<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/usb/misc, branch linux-4.17.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>USB: yurex: fix out-of-bounds uaccess in read handler</title>
<updated>2018-07-17T09:48:27+00:00</updated>
<author>
<name>Jann Horn</name>
<email>jannh@google.com</email>
</author>
<published>2018-07-06T15:12:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ce6037ad83d4d1a27f11c352eb8fab10b1a4e97c'/>
<id>ce6037ad83d4d1a27f11c352eb8fab10b1a4e97c</id>
<content type='text'>
commit f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 upstream.

In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.

Fix it by using simple_read_from_buffer() instead of custom logic.

Fixes: 6bc235a2e24a ("USB: add driver for Meywa-Denki &amp; Kayac YUREX")
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 upstream.

In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.

Fix it by using simple_read_from_buffer() instead of custom logic.

Fixes: 6bc235a2e24a ("USB: add driver for Meywa-Denki &amp; Kayac YUREX")
Signed-off-by: Jann Horn &lt;jannh@google.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'tty-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty</title>
<updated>2018-04-05T01:43:49+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2018-04-05T01:43:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9abf8acea297b4c65f5fa3206e2b8e468e730e84'/>
<id>9abf8acea297b4c65f5fa3206e2b8e468e730e84</id>
<content type='text'>
Pull tty/serial driver updates from Greg KH:
 "Here is the big set of tty and serial driver patches for 4.17-rc1

  Not all that big really, most are just small fixes and additions to
  existing drivers. There's a bunch of work on the imx serial driver
  recently for some reason, and a new embedded serial driver added as
  well.

  Full details are in the shortlog.

  All of these have been in the linux-next tree for a while with no
  reported issues"

* tag 'tty-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (66 commits)
  serial: expose buf_overrun count through proc interface
  serial: mvebu-uart: fix tx lost characters
  tty: serial: msm_geni_serial: Fix return value check in qcom_geni_serial_probe()
  tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP
  8250-men-mcb: add support for 16z025 and 16z057
  powerpc: Mark the variable earlycon_acpi_spcr_enable maybe_unused
  serial: stm32: fix initialization of RS485 mode
  ARM: dts: STi: Remove "console=ttyASN" from bootargs for STi boards
  vt: change SGR 21 to follow the standards
  serdev: Fix typo in serdev_device_alloc
  ARM: dts: STi: Fix aliases property name for STi boards
  tty: st-asc: Update tty alias
  serial: stm32: add support for RS485 hardware control mode
  dt-bindings: serial: stm32: add RS485 optional properties
  selftests: add devpts selftests
  devpts: comment devpts_mntget()
  devpts: resolve devpts bind-mounts
  devpts: hoist out check for DEVPTS_SUPER_MAGIC
  serial: 8250: Add Nuvoton NPCM UART
  serial: mxs-auart: disable clks of Alphascale ASM9260
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull tty/serial driver updates from Greg KH:
 "Here is the big set of tty and serial driver patches for 4.17-rc1

  Not all that big really, most are just small fixes and additions to
  existing drivers. There's a bunch of work on the imx serial driver
  recently for some reason, and a new embedded serial driver added as
  well.

  Full details are in the shortlog.

  All of these have been in the linux-next tree for a while with no
  reported issues"

