Drop "kernel/relay.c: handle alloc_percpu returning NULL in relay_open"

debian/changelog

@@ -448,7 +448,6 @@ linux (4.19.127-1) UNRELEASED; urgency=medium
     - HID: sony: Fix for broken buttons on DS3 USB dongles
     - HID: i2c-hid: add Schneider SCL142ALM to descriptor override
     - p54usb: add AirVasT USB stick device-id
-    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
     - mmc: fix compilation of user API
     - scsi: ufs: Release clock if DMA map fails
     - net: dsa: mt7530: set CPU port to fallback mode

debian/patches/bugfix/all/kernel-relay.c-handle-alloc_percpu-returning-NULL-in.patch

@@ -1,71 +0,0 @@
-From: Daniel Axtens <dja@axtens.net>
-Date: Thu, 4 Jun 2020 16:51:27 -0700
-Subject: kernel/relay.c: handle alloc_percpu returning NULL in relay_open
-Origin: https://git.kernel.org/linus/54e200ab40fc14c863bcc80a51e20b7906608fce
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-19462
-
-alloc_percpu() may return NULL, which means chan->buf may be set to NULL.
-In that case, when we do *per_cpu_ptr(chan->buf, ...), we dereference an
-invalid pointer:
-
-  BUG: Unable to handle kernel data access at 0x7dae0000
-  Faulting instruction address: 0xc0000000003f3fec
-  ...
-  NIP relay_open+0x29c/0x600
-  LR relay_open+0x270/0x600
-  Call Trace:
-     relay_open+0x264/0x600 (unreliable)
-     __blk_trace_setup+0x254/0x600
-     blk_trace_setup+0x68/0xa0
-     sg_ioctl+0x7bc/0x2e80
-     do_vfs_ioctl+0x13c/0x1300
-     ksys_ioctl+0x94/0x130
-     sys_ioctl+0x48/0xb0
-     system_call+0x5c/0x68
-
-Check if alloc_percpu returns NULL.
-
-This was found by syzkaller both on x86 and powerpc, and the reproducer
-it found on powerpc is capable of hitting the issue as an unprivileged
-user.
-
-Fixes: 017c59c042d0 ("relay: Use per CPU constructs for the relay channel buffer pointers")
-Reported-by: syzbot+1e925b4b836afe85a1c6@syzkaller-ppc64.appspotmail.com
-Reported-by: syzbot+587b2421926808309d21@syzkaller-ppc64.appspotmail.com
-Reported-by: syzbot+58320b7171734bf79d26@syzkaller.appspotmail.com
-Reported-by: syzbot+d6074fb08bdb2e010520@syzkaller.appspotmail.com
-Signed-off-by: Daniel Axtens <dja@axtens.net>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Reviewed-by: Michael Ellerman <mpe@ellerman.id.au>
-Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
-Acked-by: David Rientjes <rientjes@google.com>
-Cc: Akash Goel <akash.goel@intel.com>
-Cc: Andrew Donnellan <ajd@linux.ibm.com>
-Cc: Guenter Roeck <linux@roeck-us.net>
-Cc: Salvatore Bonaccorso <carnil@debian.org>
-Cc: <stable@vger.kernel.org>	[4.10+]
-Link: http://lkml.kernel.org/r/20191219121256.26480-1-dja@axtens.net
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
----
- kernel/relay.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/kernel/relay.c b/kernel/relay.c
-index 90c7a002436d..dc82705e1cff 100644
---- a/kernel/relay.c
-+++ b/kernel/relay.c
-@@ -581,6 +581,11 @@ struct rchan *relay_open(const char *base_filename,
- 		return NULL;
- 
- 	chan->buf = alloc_percpu(struct rchan_buf *);
-+	if (!chan->buf) {
-+		kfree(chan);
-+		return NULL;
-+	}
-+
- 	chan->version = RELAYFS_CHANNEL_VERSION;
- 	chan->n_subbufs = n_subbufs;
- 	chan->subbuf_size = subbuf_size;
--- 
-2.27.0.rc0
-

debian/patches/series

@@ -296,7 +296,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 debian/ntfs-mark-it-as-broken.patch
-bugfix/all/kernel-relay.c-handle-alloc_percpu-returning-NULL-in.patch
 bugfix/all/mm-Fix-mremap-not-considering-huge-pmd-devmap.patch
 bugfix/x86/srbds/0001-x86-cpu-Add-a-steppings-field-to-struct-x86_cpu_id.patch
 bugfix/x86/srbds/0002-x86-cpu-Add-table-argument-to-cpu_matches.patch