[SRU][OEM-6.1][PATCH 0/8] CVE-2023-6039

[Yuxuan Luo]

[Impact]
A use-after-free flaw was found in lan78xx_disconnect in
drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx
in the Linux Kernel. This flaw allows a local attacker to crash the
system when the LAN78XX USB device detaches.

[Backport]
It depends on a kernel clock function, timer_shutdown_sync(). Since
this function might be used widely in the future given it is under
include/linux directory, backporting the new kernel function is
preferred over expanding it.

For generic kernel, the fix commit has a conflict at the
netif_napi_del(&dev->napi); line; however, it is already included in the
OEM-6.1 tree, so the fix commit can be cherry picked cleanly.

Additionally, there were some namespace conflicts when building armhf
and arm64 kernels for generic kernel, since OEM-6.1 does not have to
worry about those two archs, three commits from the patch set for
generic kernel solving the issue is not included.

[Test]
Compile and boot tested.

[Potential Regression]
It is not an easy task to assess the regression potential as 7 more
out-of-scope patches are introduced, proceed with caution.

Duoming Zhou (1):
  net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs

Thomas Gleixner (7):
  timers: Use del_timer_sync() even on UP
  timers: Update kernel-doc for various functions
  timers: Rename del_timer_sync() to timer_delete_sync()
  timers: Rename del_timer() to timer_delete()
  timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
  timers: Add shutdown mechanism to the internal functions
  timers: Provide timer_shutdown[_sync]()

 drivers/net/usb/lan78xx.c |   7 +-
 include/linux/timer.h     |  35 +++-
 kernel/time/timer.c       | 365 ++++++++++++++++++++++++++++----------
 3 files changed, 305 insertions(+), 102 deletions(-)

-- 
2.34.1