mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 13:53:33 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Dmitry Osipenko 18bbb1d165 usb: otg-fsm: Fix hrtimer list corruption 
commit bf88fef0b6 upstream.

The HNP work can be re-scheduled while it's still in-fly. This results in
re-initialization of the busy work, resetting the hrtimer's list node of
the work and crashing kernel with null dereference within kernel/timer
once work's timer is expired. It's very easy to trigger this problem by
re-plugging USB cable quickly. Initialize HNP work only once to fix this
trouble.

 Unable to handle kernel NULL pointer dereference at virtual address 00000126)
 ...
 PC is at __run_timers.part.0+0x150/0x228
 LR is at __next_timer_interrupt+0x51/0x9c
 ...
 (__run_timers.part.0) from [<c0187a2b>] (run_timer_softirq+0x2f/0x50)
 (run_timer_softirq) from [<c01013ad>] (__do_softirq+0xd5/0x2f0)
 (__do_softirq) from [<c012589b>] (irq_exit+0xab/0xb8)
 (irq_exit) from [<c0170341>] (handle_domain_irq+0x45/0x60)
 (handle_domain_irq) from [<c04c4a43>] (gic_handle_irq+0x6b/0x7c)
 (gic_handle_irq) from [<c0100b65>] (__irq_svc+0x65/0xac)

