From 94fd6d88caba2ff24654a4f0bd2569b76d893544 Mon Sep 17 00:00:00 2001
From: Justin M. Forbes <jforbes@fedoraproject.org>
Date: Nov 22 2019 18:59:39 +0000
Subject: Fix CVE-2019-19077 rhbz 1775724 1775725


---

diff --git a/0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch b/0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch
new file mode 100644
index 0000000..87f4b4d
--- /dev/null
+++ b/0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch
@@ -0,0 +1,33 @@
+From 4a9d46a9fe14401f21df69cea97c62396d5fb053 Mon Sep 17 00:00:00 2001
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+Date: Tue, 10 Sep 2019 17:21:19 -0500
+Subject: [PATCH] RDMA: Fix goto target to release the allocated memory
+
+In bnxt_re_create_srq(), when ib_copy_to_udata() fails allocated memory
+should be released by goto fail.
+
+Fixes: 37cb11acf1f7 ("RDMA/bnxt_re: Add SRQ support for Broadcom adapters")
+Link: https://lore.kernel.org/r/20190910222120.16517-1-navid.emamdoost@gmail.com
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+---
+ drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+index f9e97d0cc459..b4149dc9e824 100644
+--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
++++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+@@ -1398,7 +1398,7 @@ int bnxt_re_create_srq(struct ib_srq *ib_srq,
+ 			dev_err(rdev_to_dev(rdev), "SRQ copy to udata failed!");
+ 			bnxt_qplib_destroy_srq(&rdev->qplib_res,
+ 					       &srq->qplib_srq);
+-			goto exit;
++			goto fail;
+ 		}
+ 	}
+ 	if (nq)
+-- 
+2.23.0
+
diff --git a/kernel.spec b/kernel.spec
index a740c5d..f5351c9 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -651,6 +651,9 @@ Patch523: 0001-nl80211-fix-memory-leak-in-nl80211_get_ftm_responder.patch
 # CVE-2019-19054 rhbz 1775063 1775117
 Patch524: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch
 
+# CVE-2019-19077 rhbz 1775724 1775725
+Patch525: 0001-RDMA-Fix-goto-target-to-release-the-allocated-memory.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1852,6 +1855,9 @@ fi
 #
 #
 %changelog
+* Fri Nov 22 2019 Justin M. Forbes <jforbes@fedoraproject.org> 
+- Fix CVE-2019-19077 rhbz 1775724 1775725
+
 * Thu Nov 21 2019 Justin M. Forbes <jforbes@fedoraproject.org> - 5.3.12-300
 - Fix CVE-2019-19074 (rhbz 1774933 1774934)
 - Fix CVE-2019-19073 (rhbz 1774937 1774939)