mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-06 19:07:52 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Evgeny Novikov de5c848322 usb: gadget: goku_udc: fix potential crashes in probe 
[ Upstream commit 0d66e04875 ]

goku_probe() goes to error label "err" and invokes goku_remove()
in case of failures of pci_enable_device(), pci_resource_start()
and ioremap(). goku_remove() gets a device from
pci_get_drvdata(pdev) and works with it without any checks, in
particular it dereferences a corresponding pointer. But
goku_probe() did not set this device yet. So, one can expect
various crashes. The patch moves setting the device just after
allocation of memory for it.

Found by Linux Driver Verification project (linuxtesting.org).

Reported-by: Pavel Andrianov <andrianov@ispras.ru>
Signed-off-by: Evgeny Novikov <novikov@ispras.ru>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-11-18 18:27:55 +01:00
..
accessibility
acpi ACPI: NFIT: Fix comparison to '-ENXIO' 2020-11-10 10:29:06 +01:00
amba
android binder: fix UAF when releasing todo list 2020-10-29 09:06:59 +01:00
ata ata: sata_rcar: Fix DMA boundary mask 2020-11-05 11:06:52 +01:00
atm atm: eni: fix the missed pci_disable_device() for eni_init_one() 2020-10-01 13:12:50 +02:00
auxdisplay
base PM: runtime: Resume the device earlier in __device_release_driver() 2020-11-10 10:29:07 +01:00
bcma
block nbd: don't update block size after device is started 2020-11-18 18:27:52 +01:00
bluetooth Bluetooth: hci_uart: Cancel init work before unregistering 2020-10-29 09:07:03 +01:00
bus bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads 2020-04-24 08:00:23 +02:00
cdrom
char drivers: char: tlclk.c: Avoid data race between init and interrupt handler 2020-10-01 13:12:42 +02:00
clk clk: ti: clockdomain: fix static checker warning 2020-11-05 11:06:56 +01:00
clocksource clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() 2020-10-01 13:12:49 +02:00
connector
cpufreq acpi-cpufreq: Honor _PSD table setting on new AMD CPUs 2020-11-05 11:06:59 +01:00
cpuidle cpuidle: Fixup IRQ state 2020-09-09 19:03:06 +02:00
crypto crypto: ccp - fix error handling 2020-10-29 09:07:14 +01:00
dax
dca
devfreq PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out 2020-10-01 13:12:28 +02:00
dio
dma dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status 2020-11-05 11:07:01 +01:00
dma-buf
edac EDAC/i5100: Fix error handling order in i5100_init_one() 2020-10-29 09:07:00 +01:00
eisa
extcon extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' 2020-06-25 15:41:55 +02:00
firewire
firmware efi: Make it possible to disable efivar_ssdt entirely 2020-07-09 09:36:33 +02:00
fmc
fpga
fsi
gpio gpio: tc35894: fix up tc35894 interrupt configuration 2020-10-14 09:51:06 +02:00
gpu drm/vc4: drv: Add error handding for bind 2020-11-10 10:29:06 +01:00
hid HID: hid-input: fix stylus battery reporting 2020-10-29 09:07:06 +01:00
hsi
hv hv_balloon: disable warning when floor reached 2020-11-18 18:27:53 +01:00
hwmon hwmon: (applesmc) check status earlier. 2020-09-09 19:03:06 +02:00
hwspinlock
hwtracing coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb() 2020-08-21 09:48:10 +02:00
i2c i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs 2020-10-29 09:07:14 +01:00
ide block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h> 2020-09-09 19:03:12 +02:00
idle
iio iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. 2020-11-05 11:07:02 +01:00
infiniband IB/rdmavt: Fix sizeof mismatch 2020-10-29 09:07:10 +01:00
input hil/parisc: Disable HIL driver when it gets stuck 2020-11-05 11:07:05 +01:00
iommu iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() 2020-10-14 09:51:08 +02:00
ipack
irqchip genirq/affinity: Make affinity setting if activated opt-in 2020-08-21 09:48:23 +02:00
isdn
leds leds: bcm6328, bcm6358: use devres LED registering function 2020-11-05 11:06:58 +01:00
lightnvm
macintosh drivers/macintosh: Fix memleak in windfarm_pm112 driver 2020-06-20 10:25:19 +02:00
mailbox mailbox: avoid timer start from callback 2020-10-29 09:07:11 +01:00
mcb
md md/raid5: fix oops during stripe resizing 2020-11-05 11:06:58 +01:00
media media: tw5864: check status of tw5864_frameinterval_get 2020-11-05 11:06:55 +01:00
