mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 10:01:00 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Lv Yunlong 9dc373f740 net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send 
[ Upstream commit 6d72e7c767 ]

In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).
If some error happens in emac_tx_fill_tpd(), the skb will be freed via
dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().
But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).

As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,
thus my patch assigns skb->len to 'len' before the possible free and
use 'len' instead of skb->len later.

Fixes: b9b17debc6 ("net: emac: emac gigabit ethernet controller driver")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-05-14 09:50:43 +02:00
..
accessibility
acpi ACPI: CPPC: Replace cppc_attr with kobj_attribute 2021-05-14 09:50:16 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 11:38:02 +01:00
android
ata ata: libahci_platform: fix IRQ check 2021-05-14 09:50:24 +02:00
atm atm: idt77252: fix null-ptr-dereference 2021-03-30 14:31:50 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 11:38:00 +01:00
base node: fix device cleanups in error handling code 2021-05-14 09:50:19 +02:00
bcma
block drivers/block/null_blk/main: Fix a double free in null_init. 2021-05-14 09:50:28 +02:00
bluetooth Bluetooth: btqca: Add valid le states quirk 2021-03-11 14:17:22 +01:00
bus bus: qcom: Put child node before return 2021-05-14 09:50:13 +02:00
cdrom
char ttyprintk: Add TTY hangup callback. 2021-05-14 09:50:21 +02:00
clk clk: uniphier: Fix potential infinite loop 2021-05-14 09:50:26 +02:00
clocksource clocksource/drivers/ingenic_ost: Fix return value check in ingenic_ost_probe() 2021-05-14 09:50:16 +02:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-03-25 09:04:16 +01:00
cpufreq cpufreq: armada-37xx: Fix determining base CPU frequency 2021-05-14 09:50:17 +02:00
cpuidle cpuidle: Fix ARM_QCOM_SPM_CPUIDLE configuration 2021-05-14 09:50:16 +02:00
crypto crypto: ccp: Detect and reject "invalid" addresses destined for PSP 2021-05-14 09:50:41 +02:00
dax device-dax: Fix default return code of range_parse() 2021-03-04 11:38:15 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:50:15 +02:00
dio
dma dmaengine: tegra20: Fix runtime PM imbalance on error 2021-04-28 13:40:01 +02:00
dma-buf
edac EDAC/amd64: Do not load on family 0x15, model 0x13 2021-03-07 12:34:08 +01:00
eisa
extcon extcon: arizona: Fix various races on driver unbind 2021-05-11 14:47:24 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 15:00:11 +02:00
firmware firmware: qcom-scm: Fix QCOM_SCM configuration 2021-05-14 09:50:19 +02:00
fpga fpga: fpga-mgr: xilinx-spi: fix error messages on -EPROBE_DEFER 2021-05-14 09:50:06 +02:00
fsi
gnss
gpio gpio: omap: Save and restore sysconfig 2021-04-28 13:39:59 +02:00
gpu drm/amd/pm: fix error code in smu_set_power_limit() 2021-05-14 09:50:39 +02:00
greybus
hid HID: lenovo: Map mic-mute button to KEY_F20 instead of KEY_MICMUTE 2021-05-14 09:50:33 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:50:28 +02:00
hv Drivers: hv: vmbus: Increase wait time for VMbus unload 2021-05-14 09:50:21 +02:00
hwmon hwmon: (pmbus/pxe1610) don't bail out when not all pages are active 2021-05-14 09:50:20 +02:00
hwspinlock
hwtracing intel_th: pci: Add Alder Lake-M support 2021-05-11 14:47:35 +02:00
i2c i2c: mediatek: Fix wrong dma sync flag 2021-05-14 09:50:39 +02:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:50:05 +02:00
ide ide/falconide: Fix module unload 2021-03-04 11:38:21 +01:00
idle
iio iio: adc: Kconfig: make AD9467 depend on ADI_AXI_ADC symbol 2021-05-14 09:50:15 +02:00
infiniband RDMA/core: Add CM to restrack after successful attachment to a device 2021-05-14 09:50:42 +02:00
input Input: ili210x - add missing negation for touch indication on ili210x 2021-05-11 14:47:34 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:43:19 +02:00
iommu iommu/amd: Put newline after closing bracket in warning 2021-05-14 09:50:38 +02:00
ipack
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:50:15 +02:00
isdn mISDN: fix crash in fritzpci 2021-04-10 13:36:08 +02:00
leds
lightnvm
macintosh macintosh/adb-iop: Use big-endian autopoll mask 2021-03-04 11:37:42 +01:00
