mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-26 20:38:12 +00:00
Code Issues Releases Wiki Activity
No description
1126650 commits 105 branches 5097 tags 5.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Baisong Zhong 6fbc44731a media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() 
[ Upstream commit 0ed554fd76 ]

Wei Chen reports a kernel bug as blew:

general protection fault, probably for non-canonical address
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
...
Call Trace:
<TASK>
__i2c_transfer+0x77e/0x1930 drivers/i2c/i2c-core-base.c:2109
i2c_transfer+0x1d5/0x3d0 drivers/i2c/i2c-core-base.c:2170
i2cdev_ioctl_rdwr+0x393/0x660 drivers/i2c/i2c-dev.c:297
i2cdev_ioctl+0x75d/0x9f0 drivers/i2c/i2c-dev.c:458
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd834a8bded

In az6027_i2c_xfer(), if msg[i].addr is 0x99,
a null-ptr-deref will caused when accessing msg[i].buf.
For msg[i].len is 0 and msg[i].buf is null.

Fix this by checking msg[i].len in az6027_i2c_xfer().

Link: https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/

Link: https://lore.kernel.org/linux-media/20221120065918.2160782-1-zhongbaisong@huawei.com
Fixes: 76f9a820c8 ("V4L/DVB: AZ6027: Initial import of the driver")
Reported-by: Wei Chen <harperchen1110@gmail.com>
Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-31 13:26:03 +01:00
arch MIPS: OCTEON: warn only once if deprecated link status is being used 2022-12-31 13:25:47 +01:00
block block: clear ->slave_dir when dropping the main slave_dir reference 2022-12-31 13:25:58 +01:00
certs certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
crypto crypto: akcipher - default implementation for setting a private key 2022-10-21 12:38:59 +02:00
Documentation mtd: spi-nor: hide jedec_id sysfs attribute if not present 2022-12-31 13:26:00 +01:00
drivers media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() 2022-12-31 13:26:03 +01:00
fs hfs: Fix OOB Write in hfs_asc2mac 2022-12-31 13:25:47 +01:00
include clk: imx: rename video_pll1 to video_pll 2022-12-31 13:26:02 +01:00
init init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash 2022-12-02 17:43:11 +01:00
io_uring io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() 2022-12-14 11:40:53 +01:00
ipc ipc: fix memory leak in init_mqueue_fs() 2022-12-31 13:25:48 +01:00
kernel module: Fix NULL vs IS_ERR checking for module_get_next_page 2022-12-31 13:25:57 +01:00
lib lib/notifier-error-inject: fix error when writing -errno to debugfs file 2022-12-31 13:25:45 +01:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm tmpfs: fix data loss from failed fallocate 2022-12-14 11:40:52 +01:00
net bpf: Move skb->len == 0 checks into __bpf_redirect 2022-12-31 13:26:00 +01:00
samples samples/bpf: Fix MAC address swapping in xdp2_kern 2022-12-31 13:25:50 +01:00
scripts scripts/faddr2line: Fix regression in name resolution on ppc64le 2022-12-08 11:30:14 +01:00
security ima: Fix misuse of dereference of pointer in template_desc_init_fields() 2022-12-31 13:25:58 +01:00
sound ASoC: qcom: Add checks for devm_kcalloc 2022-12-31 13:26:02 +01:00
tools selftests/bpf: Mount debugfs in setns_by_fd 2022-12-31 13:26:01 +01:00
usr Not a lot of material this cycle. Many singleton patches against various 2022-05-27 11:22:03 -07:00
virt KVM: Update gfn_to_pfn_cache khva when it moves within the same page 2022-12-02 17:43:13 +01:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-14 11:40:58 +01:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: split the second line of *.mod into *.usyms 2022-05-08 03:16:59 +09:00
.mailmap Qualcomm ARM64 DTS fixes for 6.0 2022-09-23 16:44:37 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS drm for 5.20/6.0 2022-08-03 19:52:08 -07:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS One MAINTAINERS update, two MM fixes, both cc:stable 2022-10-01 09:13:29 -07:00
Makefile Linux 6.0.15 2022-12-21 17:41:16 +01:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.