mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 07:04:24 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Steven Price 472dd7ea5e drm/panfrost: Job should reference MMU not file_priv 
[ Upstream commit 6e516faf04 ]

For a while now it's been allowed for a MMU context to outlive it's
corresponding panfrost_priv, however the job structure still references
panfrost_priv to get hold of the MMU context. If panfrost_priv has been
freed this is a use-after-free which I've been able to trigger resulting
in a splat.

To fix this, drop the reference to panfrost_priv in the job structure
and add a direct reference to the MMU structure which is what's actually
needed.

Fixes: 7fdc48cc63 ("drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv")
Signed-off-by: Steven Price <steven.price@arm.com>
Acked-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220519152003.81081-1-steven.price@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-06-14 18:45:03 +02:00
..
accessibility
acpi ACPI: property: Release subnode properties with data nodes 2022-06-09 10:30:43 +02:00
amba
android
ata
atm
auxdisplay
base driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction 2022-06-14 18:45:00 +02:00
bcma
block nbd: fix possible overflow on 'first_minor' in nbd_dev_add() 2022-06-14 18:44:56 +02:00
bluetooth Bluetooth: btmtksdio: fix the reset takes too long 2022-06-09 10:30:13 +02:00
bus bus: ti-sysc: Fix warnings for unbind for serial 2022-06-14 18:44:52 +02:00
cdrom
char Revert "random: use static branch for crng_ready()" 2022-06-09 10:30:55 +02:00
clk clk: tegra: Add missing reset deassertion 2022-06-09 10:30:54 +02:00
clocksource clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value 2022-06-14 18:44:53 +02:00
comedi
connector
counter
cpufreq cpufreq: mediatek: Unregister platform device on exit 2022-06-09 10:30:35 +02:00
cpuidle cpuidle: riscv-sbi: Fix code to allow a genpd governor to be used 2022-06-09 10:30:18 +02:00
crypto crypto: sun8i-ss - handle zero sized sg 2022-06-09 10:30:30 +02:00
cxl cxl/mem: Drop mem_enabled check from wait_for_media() 2022-06-09 10:30:31 +02:00
dax
dca
devfreq PM / devfreq: rk3399_dmc: Disable edev on remove() 2022-06-09 10:29:48 +02:00
dio
dma dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type 2022-06-14 18:45:02 +02:00
dma-buf dma-buf: ensure unique directory name for dmabuf stats 2022-05-13 13:35:10 +02:00
edac EDAC/dmc520: Don't print an error for each unconfigured interrupt line 2022-06-09 10:29:59 +02:00
eisa
extcon extcon: ptn5150: Add queue work sync before driver release 2022-06-14 18:44:50 +02:00
firewire
firmware firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle 2022-06-14 18:44:52 +02:00
fpga
fsi
gnss
gpio gpio: pca953x: use the correct register address to do regcache sync 2022-06-14 18:44:59 +02:00
gpu drm/panfrost: Job should reference MMU not file_priv 2022-06-14 18:45:03 +02:00
greybus
hid HID: amd_sfh: Modify the hid name 2022-06-09 10:30:09 +02:00
hsi
hv Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero 2022-06-09 10:30:26 +02:00
hwmon hwmon: (pmbus) Check PEC support before reading other registers 2022-06-09 10:30:19 +02:00
hwspinlock
hwtracing coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier 2022-06-14 18:44:50 +02:00
i2c i2c: cadence: Increase timeout per message if necessary 2022-06-14 18:45:02 +02:00
i3c
idle
iio iio: adc: sc27xx: Fine tune the scale calibration values 2022-06-14 18:44:48 +02:00
infiniband RDMA/rxe: Generate a completion for unsupported/invalid opcode 2022-06-09 10:30:56 +02:00
input Input: stmfts - do not leave device disabled in stmfts_input_open 2022-06-09 10:30:34 +02:00
interconnect
iommu iommu/arm-smmu-v3: check return value after calling platform_get_resource() 2022-06-14 18:45:01 +02:00
ipack
irqchip irqchip: irq-xtensa-mx: fix initial IRQ affinity 2022-06-09 10:30:50 +02:00
isdn
leds
