mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/video/fbdev
History
Dongliang Mu b76449ee75 fbdev: smscufx: fix error handling code in ufx_usb_probe 
The current error handling code in ufx_usb_probe have many unmatching
issues, e.g., missing ufx_free_usb_list, destroy_modedb label should
only include framebuffer_release, fb_dealloc_cmap only matches
fb_alloc_cmap.

My local syzkaller reports a memory leak bug:

memory leak in ufx_usb_probe

BUG: memory leak
unreferenced object 0xffff88802f879580 (size 128):
  comm "kworker/0:7", pid 17416, jiffies 4295067474 (age 46.710s)
  hex dump (first 32 bytes):
    80 21 7c 2e 80 88 ff ff 18 d0 d0 0c 80 88 ff ff  .!|.............
    00 d0 d0 0c 80 88 ff ff e0 ff ff ff 0f 00 00 00  ................
  backtrace:
    [<ffffffff814c99a0>] kmalloc_trace+0x20/0x90 mm/slab_common.c:1045
    [<ffffffff824d219c>] kmalloc include/linux/slab.h:553 [inline]
    [<ffffffff824d219c>] kzalloc include/linux/slab.h:689 [inline]
    [<ffffffff824d219c>] ufx_alloc_urb_list drivers/video/fbdev/smscufx.c:1873 [inline]
    [<ffffffff824d219c>] ufx_usb_probe+0x11c/0x15a0 drivers/video/fbdev/smscufx.c:1655
    [<ffffffff82d17927>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
    [<ffffffff82712f0d>] call_driver_probe drivers/base/dd.c:560 [inline]
    [<ffffffff82712f0d>] really_probe+0x12d/0x390 drivers/base/dd.c:639
    [<ffffffff8271322f>] __driver_probe_device+0xbf/0x140 drivers/base/dd.c:778
    [<ffffffff827132da>] driver_probe_device+0x2a/0x120 drivers/base/dd.c:808
    [<ffffffff82713c27>] __device_attach_driver+0xf7/0x150 drivers/base/dd.c:936
    [<ffffffff82710137>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427
    [<ffffffff827136b5>] __device_attach+0x105/0x2d0 drivers/base/dd.c:1008
    [<ffffffff82711d36>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487
    [<ffffffff8270e242>] device_add+0x642/0xdc0 drivers/base/core.c:3517
    [<ffffffff82d14d5f>] usb_set_configuration+0x8ef/0xb80 drivers/usb/core/message.c:2170
    [<ffffffff82d2576c>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
    [<ffffffff82d16ffc>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
    [<ffffffff82712f0d>] call_driver_probe drivers/base/dd.c:560 [inline]
    [<ffffffff82712f0d>] really_probe+0x12d/0x390 drivers/base/dd.c:639
    [<ffffffff8271322f>] __driver_probe_device+0xbf/0x140 drivers/base/dd.c:778

Fix this bug by rewriting the error handling code in ufx_usb_probe.