mailbox mailbox: sprd: Introduce refcnt when clients requests/free channels 2021-05-14 09:50:27 +02:00
mcb
md md: Fix missing unused status line of /proc/mdstat 2021-05-14 09:49:59 +02:00
media media: v4l2-ctrls.c: fix race condition in hdl->requests list 2021-05-14 09:50:25 +02:00
memory memory: samsung: exynos5422-dmc: handle clk_set_parent() failure 2021-05-14 09:50:19 +02:00
memstick
message
mfd mfd: stm32-timers: Avoid clearing auto reload register 2021-05-14 09:50:27 +02:00
misc misc: vmw_vmci: explicitly initialize vmci_datagram payload 2021-05-14 09:49:59 +02:00
mmc mmc: sdhci-brcmstb: Remove CQE quirk 2021-05-11 14:47:26 +02:00
most
mtd mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init 2021-05-14 09:50:15 +02:00
mux
net net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send 2021-05-14 09:50:43 +02:00
nfc nfc: pn533: prevent potential memory corruption 2021-05-14 09:50:32 +02:00
ntb
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 13:00:55 +02:00
nvme nvme-pci: don't simple map sgl when sgls are disabled 2021-05-14 09:50:27 +02:00
nvmem drivers: nvmem: Fix voltage settings for QTI qfprom-efuse 2021-05-14 09:50:14 +02:00
of of: overlay: fix for_each_child.cocci warnings 2021-05-14 09:50:24 +02:00
opp opp: Correct debug message in _opp_add_static_v2() 2021-03-04 11:37:27 +01:00
oprofile
parisc
parport
pci PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c 2021-05-14 09:49:58 +02:00
pcmcia
perf perf/arm_pmu_platform: Fix error handling 2021-05-11 14:47:19 +02:00
phy phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally 2021-05-14 09:50:13 +02:00
pinctrl pinctrl: pinctrl-single: fix pcs_pin_dbg_show() when bits_per_mux is not zero 2021-05-14 09:50:30 +02:00
platform platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table 2021-05-14 09:50:20 +02:00
pnp
power power: supply: bq25980: Move props from battery node 2021-05-14 09:50:25 +02:00
powercap
pps
ps3
ptp ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation 2021-04-10 13:36:09 +02:00
pwm pwm: iqs620a: Fix overflow and optimize calculations 2021-03-04 11:38:17 +01:00
rapidio
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:42:12 +02:00
regulator regulator: bd9576: Fix return from bd957x_probe() 2021-05-14 09:50:10 +02:00
remoteproc remoteproc: qcom: pil_info: avoid 64-bit division 2021-04-14 08:42:05 +02:00
reset
rpmsg
rtc rtc: zynqmp: depend on HAS_IOMEM 2021-03-04 11:38:03 +01:00
s390 s390/zcrypt: fix zcard and zqueue hot-unplug memleak 2021-05-11 14:47:11 +02:00
sbus
scsi scsi: ibmvfc: Fix invalid state machine BUG_ON() 2021-05-14 09:50:27 +02:00
sfi
sh
siox
slimbus
soc soc: aspeed: fix a ternary sign expansion bug 2021-05-14 09:50:21 +02:00
soundwire soundwire: stream: fix memory leak in stream config error path 2021-05-14 09:50:14 +02:00
spi spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails 2021-05-14 09:50:20 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 11:38:40 +01:00
ssb
staging media: cedrus: Fix H265 status definitions 2021-05-14 09:50:28 +02:00
target scsi: target: pscsi: Fix warning in pscsi_complete_cmd() 2021-05-11 14:47:23 +02:00
tc
tee tee: optee: do not check memref size on return from Secure World 2021-05-11 14:47:18 +02:00
thermal thermal/core/fair share: Lock the thermal zone while looping over instances 2021-05-11 14:47:41 +02:00
thunderbolt thunderbolt: Fix off by one in tb_port_find_retimer() 2021-04-14 08:42:03 +02:00
tty serial: omap: fix rs485 half-duplex filtering 2021-05-14 09:50:21 +02:00
uio
usb usb: dwc2: Fix hibernation between host and device modes. 2021-05-14 09:50:21 +02:00
vdpa vdpa/mlx5: Set err = -ENOMEM in case dma_map_sg_attrs fails 2021-04-28 13:39:59 +02:00
vfio vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer 2021-05-14 09:50:26 +02:00
vhost vhost-vdpa: fix vm_flags for virtqueue doorbell mapping 2021-05-11 14:47:12 +02:00
video backlight: qcom-wled: Fix FSC update issue for WLED5 2021-05-11 14:47:25 +02:00
virt nitro_enclaves: Fix stale file descriptors on failed usercopy 2021-05-11 14:47:11 +02:00
virtio
visorbus
vlynq
vme
w1 w1: w1_therm: Fix conversion result for negative temperatures 2021-03-04 11:37:18 +01:00
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 11:38:36 +01:00
xen xen/events: fix setting irq affinity 2021-04-16 11:43:22 +02:00
zorro
Kconfig
Makefile