953f3a961b7ede348b Mon Sep 17 00:00:00 2001
2	From: Kees Cook <keescook@chromium.org>
3	Date: Wed, 11 Sep 2013 21:56:50 +0200
4	Subject: [PATCH] HID: provide a helper for validating hid reports
5
6	Many drivers need to validate the characteristics of their HID report
7	during initialization to avoid misusing the reports. This adds a common
8	helper to perform validation of the report exisitng, the field existing,
9	and the expected number of values within the field.
10
11	Signed-off-by: Kees Cook <keescook@chromium.org>
12	Cc: stable@vger.kernel.org
13	Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
14	Signed-off-by: Jiri Kosina <jkosina@suse.cz>
15	Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
16	---
17	drivers/hid/hid-core.c \| 58 ++++++++++++++++++++++++++++++++++++++++++++++++
18	include/linux/hid.h \| 4 ++++
19	2 files changed, 62 insertions(+)
20
21	diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
22	index ae88a97..be52c06 100644
23	--- a/drivers/hid/hid-core.c
24	+++ b/drivers/hid/hid-core.c
25	@@ -801,6 +801,64 @@ int hid_parse_report(struct hid_device hid, __u8 start, unsigned size)
26	}
27	EXPORT_SYMBOL_GPL(hid_parse_report);
28
29	+static const char * const hid_report_names[] = {
30	+ "HID_INPUT_REPORT",
31	+ "HID_OUTPUT_REPORT",
32	+ "HID_FEATURE_REPORT",
33	+};
34	+/**
35	+ * hid_validate_values - validate existing device report's value indexes
36	+ *
37	+ * @device: hid device
38	+ * @type: which report type to examine
39	+ * @id: which report ID to examine (0 for first)
40	+ * @field_index: which report field to examine
41	+ * @report_counts: expected number of values
42	+ *
43	+ * Validate the number of values in a given field of a given report, after
44	+ * parsing.
45	+ */
46	+struct hid_report hid_validate_values(struct hid_device hid,
47	+ unsigned int type, unsigned int id,
48	+ unsigned int field_index,
49	+ unsigned int report_counts)
50	+{
51	+ struct hid_report *report;
52	+
53	+ if (type > HID_FEATURE_REPORT) {
54	+ hid_err(hid, "invalid HID report type %u\n", type);
55	+ return NULL;
56	+ }
57	+
58	+ if (id >= HID_MAX_IDS) {
59	+ hid_err(hid, "invalid HID report id %u\n", id);
60	+ return NULL;
61	+ }
62	+
63	+ /*
64	+ * Explicitly not using hid_get_report() here since it depends on
65	+ * ->numbered being checked, which may not always be the case when
66	+ * drivers go to access report values.
67	+ */
68	+ report = hid->report_enum[type].report_id_hash[id];
69	+ if (!report) {
70	+ hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
71	+ return NULL;
72	+ }
73	+ if (report->maxfield <= field_index) {
74	+ hid_err(hid, "not enough fields in %s %u\n",
75	+ hid_report_names[type], id);
76	+ return NULL;
77	+ }
78	+ if (report->field[field_index]->report_count < report_counts) {
79	+ hid_err(hid, "not enough values in %s %u field %u\n",
80	+ hid_report_names[type], id, field_index);
81	+ return NULL;
82	+ }
83	+ return report;
84	+}
85	+EXPORT_SYMBOL_GPL(hid_validate_values);
86	+
87	/**
88	* hid_open_report - open a driver-specific device report
89	*
90	diff --git a/include/linux/hid.h b/include/linux/hid.h
91	index ee1ffc5..31b9d29 100644
92	--- a/include/linux/hid.h
93	+++ b/include/linux/hid.h
94	@@ -756,6 +756,10 @@ u8 hid_alloc_report_buf(struct hid_report report, gfp_t flags);
95	struct hid_device *hid_allocate_device(void);
96	struct hid_report hid_register_report(struct hid_device device, unsigned type, unsigned id);
97	int hid_parse_report(struct hid_device hid, __u8 start, unsigned size);
98	+struct hid_report hid_validate_values(struct hid_device hid,
99	+ unsigned int type, unsigned int id,
100	+ unsigned int field_index,
101	+ unsigned int report_counts);
102	int hid_open_report(struct hid_device *device);
103	int hid_check_keys_pressed(struct hid_device *hid);
104	int hid_connect(struct hid_device *hid, unsigned int connect_mask);
105	--
106	1.7.9.5
107