macintosh macintosh: via-pmu and via-cuda need RTC_LIB 2022-06-09 10:30:32 +02:00
mailbox mailbox: forward the hrtimer if not queued and under a lock 2022-06-09 10:30:33 +02:00
mcb
md md: bcache: check the return value of kzalloc() in detached_dev_do_request() 2022-06-09 10:30:57 +02:00
media media: coda: Add more H264 levels for CODA960 2022-06-09 10:30:49 +02:00
memory memory: samsung: exynos5422-dmc: Avoid some over memory allocation 2022-06-09 10:30:21 +02:00
memstick
message
mfd mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() 2022-06-09 10:30:33 +02:00
misc misc/pvpanic: Convert regular spinlock into trylock on panic path 2022-06-14 18:44:48 +02:00
mmc mmc: core: Allows to override the timeout value for ioctl() path 2022-06-09 10:30:49 +02:00
most
mtd ubi: ubi_create_volume: Fix use-after-free when volume creation failed 2022-06-14 18:44:55 +02:00
mux
net nfp: remove padding in nfp_nfdk_tx_desc 2022-06-14 18:45:00 +02:00
nfc NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx 2022-06-09 10:30:18 +02:00
ntb
nubus
nvdimm mce: fix set_mce_nospec to always unmap the whole page 2022-06-09 10:30:31 +02:00
nvme nvme: set dma alignment to dword 2022-06-09 10:30:14 +02:00
nvmem
of of: overlay: do not break notify on NOTIFY_{OK|STOP} 2022-06-09 10:30:02 +02:00
opp OPP: call of_node_put() on error path in _bandwidth_supported() 2022-06-09 10:30:34 +02:00
parisc
parport
pci PCI: qcom: Fix unbalanced PHY init on probe errors 2022-06-09 10:30:44 +02:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 18:44:44 +02:00
peci
perf
phy phy: qcom-qmp: fix pipe-clock imbalance on power-on failure 2022-06-14 18:44:48 +02:00
pinctrl pinctrl/rockchip: support setting input-enable param 2022-06-09 10:30:57 +02:00
platform MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon 2022-06-09 10:30:35 +02:00
pnp
power power: supply: ab8500_fg: Allocate wq in probe 2022-06-14 18:44:49 +02:00
powercap
pps
ps3
ptp ptp: ocp: change sysfs attr group handling 2022-05-18 21:44:37 -07:00
pwm pwm: raspberrypi-poe: Fix endianness in firmware struct 2022-06-14 18:44:46 +02:00
rapidio
ras
regulator regulator: scmi: Fix refcount leak in scmi_regulator_probe 2022-06-09 10:30:15 +02:00
remoteproc remoteproc: imx_rproc: Ignore create mem entry for resource table 2022-06-14 18:44:46 +02:00
reset
rpmsg rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails 2022-06-14 18:44:48 +02:00
rtc rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe 2022-06-14 18:44:51 +02:00
s390 s390/stp: clock_delta should be signed 2022-06-09 10:30:45 +02:00
sbus
scsi scsi: sd: Fix potential NULL pointer dereference 2022-06-14 18:44:59 +02:00
sh
siox
slimbus slimbus: qcom: Fix IRQ check in qcom_slim_probe 2022-05-09 16:00:20 +02:00
soc soc: rockchip: Fix refcount leak in rockchip_grf_init 2022-06-14 18:44:50 +02:00
soundwire soundwire: qcom: return error when pm_runtime_get_sync fails 2022-06-14 18:44:50 +02:00
spi spi: fsi: Fix spurious timeout 2022-06-14 18:44:54 +02:00
spmi
ssb
staging staging: r8188eu: add check for kzalloc 2022-06-14 18:44:51 +02:00
target target: remove an incorrect unmap zeroes data deduction 2022-06-09 10:29:59 +02:00
tc
tee
thermal thermal: devfreq_cooling: use local ops instead of global ops 2022-06-09 10:30:50 +02:00
thunderbolt
tty serial: stm32-usart: Correct CSIZE, bits, and parity 2022-06-14 18:44:52 +02:00
uio
usb usb: typec: mux: Check dev_set_name() return value 2022-06-14 18:44:47 +02:00
vdpa vdpa: ifcvf: set pci driver data in probe 2022-06-14 18:44:58 +02:00
vfio
vhost Fix double fget() in vhost_net_set_backend() 2022-05-18 12:33:51 -04:00
video video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() 2022-06-14 18:45:02 +02:00
virt
virtio virtio: pci: Fix an error handling path in vp_modern_probe() 2022-06-14 18:44:57 +02:00
visorbus
vlynq
vme
w1
watchdog watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe 2022-06-14 18:44:53 +02:00
xen
zorro
Kconfig
Makefile