Reported-by: syzkaller <syzkaller@googlegroups.com>
Tested-by: Dongliang Mu <dzm91@hust.edu.cn>
Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn>
Signed-off-by: Helge Deller <deller@gmx.de>
 		2022-12-14 20:01:50 +01:00
..
aty fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
core drm for 6.2: 2022-12-13 11:59:58 -08:00
geode fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
i810 fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
intelfb fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
kyro fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
matrox fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
mb862xx fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
mmp video: fbdev: mmp: replace usage of found with dedicated list iterator variable 2022-04-12 22:06:10 +02:00
nvidia fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
omap fbdev: omap: Remove unnecessary print function dev_err() 2022-08-24 21:53:41 +02:00
omap2 fbdev: omapfb: panel-sharp-ls037v7dw01: fix included headers 2022-12-14 20:01:50 +01:00
riva fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
savage fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
sis Linux 6.1-rc6 2022-11-24 11:05:43 +10:00
vermilion fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
via fbdev: via: Fix error in via_core_init() 2022-12-14 20:01:50 +01:00
68328fb.c video: fbdev: Make *fb_setup() and *fb_init() static 2022-07-18 07:54:20 +02:00
Kconfig fbdev: ssd1307fb: Drop optional dependency 2022-12-14 20:01:48 +01:00
Makefile ARM: omap1: move lcd_dma code into omapfb driver 2022-04-21 15:00:45 +02:00
acornfb.c video: fbdev: acornfb: remove free_unused_pages() 2021-02-24 13:38:31 -08:00
acornfb.h
amba-clcd.c video: fbdev: amba-clcd: Fix refcount leak bugs 2022-07-26 08:56:22 +02:00
amifb.c video: fbdev: amiga: Simplify amifb_pan_display() 2022-07-18 07:54:17 +02:00
arcfb.c video: fbdev: arcfb: remove redundant initialization of variable err 2021-07-21 13:09:21 +02:00
arkfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
asiliantfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
atafb.c video: fbdev: atari: Remove backward bug-compatibility 2022-07-18 07:56:18 +02:00
atafb.h
atafb_iplan2p2.c
atafb_iplan2p4.c
atafb_iplan2p8.c
atafb_mfb.c
atafb_utils.h
atmel_lcdfb.c video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() 2022-01-30 19:38:35 +01:00
au1100fb.c video: fbdev: au1100fb: Drop unnecessary NULL ptr check 2022-06-20 20:19:50 +02:00
au1100fb.h video: fbdev: au1100fb: Spelling s/palette/palette/ 2022-02-16 10:54:42 +01:00
au1200fb.c video: fbdev: au1200fb: Make use of dma_mmap_coherent() 2022-01-29 22:24:25 +01:00
au1200fb.h
broadsheetfb.c fbdev: Use pageref offset for deferred-I/O writeback 2022-05-03 16:04:22 +02:00
bt431.h
bt455.h
bw2.c fbdev: Move fbdev drivers from strlcpy to strscpy 2022-08-24 22:06:15 +02:00
c2p.h
c2p_core.h
c2p_iplan2.c
c2p_planar.c
carminefb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
carminefb.h
carminefb_regs.h
cg3.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
cg6.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
cg14.c
chipsfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
cirrusfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
clps711x-fb.c fbdev: Move fbdev drivers from strlcpy to strscpy 2022-08-24 22:06:15 +02:00
cobalt_lcdfb.c
controlfb.c fbdev: controlfb: Remove the unused function VAR_MATCH() 2022-10-08 15:20:08 +02:00
controlfb.h
cyber2000fb.c Linux 6.1-rc6 2022-11-24 11:05:43 +10:00
cyber2000fb.h
da8xx-fb.c fbdev: da8xx-fb: Fix error handling in .remove() 2022-10-18 10:22:28 +02:00
dnfb.c video: fbdev: Make *fb_setup() and *fb_init() static 2022-07-18 07:54:20 +02:00
edid.h
efifb.c Merge drm/drm-next into drm-misc-next 2022-06-20 18:21:25 +02:00
ep93xx-fb.c video: ep93xx: Prepare clock before using it 2021-07-26 22:10:29 +02:00
ffb.c fbdev: Move fbdev drivers from strlcpy to strscpy 2022-08-24 22:06:15 +02:00
fm2fb.c video: fbdev: Make *fb_setup() and *fb_init() static 2022-07-18 07:54:20 +02:00
fsl-diu-fb.c video: fbdev: fsl-diu-fb: remove unneeded variable 'res' 2020-10-17 08:23:14 +02:00
g364fb.c
gbefb.c fbdev: gbefb: Convert sysfs snprintf to sysfs_emit 2022-10-18 10:28:41 +02:00
goldfishfb.c video: fbdev: goldfishfb: Fix defined but not used warning 2020-12-08 18:34:50 +01:00
grvga.c
gxt4500.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
hecubafb.c fbdev: Rename pagelist to pagereflist for deferred I/O 2022-05-03 16:04:22 +02:00
hgafb.c video: hgafb: correctly handle card detect failure during probe 2021-05-21 15:04:05 +02:00
hitfb.c
hpfb.c video: fbdev: Make *fb_setup() and *fb_init() static 2022-07-18 07:54:20 +02:00
