diff options
| -rw-r--r-- | 0004-HID-wacom-Correct-NULL-dereference-on-AES-pen-proximity.patch | 76 | ||||
| -rw-r--r-- | PKGBUILD | 8 |
2 files changed, 82 insertions, 2 deletions
diff --git a/0004-HID-wacom-Correct-NULL-dereference-on-AES-pen-proximity.patch b/0004-HID-wacom-Correct-NULL-dereference-on-AES-pen-proximity.patch new file mode 100644 index 0000000..0de03e8 --- /dev/null +++ b/0004-HID-wacom-Correct-NULL-dereference-on-AES-pen-proximity.patch @@ -0,0 +1,76 @@ +From 85c0c0e3a81f87290db5e881af609d51021b54b7 Mon Sep 17 00:00:00 2001 +From: Jason Gerecke <killertofu@gmail.com> +Date: Thu, 21 Jan 2021 10:46:49 -0800 +Subject: HID: wacom: Correct NULL dereference on AES pen proximity + +The recent commit to fix a memory leak introduced an inadvertant NULL +pointer dereference. The `wacom_wac->pen_fifo` variable was never +intialized, resuling in a crash whenever functions tried to use it. +Since the FIFO is only used by AES pens (to buffer events from pen +proximity until the hardware reports the pen serial number) this would +have been easily overlooked without testing an AES device. + +This patch converts `wacom_wac->pen_fifo` over to a pointer (since the +call to `devres_alloc` allocates memory for us) and ensures that we assign +it to point to the allocated and initalized `pen_fifo` before the function +returns. + +Link: https://github.com/linuxwacom/input-wacom/issues/230 +Fixes: 37309f47e2f5 ("HID: wacom: Fix memory leakage caused by kfifo_alloc") +CC: stable@vger.kernel.org # v4.19+ +Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com> +Tested-by: Ping Cheng <ping.cheng@wacom.com> +--- + drivers/hid/wacom_sys.c | 7 ++++--- + drivers/hid/wacom_wac.h | 2 +- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c +index 9e852b4bbf92..73dafa60080f 100644 +--- a/drivers/hid/wacom_sys.c ++++ b/drivers/hid/wacom_sys.c +@@ -147,9 +147,9 @@ static int wacom_wac_pen_serial_enforce(struct hid_device *hdev, + } + + if (flush) +- wacom_wac_queue_flush(hdev, &wacom_wac->pen_fifo); ++ wacom_wac_queue_flush(hdev, wacom_wac->pen_fifo); + else if (insert) +- wacom_wac_queue_insert(hdev, &wacom_wac->pen_fifo, ++ wacom_wac_queue_insert(hdev, wacom_wac->pen_fifo, + raw_data, report_size); + + return insert && !flush; +@@ -1280,7 +1280,7 @@ static void wacom_devm_kfifo_release(struct device *dev, void *res) + static int wacom_devm_kfifo_alloc(struct wacom *wacom) + { + struct wacom_wac *wacom_wac = &wacom->wacom_wac; +- struct kfifo_rec_ptr_2 *pen_fifo = &wacom_wac->pen_fifo; ++ struct kfifo_rec_ptr_2 *pen_fifo; + int error; + + pen_fifo = devres_alloc(wacom_devm_kfifo_release, +@@ -1297,6 +1297,7 @@ static int wacom_devm_kfifo_alloc(struct wacom *wacom) + } + + devres_add(&wacom->hdev->dev, pen_fifo); ++ wacom_wac->pen_fifo = pen_fifo; + + return 0; + } +diff --git a/drivers/hid/wacom_wac.h b/drivers/hid/wacom_wac.h +index da612b6e9c77..195910dd2154 100644 +--- a/drivers/hid/wacom_wac.h ++++ b/drivers/hid/wacom_wac.h +@@ -342,7 +342,7 @@ struct wacom_wac { + struct input_dev *pen_input; + struct input_dev *touch_input; + struct input_dev *pad_input; +- struct kfifo_rec_ptr_2 pen_fifo; ++ struct kfifo_rec_ptr_2 *pen_fifo; + int pid; + int num_contacts_left; + u8 bt_features; +-- +cgit v1.2.3-1-gf6bb5 + @@ -22,7 +22,7 @@ _custom=1 pkgbase=linux-ck _supver=5 _majver=10 -_minver=9 +_minver=10 _gccpatchver='20201113' _gccpatchger='10.1' _gccpatchker='5.8' @@ -40,6 +40,7 @@ arch=(x86_64) license=(GPL2) makedepends=( bc kmod libelf pahole cpio perl tar xz + xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick ) conflicts=('linux-libre-ck') options=('!strip') @@ -50,6 +51,7 @@ source=( 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 0002-HID-quirks-Add-Apple-Magic-Trackpad-2-to-hid_have_special_driver-list.patch 0003-iwlwifi-Fix-regression-from-UDP-segmentation-support.patch + 0004-HID-wacom-Correct-NULL-dereference-on-AES-pen-proximity.patch linux-ck-patch-${_supver}.${_majver}-${_ckpatchversion}.xz::http://ck.kolivas.org/patches/${_supver}.0/${_supver}.${_majver}/${_supver}.${_majver}-${_ckpatchversion}/patch-${_supver}.${_majver}-${_ckpatchversion}.xz kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz ath9k-regdom-hack.patch @@ -60,12 +62,13 @@ validpgpkeys=( '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc -b2sums=('faedb4032fd709d3f0089d706232ec0dcfdf3817223aa910112e6cd58bffea20a3127fee407a465fa3b4db1a54050fabd839809c404492820216fadae70885b9' +b2sums=('180f0dd063eab9542fd799c54dd335c4f310bea739048800ab3222526cb1ea7cc4ef43d2a2c27ed0e37a776f5c77540c33795aa63297704d9e215735a1a98606' 'SKIP' 'e8f7b8d77e57b8df10e27903347ba6995a98d15c37bdd5d243c00ffcfe8eb2bb58f11ab11dafdc005cb109ad2e55ec43f8d95caad7a2ce013928ae86b1547954' '2f9195675270d79d735a3aaec25887c2f80b76eae98be8fcc5fd59ab71d925c5ee20ec5e2a015deb68b61bc2cc7f56f546a22cb96ee038e2e24c2c9dd5c3f79f' 'd8297e09f552a2d6bb24c2ba10481fd2b407057f3b24278e72a89233473460d339c83838791989773623178b5af80588fb4c484da2931f1040e313cce7ceca00' '15d9b32ff1ad4c897b097173de259cdb89bbbf6ab0230faf4557eca511a59c1f2c76b85be30d25cf9534f91e1af43e72d072bc82dbf2219eadf772822f573d38' + '078dca48f0937ad021b1d50ba98dc1c156fb67a18b25fa079d2d35d0aa5480fb820e952c7f569cff5744cd32976a23942c2e822d1cfada8144e9a8dc9bae1d82' '067f3389124fdd937ca69e9e9568b1b3194791960a093e81037051eb6d25e80b40bf7f60c61373ac9e92bff9db760766009b1e6f9ee8429a883bb7fce2d60f8a' '7f1eb5938472f57748216bd00e0c875feab99fc1c5cb89babfea467ee30ca5c8e9fc5a691efe2e602bef1ea79820c5383822d7cec354b48d23321ccda8ee8127' 'b6ef77035611139fa9a6d5b8d30570e2781bb4da483bb569884b0bd0129b62e0b82a5a6776fefe43fee801c70d39de1ea4d4c177f7cedd5ac135e3c64f7b895a' @@ -90,6 +93,7 @@ prepare() { patch -p1 -i ../0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch patch -p1 -i ../0002-HID-quirks-Add-Apple-Magic-Trackpad-2-to-hid_have_special_driver-list.patch patch -p1 -i ../0003-iwlwifi-Fix-regression-from-UDP-segmentation-support.patch + patch -p1 -i ../0004-HID-wacom-Correct-NULL-dereference-on-AES-pen-proximity.patch # fix naming schema in EXTRAVERSION of ck patch set |