linux-samsung-espresso3g: use mainline 5.17, not PowerVR fork (MR 3027)

[ci:skip-build] Already built fine on CI in MR

device/community/linux-samsung-espresso3g/02-CVE-2021-39685-USB-gadget-detect-too-big-endpoint-0-requests.patch

-From 6eea4ace62fa6414432692ee44f0c0a3d541d97a Mon Sep 17 00:00:00 2001
-From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Date: Thu, 9 Dec 2021 19:02:15 +0100
-Subject: USB: gadget: zero allocate endpoint 0 buffers
-
-commit 86ebbc11bb3f60908a51f3e41a17e3f477c2eaa3 upstream.
-
-Under some conditions, USB gadget devices can show allocated buffer
-contents to a host.  Fix this up by zero-allocating them so that any
-extra data will all just be zeros.
-
-Reported-by: Szymon Heidrich <szymon.heidrich@gmail.com>
-Tested-by: Szymon Heidrich <szymon.heidrich@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/usb/gadget/composite.c   | 2 +-
- drivers/usb/gadget/legacy/dbgp.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
-index 1ef7922b57b62..284eea9f6e4d8 100644
---- a/drivers/usb/gadget/composite.c
-+++ b/drivers/usb/gadget/composite.c
-@@ -2221,7 +2221,7 @@ int composite_dev_prepare(struct usb_composite_driver *composite,
- 	if (!cdev->req)
- 		return -ENOMEM;
-
--	cdev->req->buf = kmalloc(USB_COMP_EP0_BUFSIZ, GFP_KERNEL);
-+	cdev->req->buf = kzalloc(USB_COMP_EP0_BUFSIZ, GFP_KERNEL);
- 	if (!cdev->req->buf)
- 		goto fail;
-
-diff --git a/drivers/usb/gadget/legacy/dbgp.c b/drivers/usb/gadget/legacy/dbgp.c
-index e567afcb2794c..355bc7dab9d5f 100644
---- a/drivers/usb/gadget/legacy/dbgp.c
-+++ b/drivers/usb/gadget/legacy/dbgp.c
-@@ -137,7 +137,7 @@ static int dbgp_enable_ep_req(struct usb_ep *ep)
- 		goto fail_1;
- 	}
-
--	req->buf = kmalloc(DBGP_REQ_LEN, GFP_KERNEL);
-+	req->buf = kzalloc(DBGP_REQ_LEN, GFP_KERNEL);
- 	if (!req->buf) {
- 		err = -ENOMEM;
- 		stp = 2;
---
-cgit 1.2.3-1.el7

device/community/linux-samsung-espresso3g/03-CVE-2021-39685-USB-gadget-zero-allocate-endpoint-0-buffers.patch