memory memory: emif: Remove bogus debugfs error handling 2020-11-05 11:06:57 +01:00
memstick
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-11-05 11:06:59 +01:00
mfd misc: rtsx: Fix memory leak in rtsx_pci_probe 2020-10-29 09:07:17 +01:00
misc eeprom: at25: set minimum read/write access stride to 1 2020-10-29 09:07:20 +01:00
mmc mmc: via-sdmmc: Fix data race bug 2020-11-05 11:06:55 +01:00
mtd ubi: check kthread_should_stop() after the setting of task state 2020-11-05 11:07:03 +01:00
mux
net ath9k_htc: Use appropriate rs_datalen type 2020-11-18 18:27:55 +01:00
nfc NFC: st95hf: Fix memleak in st95hf_in_send_cmd 2020-09-23 10:46:26 +02:00
ntb NTB: hw: amd: fix an issue about leak system resources 2020-10-29 09:07:14 +01:00
nubus
nvdimm block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h> 2020-09-09 19:03:12 +02:00
nvme nvme-rdma: fix crash when connect rejected 2020-11-05 11:06:58 +01:00
nvmem nvmem: qfprom: remove incorrect write support 2020-06-11 09:23:01 +02:00
of of: Fix reserved-memory overlap detection 2020-11-10 10:29:05 +01:00
oprofile
parisc parisc: mask out enable and reserved bits from sba imask 2020-08-21 09:48:16 +02:00
parport
pci PCI: iproc: Set affinity mask on MSI interrupts 2020-10-29 09:07:11 +01:00
pcmcia
perf drivers/perf: xgene_pmu: Fix uninitialized resource struct 2020-10-29 09:07:00 +01:00
phy phy: samsung: s5pv210-usb2: Add delay after reset 2020-10-01 13:12:43 +02:00
pinctrl pinctrl: mcp23s08: Fix mcp23x17 precious range 2020-10-29 09:07:05 +01:00
platform platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP 2020-10-14 09:51:13 +02:00
pnp
power power: supply: test_power: add missing newlines when printing parameters by sysfs 2020-11-05 11:06:56 +01:00
powercap powercap: restrict energy meter to root access 2020-11-10 21:10:28 +01:00
pps
ps3
ptp
pwm pwm: lpss: Add range limit check for the base_unit register value 2020-10-29 09:07:05 +01:00
rapidio rapidio: fix the missed put_device() for rio_mport_add_riodev 2020-10-29 09:07:11 +01:00
ras
regulator regulator: defer probe when trying to get voltage from unresolved supply 2020-11-18 18:27:52 +01:00
remoteproc remoteproc: Fix IDR initialisation in rproc_alloc() 2020-06-25 15:41:47 +02:00
reset
rpmsg rpmsg: glink: smem: Ensure ordering during tx 2020-04-24 08:01:06 +02:00
rtc rtc: rx8010: don't modify the global rtc ops 2020-11-05 11:07:04 +01:00
s390 s390/dasd: Fix zero write for FBA devices 2020-10-01 13:12:51 +02:00
sbus
scsi scsi: core: Don't start concurrent async scan on same host 2020-11-10 10:29:05 +01:00
sfi
sh
sn
soc soc: imx: gpc: fix power up sequencing 2020-04-24 08:01:18 +02:00
spi spi: fsl-espi: Only process interrupts for expected events 2020-10-14 09:51:08 +02:00
spmi
ssb
staging staging: octeon: Drop on uncorrectable alignment or FCS error 2020-11-05 11:07:06 +01:00
target scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem 2020-09-23 10:46:30 +02:00
tc
tee
thermal thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 2020-09-09 19:03:10 +02:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 16:36:09 +01:00
tty serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init 2020-11-10 10:29:06 +01:00
uio uio: free uio id after uio file node is freed 2020-11-05 11:06:55 +01:00
usb usb: gadget: goku_udc: fix potential crashes in probe 2020-11-18 18:27:55 +01:00
uwb
vfio vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages 2020-10-29 09:07:12 +01:00
vhost vringh: fix __vringh_iov() when riov and wiov are different 2020-11-05 11:07:04 +01:00
video video: fbdev: pvr2fb: initialize variables 2020-11-05 11:06:54 +01:00
virt drivers/virt/fsl_hypervisor: Fix error handling path 2020-10-29 09:07:05 +01:00
virtio virtio_ring: Avoid loop when vq is broken in virtqueue_poll 2020-08-26 10:29:57 +02:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-28 16:36:04 +01:00
w1 w1: mxc_w1: Fix timeout resolution problem leading to bus error 2020-11-05 11:06:59 +01:00
watchdog drivers: watchdog: rdc321x_wdt: Fix race condition bugs 2020-11-05 11:06:57 +01:00
xen xen/events: don't use chip_data for legacy IRQs 2020-11-10 10:29:02 +01:00
zorro
Kconfig
Makefile