* tag 'tty-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (66 commits)
  serial: expose buf_overrun count through proc interface
  serial: mvebu-uart: fix tx lost characters
  tty: serial: msm_geni_serial: Fix return value check in qcom_geni_serial_probe()
  tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP
  8250-men-mcb: add support for 16z025 and 16z057
  powerpc: Mark the variable earlycon_acpi_spcr_enable maybe_unused
  serial: stm32: fix initialization of RS485 mode
  ARM: dts: STi: Remove "console=ttyASN" from bootargs for STi boards
  vt: change SGR 21 to follow the standards
  serdev: Fix typo in serdev_device_alloc
  ARM: dts: STi: Fix aliases property name for STi boards
  tty: st-asc: Update tty alias
  serial: stm32: add support for RS485 hardware control mode
  dt-bindings: serial: stm32: add RS485 optional properties
  selftests: add devpts selftests
  devpts: comment devpts_mntget()
  devpts: resolve devpts bind-mounts
  devpts: hoist out check for DEVPTS_SUPER_MAGIC
  serial: 8250: Add Nuvoton NPCM UART
  serial: mxs-auart: disable clks of Alphascale ASM9260
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>USB: misc: uss720: more vendor/product ID's</title>
<updated>2018-03-20T11:27:34+00:00</updated>
<author>
<name>Daniel Gimpelevich</name>
<email>daniel@gimpelevich.san-francisco.ca.us</email>
</author>
<published>2018-03-20T10:58:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e3cb7bde9a6a8bfdee5917facf00afb98fee1821'/>
<id>e3cb7bde9a6a8bfdee5917facf00afb98fee1821</id>
<content type='text'>
Reporting two more VID/PID pairs that work with this driver, having used
an informational webpage &lt;http://reboots.g-cipher.net/lcd/&gt; as a buying
guide now. The page listed additional working VID/PID pairs but did not
include these two. None were upstreamed. Also taking this opportunity to
sort the pairs numerically.

Of the two such cables now in my possession, one is white, bearing the
In-System Design ISD-103 label on one side, sold as an Epson CAEUL0002
"USB to Parallel Smart Cable For Apple Macintosh Computers" (04b8:0002),
and the other is black, bearing the In-System Design ISD-101 label on one
side, sold as an early Belkin F5U002 (05ab:0002).

Signed-off-by: Daniel Gimpelevich &lt;daniel@gimpelevich.san-francisco.ca.us&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Reporting two more VID/PID pairs that work with this driver, having used
an informational webpage &lt;http://reboots.g-cipher.net/lcd/&gt; as a buying
guide now. The page listed additional working VID/PID pairs but did not
include these two. None were upstreamed. Also taking this opportunity to
sort the pairs numerically.

Of the two such cables now in my possession, one is white, bearing the
In-System Design ISD-103 label on one side, sold as an Epson CAEUL0002
"USB to Parallel Smart Cable For Apple Macintosh Computers" (04b8:0002),
and the other is black, bearing the In-System Design ISD-101 label on one
side, sold as an early Belkin F5U002 (05ab:0002).

Signed-off-by: Daniel Gimpelevich &lt;daniel@gimpelevich.san-francisco.ca.us&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>USB: adutux: Add waiting in transfer abortion</title>
<updated>2018-03-09T17:37:10+00:00</updated>
<author>
<name>Kirill Kapranov</name>
<email>kirill.kirillovich.kapranov@gmail.com</email>
</author>
<published>2018-02-17T21:01:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=687ca6395f10ac8a54fd5285dda91ed9efac9e23'/>
<id>687ca6395f10ac8a54fd5285dda91ed9efac9e23</id>
<content type='text'>
Add waiting for an URB transmit finish that let the last URB to be sent
(to be not discarded) during 'release' procedure. W/o this waiting,the
last frame will be nearly always lost.

A test case: an attempt of sending a single frame:
echo -en "\001mk255" &gt;/dev/adutux0

Signed-off-by: Kirill Kapranov &lt;kirill.kirillovich.kapranov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add waiting for an URB transmit finish that let the last URB to be sent
(to be not discarded) during 'release' procedure. W/o this waiting,the
last frame will be nearly always lost.

A test case: an attempt of sending a single frame:
echo -en "\001mk255" &gt;/dev/adutux0

Signed-off-by: Kirill Kapranov &lt;kirill.kirillovich.kapranov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>usb: usbtest: Remove stack VLA usage</title>
<updated>2018-03-09T17:10:22+00:00</updated>
<author>
<name>Tobin C. Harding</name>
<email>me@tobin.cc</email>
</author>
<published>2018-03-09T06:11:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c53439fbd15600ecd48bfec446c2018e4fa6e241'/>
<id>c53439fbd15600ecd48bfec446c2018e4fa6e241</id>
<content type='text'>
The kernel would like to have all stack VLA usage removed[1].  We
already have a pre-processor constant defined MAX_SGLEN.  We can use
this instead of the variable param-sglen.