-From 36dfdf11af49d3c009c711fb16f5c6e7a274505d Mon Sep 17 00:00:00 2001
-From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Date: Thu, 9 Dec 2021 18:59:27 +0100
-Subject: USB: gadget: detect too-big endpoint 0 requests
-
-commit 153a2d7e3350cc89d406ba2d35be8793a64c2038 upstream.
-
-Sometimes USB hosts can ask for buffers that are too large from endpoint
-0, which should not be allowed.  If this happens for OUT requests, stall
-the endpoint, but for IN requests, trim the request size to the endpoint
-buffer size.
-
-Co-developed-by: Szymon Heidrich <szymon.heidrich@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/usb/gadget/composite.c    | 12 ++++++++++++
- drivers/usb/gadget/legacy/dbgp.c  | 13 +++++++++++++
- drivers/usb/gadget/legacy/inode.c | 16 +++++++++++++++-
- 3 files changed, 40 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c
-index 504c1cbc255d1..1ef7922b57b62 100644
---- a/drivers/usb/gadget/composite.c
-+++ b/drivers/usb/gadget/composite.c
-@@ -1679,6 +1679,18 @@ composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
- 	struct usb_function		*f = NULL;
- 	u8				endp;
-
-+	if (w_length > USB_COMP_EP0_BUFSIZ) {
-+		if (ctrl->bRequestType == USB_DIR_OUT) {
-+			goto done;
-+		} else {
-+			/* Cast away the const, we are going to overwrite on purpose. */
-+			__le16 *temp = (__le16 *)&ctrl->wLength;
-+
-+			*temp = cpu_to_le16(USB_COMP_EP0_BUFSIZ);
-+			w_length = USB_COMP_EP0_BUFSIZ;
-+		}
-+	}
-+
- 	/* partial re-init of the response message; the function or the
- 	 * gadget might need to intercept e.g. a control-OUT completion
- 	 * when we delegate to it.
-diff --git a/drivers/usb/gadget/legacy/dbgp.c b/drivers/usb/gadget/legacy/dbgp.c
-index e1d566c9918ae..e567afcb2794c 100644
---- a/drivers/usb/gadget/legacy/dbgp.c
-+++ b/drivers/usb/gadget/legacy/dbgp.c
-@@ -345,6 +345,19 @@ static int dbgp_setup(struct usb_gadget *gadget,
- 	void *data = NULL;
- 	u16 len = 0;
-
-+	if (length > DBGP_REQ_LEN) {
-+		if (ctrl->bRequestType == USB_DIR_OUT) {
-+			return err;
-+		} else {
-+			/* Cast away the const, we are going to overwrite on purpose. */
-+			__le16 *temp = (__le16 *)&ctrl->wLength;
-+
-+			*temp = cpu_to_le16(DBGP_REQ_LEN);
-+			length = DBGP_REQ_LEN;
-+		}
-+	}
-+
-+
- 	if (request == USB_REQ_GET_DESCRIPTOR) {
- 		switch (value>>8) {
- 		case USB_DT_DEVICE:
-diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
-index 539220d7f5b62..0a4041552ed19 100644
---- a/drivers/usb/gadget/legacy/inode.c
-+++ b/drivers/usb/gadget/legacy/inode.c
-@@ -110,6 +110,8 @@ enum ep0_state {
- /* enough for the whole queue: most events invalidate others */
- #define	N_EVENT			5
-
-+#define RBUF_SIZE		256
-+
- struct dev_data {
- 	spinlock_t			lock;
- 	refcount_t			count;
-@@ -144,7 +146,7 @@ struct dev_data {
- 	struct dentry			*dentry;
-
- 	/* except this scratch i/o buffer for ep0 */
--	u8				rbuf [256];
-+	u8				rbuf[RBUF_SIZE];
- };
-
- static inline void get_dev (struct dev_data *data)
-@@ -1334,6 +1336,18 @@ gadgetfs_setup (struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
- 	u16				w_value = le16_to_cpu(ctrl->wValue);
- 	u16				w_length = le16_to_cpu(ctrl->wLength);
-
-+	if (w_length > RBUF_SIZE) {
-+		if (ctrl->bRequestType == USB_DIR_OUT) {
-+			return value;
-+		} else {
-+			/* Cast away the const, we are going to overwrite on purpose. */
-+			__le16 *temp = (__le16 *)&ctrl->wLength;
-+
-+			*temp = cpu_to_le16(RBUF_SIZE);
-+			w_length = RBUF_SIZE;
-+		}
-+	}
-+
- 	spin_lock (&dev->lock);
- 	dev->setup_abort = 0;
- 	if (dev->state == STATE_DEV_UNCONNECTED) {
---
-cgit 1.2.3-1.el7

device/community/linux-samsung-espresso3g/APKBUILD

 # Maintainer: Mighty <mightymb17@gmail.com>
 # Co-Maintainer: Antoni Aloy <aaloytorrens@gmail.com>
 pkgname=linux-samsung-espresso3g
-pkgver=5.15.2
-pkgrel=4
+pkgver=5.17.0
+pkgrel=0
 pkgdesc="Samsung Galaxy Tab 2 (7.0 inch) mainline kernel"
 arch="armv7"
 _carch="arm"
@@ -16,18 +16,20 @@ options="!strip !check !tracedeps
 	pmb:kconfigcheck-nftables
 	pmb:kconfigcheck-zram"
 makedepends="openssl-dev yaml-dev mpc1-dev mpfr-dev xz findutils bison flex perl sed bash gmp-dev bc linux-headers elfutils-dev"
-_commit="6ba3430a6fad45bf35f2634809e4f3a12f85cb89"
 _config="config-$_flavor.$arch"
+case $pkgver in
+	*.*.0)	_kernver=${pkgver%.0};;
+	*.*.*)	_kernver=$pkgver;;
+	*.*)	_kernver=$pkgver;;
+esac
 source="
-	$pkgname-$_commit.tar.gz::https://github.com/tmlind/linux_openpvrsgx/archive/$_commit.tar.gz
-	00-add-espresso-dts.patch
-	02-CVE-2021-39685-USB-gadget-detect-too-big-endpoint-0-requests.patch
-	03-CVE-2021-39685-USB-gadget-zero-allocate-endpoint-0-buffers.patch
-	04-Add-TWL6030-power-driver-with-minimal-support-for-power-off.patch
-	05-Add-TWL6030-power-button-support-to-twl-pwrbutton.patch
+	https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz
+	00-Add-espresso-dts.patch
+	01-Add-TWL6030-power-driver-with-minimal-support-for-power-off.patch
+	02-Add-TWL6030-power-button-support-to-twl-pwrbutton.patch
 	$_config
 "
-builddir="$srcdir/linux_openpvrsgx-$_commit"
+builddir="$srcdir/linux-$_kernver"
 