Cc: stable@vger.kernel.org
Acked-by: Peter Chen <peter.chen@kernel.org>
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Link: https://lore.kernel.org/r/20210717182134.30262-6-digetx@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-08-15 13:03:31 +02:00
..
accessibility
acpi Revert "ACPICA: Fix memory leak caused by _CID repair function" 2021-08-15 13:03:28 +02:00
amba
android
ata ata: ahci_sunxi: Disable DIPM 2021-07-20 16:17:46 +02:00
atm atm: nicstar: register the interrupt handler in the right place 2021-07-20 16:17:44 +02:00
auxdisplay
base
bcma
block virtio-blk: Fix memory leak among suspend/resume procedure 2021-07-20 16:17:53 +02:00
bluetooth Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. 2021-07-20 16:17:45 +02:00
bus
cdrom
char virtio_console: Assure used length from device is limited 2021-07-20 16:17:53 +02:00
clk clk: stm32f4: fix post divisor setup for I2S/SAI PLLs 2021-08-15 13:03:28 +02:00
clocksource
connector
cpufreq
cpuidle
crypto crypto: nx - Fix RCU warning in nx842_OF_upd_status 2021-07-20 16:17:35 +02:00
dax
dca
devfreq
dio
dma
dma-buf dma-buf/sync_file: Don't leak fences on merge failure 2021-07-28 11:12:16 +02:00
edac
eisa
extcon extcon: max8997: Add missing modalias string 2021-07-20 16:17:41 +02:00
firewire
firmware qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute 2021-07-20 16:17:47 +02:00
fmc
fpga
fsi
gpio gpio: zynq: Check return value of pm_runtime_get_sync 2021-07-20 16:17:50 +02:00
gpu drm: Return -ENOTTY for non-drm ioctls 2021-07-28 11:12:20 +02:00
hid HID: wacom: Correct base usage for capacitive ExpressKey status bits 2021-07-20 16:17:34 +02:00
hsi
hv hv_utils: Fix passing zero to 'PTR_ERR' warning 2021-07-20 16:17:33 +02:00
hwmon hwmon: (max31790) Fix fan speed reporting for fan7..12 2021-07-20 16:17:35 +02:00
hwspinlock
hwtracing intel_th: Wait until port is in reset before programming it 2021-07-20 16:17:51 +02:00
i2c i2c: core: Disable client irq on reboot/shutdown 2021-07-20 16:17:51 +02:00
ide
idle
iio iio: accel: bma180: Fix BMA25x bandwidth register values 2021-07-28 11:12:20 +02:00
infiniband RDMA/cma: Fix rdma_resolve_route() memory leak 2021-07-20 16:17:45 +02:00
input Input: hil_kbd - fix error return code in hil_dev_connect() 2021-07-20 16:17:40 +02:00
iommu
ipack ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe 2021-07-20 16:17:47 +02:00
irqchip
isdn mISDN: fix possible use-after-free in HFC_cleanup() 2021-07-20 16:17:42 +02:00
leds leds: ktd2692: Fix an error handling path 2021-07-20 16:17:41 +02:00
lightnvm
macintosh
mailbox
mcb
md dm btree remove: assign new_root only when removal succeeds 2021-07-20 16:17:47 +02:00
media media: videobuf2-core: dequeue if start_streaming fails 2021-08-15 13:03:29 +02:00
memory memory: fsl_ifc: fix leak of private memory on probe failure 2021-07-20 16:17:55 +02:00
memstick
message
mfd mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE 2021-07-20 16:17:49 +02:00
misc misc/libmasm/module: Fix two use after free in ibmasm_init_one 2021-07-20 16:17:48 +02:00
mmc mmc: core: Allow UHS-I voltage switch for SDSC cards if supported 2021-07-20 16:17:46 +02:00
mtd
mux
net net: vxge: fix use-after-free in vxge_device_unregister 2021-08-15 13:03:30 +02:00
nfc nfc: nfcsim: fix use after free during module unload 2021-08-04 12:22:16 +02:00
ntb
nubus
nvdimm
nvme
nvmem
of of: Fix truncation of memory sizes on 32-bit platforms 2021-07-20 16:17:40 +02:00
oprofile
parisc
parport
pci PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun 2021-07-20 16:17:53 +02:00
pcmcia
perf
phy phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe() 2021-07-20 16:17:41 +02:00
pinctrl pinctrl/amd: Add device HID for new AMD GPIO controller 2021-07-20 16:17:46 +02:00
platform platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() 2021-07-20 16:17:33 +02:00
pnp
power power: supply: rt5033_battery: Fix device tree enumeration 2021-07-20 16:17:53 +02:00
powercap
pps
ps3
ptp
pwm pwm: tegra: Don't modify HW state in .remove callback 2021-07-20 16:17:52 +02:00
rapidio
ras
regulator regulator: da9052: Ensure enough delay time for .set_voltage_time_sel 2021-07-20 16:17:32 +02:00
remoteproc
reset reset: ti-syscon: fix to_ti_syscon_reset_data macro 2021-07-28 11:12:14 +02:00
rpmsg
rtc rtc: max77686: Do not enforce (incorrect) interrupt trigger type 2021-07-28 11:12:15 +02:00
s390 s390/sclp_vt220: fix console name to match device 2021-07-20 16:17:50 +02:00
sbus
scsi scsi: sr: Return correct event when media event code is 3 2021-08-15 13:03:28 +02:00
sfi
sh
sn
soc
spi spi: mediatek: Fix fifo transfer 2021-08-08 08:53:30 +02:00
spmi
ssb ssb: sdio: Don't overwrite const buffer if block_write fails 2021-07-20 16:17:30 +02:00
staging staging: rtl8723bs: fix macro value for 2.4Ghz only device 2021-07-20 16:17:51 +02:00
target scsi: target: Fix protect handling in WRITE SAME(32) 2021-07-28 11:12:18 +02:00
tc
tee
thermal thermal/core: Correct function name thermal_zone_device_unregister() 2021-07-28 11:12:15 +02:00
thunderbolt
tty tty: serial: 8250: serial_cs: Fix a memory leak in error handling path 2021-07-20 16:17:49 +02:00
uio
usb usb: otg-fsm: Fix hrtimer list corruption 2021-08-15 13:03:31 +02:00
uwb
vfio
vhost
video backlight: lm3630a: Fix return code of .update_status() callback 2021-07-20 16:17:51 +02:00
virt
virtio
vlynq
vme
w1 w1: ds2438: fixing bug that would always get page0 2021-07-20 16:17:49 +02:00
watchdog Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" 2021-08-08 08:53:29 +02:00
xen xen/events: reset active flag for lateeoi events later 2021-07-11 12:48:13 +02:00
zorro
Kconfig
Makefile