Overhaul CVE patches

Patches/Linux_CVEs/CVE-2017-7364/0.patch

@@ -1,49 +0,0 @@
-From 3ce6c47d2142fcd2c4c1181afe08630aaae5a267 Mon Sep 17 00:00:00 2001
-From: Harsh Sahu <hsahu@codeaurora.org>
-Date: Thu, 16 Feb 2017 19:52:02 -0800
-Subject: msm : mdss: Avoid arbitrary free of scale_data in error condition
-
-In mdss_fb_copy_destscaler_data function when the code enters error
-section it may free up some arbitrary kernel address. This may
-generate security vulnerability. Hence fixed the loop condition in
-err: to real count of allocated buffer to avoid this arbitrary free.
-
-Change-Id: I4014a3bf9cb0f5da994fa5c0233b7940009be0cd
-Signed-off-by: Harsh Sahu <hsahu@codeaurora.org>
----
- drivers/video/fbdev/msm/mdss_fb.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/video/fbdev/msm/mdss_fb.c b/drivers/video/fbdev/msm/mdss_fb.c
-index a183fd7..5eab4a5 100644
---- a/drivers/video/fbdev/msm/mdss_fb.c
-+++ b/drivers/video/fbdev/msm/mdss_fb.c
-@@ -4471,7 +4471,7 @@ err:
- static int __mdss_fb_copy_destscaler_data(struct fb_info *info,
- 		struct mdp_layer_commit *commit)
- {
--	int    i;
-+	int    i = 0;
- 	int    ret = 0;
- 	u32    data_size;
- 	struct mdp_destination_scaler_data __user *ds_data_user;
-@@ -4544,6 +4544,7 @@ static int __mdss_fb_copy_destscaler_data(struct fb_info *info,
- 					data_size);
- 			if (ret) {
- 				pr_err("scale data copy from user failed\n");
-+				kfree(scale_data);
- 				goto err;
- 			}
- 		}
-@@ -4553,7 +4554,7 @@ static int __mdss_fb_copy_destscaler_data(struct fb_info *info,
- 
- err:
- 	if (ds_data) {
--		for (i = 0; i < commit->commit_v1.dest_scaler_cnt; i++) {
-+		for (i--; i >= 0; i--) {
- 			scale_data = to_user_ptr(ds_data[i].scale);
- 			kfree(scale_data);
- 		}
--- 
-cgit v1.1
-