mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Zack Rusin ee8d31836c drm/vmwgfx: Validate the box size for the snooped cursor 
commit 4cf949c7fa upstream.

Invalid userspace dma surface copies could potentially overflow
the memcpy from the surface to the snooped image leading to crashes.
To fix it the dimensions of the copybox have to be validated
against the expected size of the snooped cursor.

Signed-off-by: Zack Rusin <zackr@vmware.com>
Fixes: 2ac863719e ("vmwgfx: Snoop DMA transfers with non-covering sizes")
Cc: <stable@vger.kernel.org> # v3.2+
Reviewed-by: Michael Banack <banackm@vmware.com>
Reviewed-by: Martin Krastev <krastevm@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221026031936.1004280-1-zack@kde.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-01-07 12:07:37 +01:00
..
accessibility
acpi ACPICA: Fix error code path in acpi_ds_call_control_method() 2023-01-07 12:07:31 +01:00
amba ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" 2021-11-12 13:18:01 +01:00
android binder: use wake_up_pollfree() 2021-12-14 10:04:48 +01:00
ata ata: pata_legacy: fix pdc20230_set_piomode() 2022-11-10 15:46:05 +01:00
atm atm: idt77252: fix use-after-free bugs caused by tst_timer 2022-08-25 11:09:29 +02:00
auxdisplay auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string 2021-11-26 11:48:38 +01:00
base driver core: Don't probe devices after bus_type.match() probe deferral 2022-09-15 12:39:46 +02:00
bcma bcma: Fix memory leak for internally-handled cores 2021-09-22 11:43:02 +02:00
block loop: Check for overflow while configuring loop 2022-09-05 10:23:56 +02:00
bluetooth Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() 2023-01-07 12:07:22 +01:00
bus bus: sunxi-rsb: Support atomic transfers 2022-12-08 11:15:39 +01:00
cdrom
char ipmi: fix memleak when unload ipmi driver 2023-01-07 12:07:31 +01:00
clk clk: st: Fix memory leak in st_of_quadfs_setup() 2023-01-07 12:07:33 +01:00
clocksource clocksource/drivers/sp804: Avoid error on multiple instances 2022-06-14 16:52:40 +02:00
connector
cpufreq cpufreq: pmac32-cpufreq: Fix refcount leak bug 2022-07-21 20:40:31 +02:00
cpuidle cpuidle: dt: Return the correct numbers of parsed idle states 2023-01-07 12:07:13 +01:00
crypto crypto: n2 - add missing hash statesize 2023-01-07 12:07:37 +01:00
dax
dca
devfreq
dio drivers: dio: fix possible memory leak in dio_init() 2023-01-07 12:07:24 +01:00
dma dmaengine: at_hdmac: Check return code of dma_async_device_register 2022-11-25 17:35:38 +01:00
dma-buf
edac EDAC: Fix calculation of returned address and next offset in edac_align_ptr() 2022-02-23 11:56:41 +01:00
eisa
extcon
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:14:57 +02:00
firmware firmware: google: Test spinlock on panic path to avoid lockups 2022-10-26 13:15:43 +02:00
fmc
fpga
gpio gpio: amd8111: Fix PCI device reference count leak 2022-12-14 11:24:33 +01:00
gpu drm/vmwgfx: Validate the box size for the snooped cursor 2023-01-07 12:07:37 +01:00
hid HID: plantronics: Additional PIDs for double volume key presses quirk 2023-01-07 12:07:35 +01:00
hsi HSI: omap_ssi_core: Fix error handling in ssi_init() 2023-01-07 12:07:27 +01:00
hv Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region 2022-09-28 10:55:47 +02:00
hwmon hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() 2022-12-08 11:15:41 +01:00
hwspinlock
hwtracing coresight: Fix TRCCONFIGR.QE sysfs interface 2022-04-20 09:06:28 +02:00
i2c i2c: ismt: Fix an out-of-bounds bug in ismt_access() 2023-01-07 12:07:26 +01:00
ide
idle
iio iio: adc: ad_sigma_delta: do not use internal iio_dev lock 2023-01-07 12:07:34 +01:00
infiniband IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces 2023-01-07 12:07:24 +01:00
input Input: elants_i2c - properly handle the reset GPIO when power is off 2023-01-07 12:07:17 +01:00
iommu iommu/amd: Fix ivrs_acpihid cmdline parsing code 2023-01-07 12:07:37 +01:00
ipack ipack: ipoctal: fix module reference leak 2021-10-06 10:23:42 +02:00
irqchip irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() 2023-01-07 12:07:14 +01:00
isdn mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() 2023-01-07 12:07:29 +01:00
leds
lguest
lightnvm lightnvm: disable the subsystem 2022-05-12 12:14:53 +02:00
macintosh macintosh/macio-adb: check the return value of ioremap() 2023-01-07 12:07:28 +01:00
mailbox
mcb mcb: mcb-parse: fix error handing in chameleon_parse_gdd() 2023-01-07 12:07:26 +01:00
