From af801728dd980f0022a4d51c0bb5afff12278784 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: May 02 2023 12:18:50 +0000
Subject: Merge remote-tracking branch 'origin/users/clin/cve/linux-5.3/for-next' into cve/linux-5.3


---

diff --git a/patches.suse/udmabuf-add-back-sanity-check.patch b/patches.suse/udmabuf-add-back-sanity-check.patch
new file mode 100644
index 0000000..ba14e91
--- /dev/null
+++ b/patches.suse/udmabuf-add-back-sanity-check.patch
@@ -0,0 +1,42 @@
+From 05b252cccb2e5c3f56119d25de684b4f810ba40a Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 20 Jun 2022 09:15:47 +0200
+Subject: [PATCH] udmabuf: add back sanity check
+Git-commit: 05b252cccb2e5c3f56119d25de684b4f810ba40a
+Patch-mainline: v5.19-rc4
+References: git-fixes bsc#1210453 CVE-2023-2008
+
+Check vm_fault->pgoff before using it.  When we removed the warning, we
+also removed the check.
+
+Fixes: 7b26e4e2119d ("udmabuf: drop WARN_ON() check.")
+Reported-by: zdi-disclosures@trendmicro.com
+Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/dma-buf/udmabuf.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c
+index e7330684d3b8..9631f2fd2faf 100644
+--- a/drivers/dma-buf/udmabuf.c
++++ b/drivers/dma-buf/udmabuf.c
+@@ -32,8 +32,11 @@ static vm_fault_t udmabuf_vm_fault(struct vm_fault *vmf)
+ {
+ 	struct vm_area_struct *vma = vmf->vma;
+ 	struct udmabuf *ubuf = vma->vm_private_data;
++	pgoff_t pgoff = vmf->pgoff;
+ 
+-	vmf->page = ubuf->pages[vmf->pgoff];
++	if (pgoff >= ubuf->pagecount)
++		return VM_FAULT_SIGBUS;
++	vmf->page = ubuf->pages[pgoff];
+ 	get_page(vmf->page);
+ 	return 0;
+ }
+-- 
+2.35.3
+
diff --git a/series.conf b/series.conf
index 7acb43b..8736374 100644
--- a/series.conf
+++ b/series.conf
@@ -22974,6 +22974,7 @@
 	patches.suse/dm-verity-set-DM_TARGET_IMMUTABLE-feature-flag.patch
 	patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch
 	patches.suse/0001-KVM-x86-do-not-report-a-vCPU-as-preempted-outside-in.patch
+	patches.suse/udmabuf-add-back-sanity-check.patch
 	patches.suse/net-rose-fix-UAF-bugs-caused-by-timer-handler.patch
 	patches.suse/xen-blkfront-fix-leaking-data-in-shared-pages.patch
 	patches.suse/xen-netfront-fix-leaking-data-in-shared-pages.patch