 prepare() {
 	default_prepare
@@ -54,11 +56,9 @@ package() {
 }
 
 sha512sums="
-c1f1372afc303cabb55210c7c46a694eff3bc0d7871efee7a690488b782b0c2cb48dbccc43b454a7cf96cfea796397f621d338e791172a8d1f62b26b2e1d54cb  linux-samsung-espresso3g-6ba3430a6fad45bf35f2634809e4f3a12f85cb89.tar.gz
-01d2e04afba261c42ba3c9e9aea4f8f023d86e58f17e2e17dec2f46347665843678dd56ad8875ab00b69074c3389dd471a47a9f252e2c8002c89dc730691cfd8  00-add-espresso-dts.patch
-c83480686caa35c51bce654104082e51d2569850bbbdcdb8479fb756ffb7907aefce685b2cfa748bbed0da7b585be83a08d194d0ff315a070a5b5a07c8dbc1d2  02-CVE-2021-39685-USB-gadget-detect-too-big-endpoint-0-requests.patch
-7b76e82bca21c9746bb37df2e840b43a0628a8a00b45ee43dd38ce742d7b99e30faf4bd11c99f1a20299b486885cbb9f62502400544a6a7e319292b97331581d  03-CVE-2021-39685-USB-gadget-zero-allocate-endpoint-0-buffers.patch
-a483b1a322f3fe47c7bb6514f34cca69ad1b806487596ffab69078acb6e83e99ed39ffb4d5b4ecd17035d118a75ce5bac6761b9e42d01608f1e6a53d59b27806  04-Add-TWL6030-power-driver-with-minimal-support-for-power-off.patch
-b3d6114c5c60fc2820856c89ea6f09c369d857ae79a79f0eeb0f83f5401dc2253e11f7dac6869eb1095d3e0b3a68126246762e2f406ffae5b5ef0a60d5563bac  05-Add-TWL6030-power-button-support-to-twl-pwrbutton.patch
-7757f169073701eb1f2c7a27401d169bfaf0d133b62823bbc1e5f6cb7fe33a1ebe3901383f6e6e34c140f501f3ed5d77608386c1fc9e908cdc7cbd69d9c339f2  config-samsung-espresso3g.armv7
+89f0a7ca69d20a539d4b612a7028a30a5e98b402e4b6b88516f14237e5da4b626d7929eab8b40fccc90766e8f3bae87e9858a19077ffad20d8204acf18794f5b  linux-5.17.tar.xz
+01d2e04afba261c42ba3c9e9aea4f8f023d86e58f17e2e17dec2f46347665843678dd56ad8875ab00b69074c3389dd471a47a9f252e2c8002c89dc730691cfd8  00-Add-espresso-dts.patch
+a483b1a322f3fe47c7bb6514f34cca69ad1b806487596ffab69078acb6e83e99ed39ffb4d5b4ecd17035d118a75ce5bac6761b9e42d01608f1e6a53d59b27806  01-Add-TWL6030-power-driver-with-minimal-support-for-power-off.patch
+b3d6114c5c60fc2820856c89ea6f09c369d857ae79a79f0eeb0f83f5401dc2253e11f7dac6869eb1095d3e0b3a68126246762e2f406ffae5b5ef0a60d5563bac  02-Add-TWL6030-power-button-support-to-twl-pwrbutton.patch
+3bf676ddaf2201088c223b5f67933041d47b0cb20aefb678af271887107658f334fb6f3a778470a824b1c1a1a256ac68e17bded27c6d661f7b0a92eb15326fa3  config-samsung-espresso3g.armv7
 "