From ee00fbf970c7f04aff02f53f2c95bd43d95d9b22 Mon Sep 17 00:00:00 2001
From: Adrian Dudau <adrian.dudau@enea.com>
Date: Thu, 20 Oct 2016 11:21:08 +0200
Subject: Revert "kernel/drivers/hid: CVE-2016-5829"

meta-freescale bumped up to a newer kernel version that includes this
fix.

Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
---
 recipes-kernel/linux/files/hid-CVE-2016-5829.patch | 51 ----------------------
 recipes-kernel/linux/linux-qoriq_4.1.bbappend      |  3 +-
 2 files changed, 1 insertion(+), 53 deletions(-)
 delete mode 100644 recipes-kernel/linux/files/hid-CVE-2016-5829.patch

(limited to 'recipes-kernel')

diff --git a/recipes-kernel/linux/files/hid-CVE-2016-5829.patch b/recipes-kernel/linux/files/hid-CVE-2016-5829.patch
deleted file mode 100644
index fca7e51..0000000
--- a/recipes-kernel/linux/files/hid-CVE-2016-5829.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From f67b6920a0cf03d363c5f3bfb14f5d258168dc8c Mon Sep 17 00:00:00 2001
-From: Scott Bauer <sbauer@plzdonthack.me>
-Date: Thu, 23 Jun 2016 08:59:47 -0600
-Subject: HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES
- commands
-
-[ Upstream commit 93a2001bdfd5376c3dc2158653034c20392d15c5 ]
-
-This patch validates the num_values parameter from userland during the
-HIDIOCGUSAGES and HIDIOCSUSAGES commands. Previously, if the report id was set
-to HID_REPORT_ID_UNKNOWN, we would fail to validate the num_values parameter
-leading to a heap overflow.
-
-CVE: CVE-2016-5829
-Upstream-Status: Backport
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- drivers/hid/usbhid/hiddev.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
-index 2f1ddca..700145b 100644
---- a/drivers/hid/usbhid/hiddev.c
-+++ b/drivers/hid/usbhid/hiddev.c
-@@ -516,13 +516,13 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd,
- 					goto inval;
- 			} else if (uref->usage_index >= field->report_count)
- 				goto inval;
--
--			else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
--				 (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
--				  uref->usage_index + uref_multi->num_values > field->report_count))
--				goto inval;
- 		}
- 
-+		if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
-+		    (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
-+		     uref->usage_index + uref_multi->num_values > field->report_count))
-+			goto inval;
-+
- 		switch (cmd) {
- 		case HIDIOCGUSAGE:
- 			uref->value = field->value[uref->usage_index];
--- 
-cgit v0.12
-
diff --git a/recipes-kernel/linux/linux-qoriq_4.1.bbappend b/recipes-kernel/linux/linux-qoriq_4.1.bbappend
index 39e23cb..417cb53 100644
--- a/recipes-kernel/linux/linux-qoriq_4.1.bbappend
+++ b/recipes-kernel/linux/linux-qoriq_4.1.bbappend
@@ -2,6 +2,5 @@ require recipes-kernel/linux/linux-qoriq-common.inc
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 
-SRC_URI += "file://hid-CVE-2016-5829.patch \
-        file://CVE-2016-4951.patch \
+SRC_URI += "file://CVE-2016-4951.patch \
         "
-- 
cgit v1.2.3-54-g00ecf