md dm cache: set needs_check flag after aborting metadata 2023-01-07 12:07:36 +01:00
media media: dvb-core: Fix double free in dvb_register_device() 2023-01-07 12:07:36 +01:00
memory memory: of: Fix refcount leak bug in of_get_ddr_timings() 2022-10-26 13:15:40 +02:00
memstick memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() 2021-11-26 11:48:34 +01:00
message
mfd mfd: sm501: Add check for platform_driver_register() 2022-10-26 13:15:44 +02:00
misc cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() 2023-01-07 12:07:25 +01:00
mmc mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING 2023-01-07 12:07:35 +01:00
mtd mtd: maps: pxa2xx-flash: fix memory leak in probe 2023-01-07 12:07:17 +01:00
net ppp: associate skb with a device at tx 2023-01-07 12:07:32 +01:00
nfc nfc: pn533: Clear nfc_target before being used 2023-01-07 12:07:29 +01:00
ntb
nubus
nvdimm
nvme nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices 2022-10-26 13:15:33 +02:00
nvmem nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells 2021-10-27 09:33:58 +02:00
of fdt: Update CRC check for rng-seed 2022-07-02 16:17:16 +02:00
oprofile
parisc parisc: led: Fix potential null-ptr-deref in start_task() 2023-01-07 12:07:37 +01:00
parport parport_pc: Avoid FIFO port location truncation 2022-11-25 17:35:39 +01:00
pci PCI/sysfs: Fix double free in error path 2023-01-07 12:07:37 +01:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 16:52:36 +02:00
perf
phy phy: samsung: exynos5250-sata: fix missing device put in probe error paths 2022-05-12 12:14:54 +02:00
pinctrl pinctrl: pinconf-generic: add missing of_node_put() 2023-01-07 12:07:18 +01:00
platform platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() 2022-12-08 11:15:40 +01:00
pnp PNP: fix name memory leak in pnp_alloc_dev() 2023-01-07 12:07:14 +01:00
power power: supply: fix residue sysfs file in error handle route of __power_supply_register() 2023-01-07 12:07:27 +01:00
powercap powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue 2022-10-26 13:15:45 +02:00
pps
ps3
ptp ptp: replace snprintf with sysfs_emit 2022-04-20 09:06:42 +02:00
pwm pwm: lp3943: Fix duty calculation in case period was clamped 2022-06-14 16:52:37 +02:00
rapidio rapidio: devices: fix missing put_device in mport_cdev_open 2023-01-07 12:07:15 +01:00
ras
regulator regulator: core: fix module refcount leak in set_supply() 2023-01-07 12:07:19 +01:00
remoteproc remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region 2022-04-20 09:06:36 +02:00
reset
rpmsg rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value 2022-06-14 16:52:37 +02:00
rtc rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() 2023-01-07 12:07:29 +01:00
s390 s390/lcs: Fix return type of lcs_start_xmit() 2023-01-07 12:07:32 +01:00
sbus
scsi scsi: snic: Fix possible UAF in snic_tgt_create() 2023-01-07 12:07:23 +01:00
sfi
sh maple: fix wrong return value of maple_bus_init(). 2021-11-26 11:48:41 +01:00
sn
soc ARM: ux500: do not directly dereference __iomem 2023-01-07 12:07:36 +01:00
spi spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe 2022-10-26 13:15:39 +02:00
spmi
ssb
staging staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() 2023-01-07 12:07:26 +01:00
target scsi: target: iscsi: Make sure the np under each tpg is unique 2022-02-16 12:43:53 +01:00
tc
thermal thermal: intel_powerclamp: Use first online CPU as control_cpu 2022-10-26 13:15:48 +02:00
thunderbolt
tty serial: sunsab: Fix error handling in sunsab_init() 2023-01-07 12:07:25 +01:00
uio uio: uio_dmem_genirq: Fix deadlock between irq config and handling 2023-01-07 12:07:24 +01:00
usb usb: storage: Add check for kcalloc 2023-01-07 12:07:26 +01:00
uwb
vfio vfio: platform: Do not pass return buffer to ACPI _RST method 2023-01-07 12:07:24 +01:00
vhost vringh: Fix loop descriptors check in the indirect cases 2022-06-14 16:52:41 +02:00
video fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() 2023-01-07 12:07:27 +01:00
virt
virtio virtio_mmio: Restore guest page size on resume 2022-07-21 20:40:31 +02:00
vlynq
vme vme: Fix error not catched in fake_init() 2023-01-07 12:07:26 +01:00
w1 w1: w1_therm: fixes w1_seq for ds28ea00 sensors 2022-04-20 09:06:43 +02:00
watchdog watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT 2021-11-26 11:48:38 +01:00
xen xen/platform-pci: add missing free_irq() in error path 2022-12-08 11:15:40 +01:00
zorro
Kconfig
Makefile