mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Eric Dumazet 138b787804 mISDN: fix MISDN_TIME_STAMP handling 
syzbot reports one unsafe call to copy_from_sockptr() [1]

Use copy_safe_from_sockptr() instead.

[1]

 BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
 BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]
 BUG: KASAN: slab-out-of-bounds in data_sock_setsockopt+0x46c/0x4cc drivers/isdn/mISDN/socket.c:417
Read of size 4 at addr ffff0000c6d54083 by task syz-executor406/6167

CPU: 1 PID: 6167 Comm: syz-executor406 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call trace:
  dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291
  show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298
  __dump_stack lib/dump_stack.c:88 [inline]
  dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
  print_address_description mm/kasan/report.c:377 [inline]
  print_report+0x178/0x518 mm/kasan/report.c:488
  kasan_report+0xd8/0x138 mm/kasan/report.c:601
  __asan_report_load_n_noabort+0x1c/0x28 mm/kasan/report_generic.c:391
  copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]
  copy_from_sockptr include/linux/sockptr.h:55 [inline]
  data_sock_setsockopt+0x46c/0x4cc drivers/isdn/mISDN/socket.c:417
  do_sock_setsockopt+0x2a0/0x4e0 net/socket.c:2311
  __sys_setsockopt+0x128/0x1a8 net/socket.c:2334
  __do_sys_setsockopt net/socket.c:2343 [inline]
  __se_sys_setsockopt net/socket.c:2340 [inline]
  __arm64_sys_setsockopt+0xb8/0xd4 net/socket.c:2340
  __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
  invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
  el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
  do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
  el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
  el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
  el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