hyperv_fb.c drm for 6.2: 2022-12-13 11:59:58 -08:00
i740_reg.h
i740fb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
imsttfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
imxfb.c fbdev: imxfb: Remove redundant dev_err() call 2022-10-08 15:20:08 +02:00
leo.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
macfb.c
macmodes.c
macmodes.h
maxinefb.c
metronomefb.c fbdev: Use pageref offset for deferred-I/O writeback 2022-05-03 16:04:22 +02:00
mx3fb.c dmaengine: imx: Move header to include/dma/ 2022-04-19 12:06:18 +01:00
n411.c
neofb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
ocfb.c video: fbdev: ocfb: add const to of_device_id 2022-01-29 22:24:25 +01:00
offb.c video: fbdev: offb: Include missing linux/platform_device.h 2022-07-28 16:22:12 +10:00
p9100.c video: fbdev: sparc drivers: fix kernel-doc warnings for blank_mode 2020-12-08 18:34:08 +01:00
platinumfb.c video: fbdev: aty/matrox/...: Prepare cleanup of powerpc's asm/prom.h 2022-04-04 08:55:23 +02:00
platinumfb.h
pm2fb.c fbdev: pm2fb: fix missing pci_disable_device() 2022-12-14 20:01:50 +01:00
pm3fb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
pmag-aa-fb.c
pmag-ba-fb.c
pmagb-b-fb.c
ps3fb.c powerpc/ps3: make system bus's remove and shutdown callbacks return void 2020-12-04 01:01:22 +11:00
pvr2fb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
pxa3xx-gcu.c video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write 2022-06-20 20:12:17 +02:00
pxa3xx-gcu.h
pxa3xx-regs.h ARM: pxa: move regs-lcd.h into driver 2022-04-19 16:29:03 +02:00
pxa168fb.c fbdev: Move fbdev drivers from strlcpy to strscpy 2022-08-24 22:06:15 +02:00
pxa168fb.h
pxafb.c fbdev: pxafb: Remove unnecessary print function dev_err() 2022-12-14 20:01:50 +01:00
pxafb.h
q40fb.c video: fbdev: Make *fb_setup() and *fb_init() static 2022-07-18 07:54:20 +02:00
s1d13xxxfb.c video: fbdev: s1d13xxxfb: Fix kernel-doc and set but not used warnings 2020-11-29 22:51:07 +01:00
s3c-fb.c drm for 5.18-rc1 2022-03-24 16:19:43 -07:00
s3c2410fb-regs-lcd.h
s3c2410fb.c
s3c2410fb.h
s3fb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
sa1100fb.c video: fbdev: sa1100fb: Remove unused sa1100fb_setup() 2022-07-18 07:54:18 +02:00
sa1100fb.h
sbuslib.c
sbuslib.h
sh7760fb.c
sh_mobile_lcdcfb.c fbdev: Use pageref offset for deferred-I/O writeback 2022-05-03 16:04:22 +02:00
sh_mobile_lcdcfb.h
simplefb.c fbdev: Move fbdev drivers from strlcpy to strscpy 2022-08-24 22:06:15 +02:00
skeletonfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
sm501fb.c fbdev: sm501fb: Convert sysfs snprintf to sysfs_emit 2022-10-18 10:22:28 +02:00
sm712.h
sm712fb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
smscufx.c fbdev: smscufx: fix error handling code in ufx_usb_probe 2022-12-14 20:01:50 +01:00
ssd1307fb.c fbdev: ssd1307fb: Drop duplicate NULL checks for PWM APIs 2022-12-14 20:01:48 +01:00
sstfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
sticore.h parisc/stifb: Keep track of hardware path of graphics card 2022-06-04 15:47:03 +02:00
stifb.c fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards 2022-10-18 10:22:28 +02:00
sunxvr500.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
sunxvr1000.c fbdev: Move fbdev drivers from strlcpy to strscpy 2022-08-24 22:06:15 +02:00
sunxvr2500.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
tcx.c fbdev: Move fbdev drivers from strlcpy to strscpy 2022-08-24 22:06:15 +02:00
tdfxfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
tgafb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
tmiofb.c
tridentfb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
udlfb.c fbdev: udlfb: Remove redundant initialization to variable identical 2022-10-08 15:20:08 +02:00
uvesafb.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
valkyriefb.c video: fbdev: Make *fb_setup() and *fb_init() static 2022-07-18 07:54:20 +02:00
valkyriefb.h
vesafb.c video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup 2022-05-28 19:26:56 +02:00
vfb.c
vga16fb.c fbdev: vga16fb: Add missing MODULE_DEVICE_TABLE() entry 2022-10-08 15:20:09 +02:00
vt8500lcdfb.c
vt8500lcdfb.h
vt8623fb.c fbdev: Add support for the nomodeset kernel parameter 2022-11-16 13:26:25 +01:00
w100fb.c video: fbdev: w100fb: Reset global state 2022-01-29 22:24:26 +01:00
w100fb.h
wm8505fb.c
wm8505fb_regs.h
wmt_ge_rops.c video: fbdev: wmt_ge_rops: Fix function not declared warnings 2020-12-08 18:34:36 +01:00
wmt_ge_rops.h
xen-fbfront.c printk, xen: fbfront: create/use safe function for forcing preferred 2022-12-02 11:25:02 +01:00
xilinxfb.c fbdev: xilinxfb: Make xilinxfb_release() return void 2022-10-20 08:36:41 +02:00