From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from osg.samsung.com ([64.30.133.232]:35256 "EHLO osg.samsung.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751041AbeDMIsh (ORCPT <rfc822;stable@vger.kernel.org>);
        Fri, 13 Apr 2018 04:48:37 -0400
Received: from localhost (localhost [127.0.0.1])
        by osg.samsung.com (Postfix) with ESMTP id D31F11F51B
        for <stable@vger.kernel.org>; Fri, 13 Apr 2018 01:48:36 -0700 (PDT)
Received: from osg.samsung.com ([127.0.0.1])
        by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id LG0pplDU6Bpv for <stable@vger.kernel.org>;
        Fri, 13 Apr 2018 01:48:35 -0700 (PDT)
Received: from vento.lan (unknown [179.179.40.138])
        by osg.samsung.com (Postfix) with ESMTPSA id 2DE351F50B
        for <stable@vger.kernel.org>; Fri, 13 Apr 2018 01:48:34 -0700 (PDT)
Date: Fri, 13 Apr 2018 05:48:31 -0300
From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
To: stable@vger.kernel.org
Subject: Important regression fix patch
Message-ID: <20180413054831.39698e8a@vento.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

Hi Greg,

There are two important v4l2-core fixes on the patches merged this week by
Linux.

1) media: v4l2-core: fix size of devnode_nums[] bitarray

This patch correct a regression against Kernel 4.16. It affects notebooks
with advanced Synaptics mice (and similar touch devices). On those devices,
the pad produces an image with is handled via V4L2. Without this patch,
the input driver OOPSes at probing time:

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a95845ba184b854106972f5d8f50354c2d272c06

2) v4l2-compat-ioctl32: don't oops on overlay

This patch complements the security fix we've made at the V4L2 core
compat32 logic. It fixes an illegal use of an __user pointer without
first convert into a Kernel pointer with get_user(). It wasn't detect
before, as it uses an obscure streaming mode of V4L2 (overlay mode):

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=85ea29f19eab56ec16ec6b92bc67305998706afa

This one should go all the way down to stable Kernels. Here, I was able
to reproduce the bug with both upstream Kernel and Kernel 3.18. The
patch applied without any conflicts on both.

Could you please add both on your next set of -stable releases?

Thanks,
Mauro