1 files changed, 38 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-cavium/CVE-2017-5577.patch b/recipes-kernel/linux/linux-cavium/CVE-2017-5577.patch
new file mode 100644
index 0000000..e50e108
--- /dev/null
+++ b/recipes-kernel/linux/linux-cavium/CVE-2017-5577.patch
@@ -0,0 +1,38 @@
+From cfba2a001d0e36905016bb4f87fc47245c944c36 Mon Sep 17 00:00:00 2001
+From: Eric Anholt <eric@anholt.net>
+Date: Tue, 17 Jan 2017 21:58:06 +1100
+Subject: [PATCH] drm/vc4: Return -EINVAL on the overflow checks failing.
+commit 6b8ac63847bc2f958dd93c09edc941a0118992d9 upstream.
+By failing to set the errno, we'd continue on to trying to set up the
+RCL, and then oops on trying to dereference the tile_bo that binning
+validation should have set up.
+CVE: CVE-2017-5577
+Upstream-Status: Backport [from kernel.org longterm 4.9.52]
+Reported-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Eric Anholt <eric@anholt.net>
+Fixes: d5b1a78a772f ("drm/vc4: Add support for drawing 3D frames.")
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ drivers/gpu/drm/vc4/vc4_gem.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c
+index 39ef674..18e3717 100644
+--- a/drivers/gpu/drm/vc4/vc4_gem.c
+++ b/drivers/gpu/drm/vc4/vc4_gem.c
+@@ -601,6 +601,7 @@ struct vc4_hang_state {
+                                          sizeof(struct vc4_shader_state)) ||
+            temp_size < exec_size) {
+                DRM_ERROR("overflow in exec arguments\n");
+               ret = -EINVAL;
+                goto fail;
+        }
+ 
+-- 
+1.9.1

diff --git a/recipes-kernel/linux/linux-cavium/CVE-2017-5577.patch b/recipes-kernel/linux/linux-cavium/CVE-2017-5577.patch new file mode 100644 index 0000000..e50e108 --- /dev/null +++ b/recipes-kernel/linux/linux-cavium/CVE-2017-5577.patch
@@ -0,0 +1,38 @@
	1	From cfba2a001d0e36905016bb4f87fc47245c944c36 Mon Sep 17 00:00:00 2001
	2	From: Eric Anholt <eric@anholt.net>
	3	Date: Tue, 17 Jan 2017 21:58:06 +1100
	4	Subject: [PATCH] drm/vc4: Return -EINVAL on the overflow checks failing.
	5
	6	commit 6b8ac63847bc2f958dd93c09edc941a0118992d9 upstream.
	7
	8	By failing to set the errno, we'd continue on to trying to set up the
	9	RCL, and then oops on trying to dereference the tile_bo that binning
	10	validation should have set up.
	11
	12	CVE: CVE-2017-5577
	13	Upstream-Status: Backport [from kernel.org longterm 4.9.52]
	14
	15	Reported-by: Ingo Molnar <mingo@kernel.org>
	16	Signed-off-by: Eric Anholt <eric@anholt.net>
	17	Fixes: d5b1a78a772f ("drm/vc4: Add support for drawing 3D frames.")
	18	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	19	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	20	---
	21	drivers/gpu/drm/vc4/vc4_gem.c \| 1 +
	22	1 file changed, 1 insertion(+)
	23
	24	diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c
	25	index 39ef674..18e3717 100644
	26	--- a/drivers/gpu/drm/vc4/vc4_gem.c
	27	+++ b/drivers/gpu/drm/vc4/vc4_gem.c
	28	@@ -601,6 +601,7 @@ struct vc4_hang_state {
	29	sizeof(struct vc4_shader_state)) \|\|
	30	temp_size < exec_size) {
	31	DRM_ERROR("overflow in exec arguments\n");
	32	+ ret = -EINVAL;
	33	goto fail;
	34	}
	35
	36	--
	37	1.9.1
	38