Fixes: 1b2b03f8e5 ("Add mISDN core files")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Karsten Keil <isdn@linux-pingi.de>
Link: https://lore.kernel.org/r/20240408082845.3957374-3-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2024-04-09 17:01:01 -07:00
..
accel drm for 6.9: 2024-03-13 18:34:05 -07:00
accessibility Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
acpi Merge branch 'acpica' 2024-03-29 19:00:09 +01:00
amba
android Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
ata scsi: sd: Fix TCG OPAL unlock on system resume 2024-03-25 15:46:12 -04:00
atm atm: fore200e: Convert to platform remove callback returning void 2024-03-07 20:36:32 -08:00
auxdisplay auxdisplay: img-ascii-lcd: Convert to platform remove callback returning void 2024-03-12 17:37:54 +02:00
base Driver core changes for 6.9-rc1 2024-03-21 13:34:15 -07:00
bcma
block block-6.9-20240322 2024-03-22 12:46:07 -07:00
bluetooth Bluetooth: qca: fix device-address endianness 2024-03-29 09:48:37 -04:00
bus Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
cache
cdrom cdrom: gdrom: Convert to platform remove callback returning void 2024-03-07 11:53:30 -07:00
cdx cdx: add MSI support for CDX bus 2024-03-07 21:52:03 +00:00
char Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
clk ARM: late SoC changes for 6.9 2024-03-19 11:57:26 -07:00
clocksource A set of updates for clocksource and clockevent drivers: 2024-03-23 14:42:45 -07:00
comedi Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
connector
counter
cpufreq RISC-V Patches for the 6.9 Merge Window 2024-03-22 10:41:13 -07:00
cpuidle RISC-V Patches for the 6.9 Merge Window 2024-03-22 10:41:13 -07:00
crypto This push fixes a regression that broke iwd as well as a divide by 2024-03-25 10:48:23 -07:00
cxl cxl: remove CONFIG_CXL_PMU entry in drivers/cxl/Kconfig 2024-03-27 01:58:34 +09:00
dax libnvdimm updates for v6.9 2024-03-15 11:58:32 -07:00
dca
devfreq
dio dio: make dio_bus_type const 2024-03-07 20:37:04 +00:00
dma dmaengine updates for v6.9 2024-03-15 12:25:13 -07:00
dma-buf Merge drm/drm-fixes into drm-misc-fixes 2024-03-25 21:11:58 +01:00
dpll dpll: indent DPLL option type by a tab 2024-03-25 19:40:23 -07:00
edac - Add a FRU (Field Replaceable Unit) memory poison manager which 2024-03-11 18:14:06 -07:00
eisa
extcon
firewire firewire: core: add memo about the caller of show functions for device attributes 2024-03-21 21:20:18 +09:00
firmware x86/efistub: Reinstate soft limit for initrd loading 2024-03-28 16:19:46 +01:00
fpga Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
fsi
gnss
gpio gpiolib: Fix debug messaging in gpiod_find_and_request() 2024-03-26 12:50:50 +01:00
gpu Kbuild fixes for v6.9 2024-03-31 11:23:51 -07:00
greybus Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
hid hid-for-linus-2024031301 2024-03-14 09:56:15 -07:00
hsi
hte
hv hyperv-next for v6.9 2024-03-21 10:01:02 -07:00
hwmon - Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min 2024-03-14 18:03:09 -07:00
hwspinlock hwspinlock: omap: Use index to get hwspinlock pointer 2024-03-05 20:01:14 -08:00
hwtracing
i2c i2c: i801: Fix a refactoring that broke a touchpad on Lenovo P1 2024-03-26 00:47:08 +01:00
i3c
idle cpuidle: ACPI/intel: fix MWAIT hint target C-state computation 2024-03-05 21:25:18 +01:00
iio Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
infiniband RDMA v6.9 2024-03-18 15:34:03 -07:00
input TTY/Serial driver update for 6.9-rc1 2024-03-21 12:44:10 -07:00
interconnect interconnect changes for 6.9 2024-03-06 14:03:31 +00:00
iommu iommu: Validate the PASID in iommu_attach_device_pasid() 2024-03-28 06:38:40 +01:00
ipack ipack: make ipack_bus_type const 2024-03-07 20:32:47 +00:00
irqchip irqchip/armada-370-xp: Suppress unused-function warning 2024-03-26 02:12:16 +01:00
isdn mISDN: fix MISDN_TIME_STAMP handling 2024-04-09 17:01:01 -07:00
leds - Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min 2024-03-14 18:03:09 -07:00
macintosh powerpc updates for 6.9 2024-03-15 17:53:48 -07:00
mailbox imx: add support for i.MX95 ELE/V2X MU 2024-03-13 12:23:36 -07:00
mcb mcb: constify the struct device_type usage 2024-03-07 20:38:15 +00:00
md dm integrity: fix out-of-range warning 2024-03-29 09:48:07 -04:00
media Linux 6.8 2024-03-18 17:30:46 +00:00
memory Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