[1]: https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Tobin C. Harding &lt;me@tobin.cc&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The kernel would like to have all stack VLA usage removed[1].  We
already have a pre-processor constant defined MAX_SGLEN.  We can use
this instead of the variable param-sglen.

[1]: https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Tobin C. Harding &lt;me@tobin.cc&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>USB: adutux: Delete a misleading comment</title>
<updated>2018-03-06T17:42:07+00:00</updated>
<author>
<name>Kirill Kapranov</name>
<email>kirill.kirillovich.kapranov@gmail.com</email>
</author>
<published>2018-02-17T21:02:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cc9debf84ab359aae2becfb4bc9341f7574fe97b'/>
<id>cc9debf84ab359aae2becfb4bc9341f7574fe97b</id>
<content type='text'>
Delete a misleading comment to an obvious definition.

Signed-off-by: Kirill Kapranov &lt;kirill.kirillovich.kapranov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Delete a misleading comment to an obvious definition.

Signed-off-by: Kirill Kapranov &lt;kirill.kirillovich.kapranov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>console: Expand dummy functions for CFI</title>
<updated>2018-02-27T09:17:33+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2018-02-27T00:04:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c396a5bf457fb60159dcedbd4f48d53a62be030a'/>
<id>c396a5bf457fb60159dcedbd4f48d53a62be030a</id>
<content type='text'>
This expands the no-op dummy functions into full prototypes to avoid
indirect call mismatches when running under Control Flow Integrity
checking, like with Clang's -fsanitize=cfi.

Co-Developed-by: Sami Tolvanen &lt;samitolvanen@google.com&gt;
Signed-off-by: Sami Tolvanen &lt;samitolvanen@google.com&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This expands the no-op dummy functions into full prototypes to avoid
indirect call mismatches when running under Control Flow Integrity
checking, like with Clang's -fsanitize=cfi.

Co-Developed-by: Sami Tolvanen &lt;samitolvanen@google.com&gt;
Signed-off-by: Sami Tolvanen &lt;samitolvanen@google.com&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>console: SisUSB2VGA: Drop dummy con_font_get()</title>
<updated>2018-02-27T09:17:33+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2018-02-27T00:04:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ea92110bc048848967bd2a046675a006005c4f06'/>
<id>ea92110bc048848967bd2a046675a006005c4f06</id>
<content type='text'>
As done in commit:

  724ba8b30b04 ("console/dummy: leave .con_font_get set to NULL")

This drops the dummy .con_font_get(), as it could leave arguments
uninitialized.

Cc: Thomas Winischhofer &lt;thomas@winischhofer.net&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As done in commit:

  724ba8b30b04 ("console/dummy: leave .con_font_get set to NULL")

This drops the dummy .con_font_get(), as it could leave arguments
uninitialized.

Cc: Thomas Winischhofer &lt;thomas@winischhofer.net&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge 4.16-rc3 into usb-next</title>
<updated>2018-02-26T14:39:01+00:00</updated>
<author>
<name>Greg Kroah-Hartman</name>
<email>gregkh@linuxfoundation.org</email>
</author>
<published>2018-02-26T14:39:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=134d1fd44221614d7de994d07ef92a6111952e1c'/>
<id>134d1fd44221614d7de994d07ef92a6111952e1c</id>
<content type='text'>
We want the USB fixes in here.

Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We want the USB fixes in here.

Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>USB: chaoskey: Use kasprintf() over strcpy()/strcat()</title>
<updated>2018-02-22T14:17:05+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2018-02-17T04:55:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b382a5c3c592a53cdf0097e314dc9936f7eae16d'/>
<id>b382a5c3c592a53cdf0097e314dc9936f7eae16d</id>
<content type='text'>
Instead of kmalloc() with manually calculated values followed by
multiple strcpy()/strcat() calls, just fold it all into a single
kasprintf() call.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Reviewed-by: Keith Packard &lt;keithp@keithp.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Instead of kmalloc() with manually calculated values followed by
multiple strcpy()/strcat() calls, just fold it all into a single
kasprintf() call.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Reviewed-by: Keith Packard &lt;keithp@keithp.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