memstick MMC core: 2024-03-13 10:59:28 -07:00
message
mfd TTY/Serial driver update for 6.9-rc1 2024-03-21 12:44:10 -07:00
misc hardening fixes for v6.9-rc1 2024-03-23 08:43:21 -07:00
mmc sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() 2024-03-25 13:12:46 +01:00
most most: core: make mostbus const 2024-03-07 20:32:38 +00:00
mtd This pull request contains updates for UBI and UBIFS: 2024-03-21 15:09:29 -07:00
mux
net octeontx2-af: Fix NIX SQ mode and BP config 2024-04-09 11:59:42 +02:00
nfc
ntb
nubus
nvdimm libnvdimm updates for v6.9 2024-03-15 11:58:32 -07:00
nvme nvme updates for Linux 6.9 2024-03-21 13:23:07 -06:00
nvmem nvmem: core: Print error on wrong bits DT property 2024-03-07 20:21:53 +00:00
of Driver core changes for 6.9-rc1 2024-03-21 13:34:15 -07:00
opp OPP: Extend dev_pm_opp_data with turbo support 2024-03-11 10:39:24 +05:30
parisc parisc: led: Convert to platform remove callback returning void 2024-03-08 10:00:07 +01:00
parport parport: sunbpp: Convert to platform remove callback returning void 2024-03-07 21:50:06 +00:00
pci pci-v6.9-changes 2024-03-14 10:58:27 -07:00
pcmcia pcmcia: cs: make pcmcia_socket_class constant 2024-03-10 09:07:00 +01:00
peci
perf RISC-V Patches for the 6.9 Merge Window 2024-03-22 10:41:13 -07:00
phy USB/Thunderbolt changes for 6.9-rc1 2024-03-21 12:35:20 -07:00
pinctrl Kbuild fixes for v6.9 2024-03-31 11:23:51 -07:00
platform Char/Misc and other driver subsystem updates for 6.9-rc1 2024-03-21 13:21:31 -07:00
pmdomain Core: 2024-03-13 11:33:10 -07:00
pnp
power power supply and reset changes for the 6.9 series 2024-03-14 10:19:48 -07:00
powercap powercap: intel_rapl: Convert to platform remove callback returning void 2024-03-13 20:45:54 +01:00
pps pps: use cflags-y instead of EXTRA_CFLAGS 2024-03-07 21:51:39 +00:00
ps3
ptp Networking changes for 6.9. 2024-03-12 17:44:08 -07:00
pwm pwm: Fix setting period with #pwm-cells = <1> and of_pwm_single_xlate() 2024-03-29 13:50:10 +01:00
rapidio
ras RAS: Avoid build errors when CONFIG_DEBUG_FS=n 2024-03-26 21:48:21 +01:00
regulator regulator: Fix for v6.9 2024-03-22 09:52:37 -07:00
remoteproc remoteproc updates for v6.9 2024-03-21 10:37:39 -07:00
reset
rpmsg
rtc RTC for 6.9 2024-03-21 17:16:46 -07:00
s390 s390/ism: fix receive message buffer allocation 2024-04-08 11:55:45 +01:00
sbus This includes the following changes related to sparc for v6.9: 2024-03-15 12:47:21 -07:00
scsi scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload 2024-03-25 20:47:05 -04:00
sh
siox SIOX changes for 6.9-rc1 2024-03-21 15:18:18 -07:00
slimbus slimbus: core: make slimbus_bus const 2024-03-07 20:21:39 +00:00
soc Including fixes from CAN, netfilter, wireguard and IPsec. 2024-03-21 14:50:39 -07:00
soundwire soundwire updates for 6.9 2024-03-15 12:22:52 -07:00
spi spi: Fixes for v6.9 2024-03-22 09:57:00 -07:00
spmi
ssb
staging staging: vc04_services: fix information leak in create_component() 2024-03-25 19:10:01 +01:00
target Merge branch '6.9/scsi-queue' into 6.9/scsi-fixes 2024-03-25 14:03:35 -04:00
tc
tee ARM: SoC drivers for 6.9 2024-03-12 10:35:24 -07:00
thermal thermal: devfreq_cooling: Fix perf state when calculate dfc res_util 2024-03-27 16:27:39 +01:00
thunderbolt USB/Thunderbolt changes for 6.9-rc1 2024-03-21 12:35:20 -07:00
tty TTY/Serial driver update for 6.9-rc1 2024-03-21 12:44:10 -07:00
ufs Merge branch '6.9/scsi-queue' into 6.9/scsi-fixes 2024-03-25 14:03:35 -04:00
uio Fix build errors due to new UIO_MEM_DMA_COHERENT mess 2024-03-27 09:48:47 -07:00
usb USB: core: Fix deadlock in port "disable" sysfs attribute 2024-03-26 15:02:28 +01:00
vdpa vDPA: report virtio-blk flush info to user space 2024-03-19 02:45:51 -04:00
vfio VFIO updates for v6.9-rc1 2024-03-15 13:21:13 -07:00
vhost virtio: features, fixes 2024-03-19 08:57:39 -07:00
video fbdev: Select I/O-memory framebuffer ops for SBus 2024-03-25 21:34:08 +01:00
virt virt: efi_secret: Convert to platform remove callback returning void 2024-03-09 11:37:18 +01:00
virtio virtio: packed: fix unmap leak for indirect desc table 2024-03-19 03:19:22 -04:00
w1
watchdog linux-watchdog 6.9-rc1 tag 2024-03-17 12:06:10 -07:00
xen xen: branch for v6.9-rc1 2024-03-19 08:48:09 -07:00
zorro
Kconfig
Makefile Revert "leds: Only descend into leds directory when CONFIG_NEW_LEDS is set" 2024-03-07 08:48:10 +00:00