asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/drivers
History
Dan Carpenter 043bf2daf5 drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() 
[ Upstream commit 09c4b49457434fa74749ad6194ef28464d9f5df9 ]

This doesn't affect runtime because in the current code "idx" is always
valid.

First, we read from "vgdev->capsets[idx].max_size" before checking
whether "idx" is within bounds.  And secondly the bounds check is off by
one so we could end up reading one element beyond the end of the
vgdev->capsets[] array.

Fixes: 62fb7a5e10 ("virtio-gpu: add 3d/virgl support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20180704094250.m7sgvvzg3dhcvv3h@kili.mountain
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-01-27 14:49:54 +01:00
..
accessibility
acpi ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 2020-01-09 10:19:04 +01:00
amba
android binder: Handle start==NULL in binder_update_page_range() 2019-12-13 08:52:52 +01:00
ata libata: Fix retrieving of active qcs 2020-01-09 10:19:01 +01:00
atm atm: zatm: Fix empty body Clang warnings 2019-12-01 09:16:41 +01:00
auxdisplay
base drivers/base/platform.c: kmemleak ignore a known leak 2019-12-05 09:21:04 +01:00
bcma
block xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk 2020-01-23 08:21:36 +01:00
bluetooth Bluetooth: btusb: fix PM leak in error case of setup 2020-01-09 10:19:04 +01:00
bus bus: ti-sysc: Fix getting optional clocks in clock_roles 2019-12-13 08:51:23 +01:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:13:12 +01:00
char ipmi: Fix memory leak in __ipmi_bmc_register 2020-01-27 14:49:53 +01:00
clk clk: sprd: Use IS_ERR() to validate the return value of syscon_regmap_lookup_by_phandle() 2020-01-23 08:21:39 +01:00
clocksource clocksource/drivers/timer-of: Use unique device name instead of timer 2020-01-04 19:12:45 +01:00
connector
cpufreq cpufreq: imx6q: read OCOTP through nvmem for imx6ul/imx6ull 2020-01-12 12:17:24 +01:00
cpuidle cpuidle: Do not unset the driver if it is there already 2019-12-17 20:35:00 +01:00
crypto crypto: sun4i-ss - fix big endian issues 2020-01-27 14:49:53 +01:00
dax
dca
devfreq PM / devfreq: Check NULL governor in available_governors_show 2020-01-09 10:19:03 +01:00
dio
dma ioat: ioat_alloc_ring() failure handling. 2020-01-17 19:47:16 +01:00
dma-buf dma-buf: Fix memory leak in sync_file_merge() 2019-12-21 10:57:38 +01:00
edac EDAC/ghes: Fix grain calculation 2019-12-31 16:35:58 +01:00
eisa
extcon extcon: sm5502: Reset registers during initialization 2019-12-31 16:35:11 +01:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:19:09 +01:00
firmware Revert "efi: Fix debugobjects warning on 'efi_rts_work'" 2020-01-27 14:49:51 +01:00
fmc
fpga fpga: altera-ps-spi: Fix getting of optional confd gpio 2019-09-21 07:16:53 +02:00
fsi fsi: core: Fix small accesses and unaligned offsets via sysfs 2019-12-31 16:35:55 +01:00
gnss
gpio gpio: mpc8xxx: Add platform device to gpiochip->parent 2020-01-17 19:47:14 +01:00
gpu drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() 2020-01-27 14:49:54 +01:00
hid HID: hidraw, uhid: Always report EPOLLOUT 2020-01-17 19:46:55 +01:00
hsi
hv vmbus: keep pointer to ring buffer page 2019-11-20 18:47:31 +01:00
hwmon hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call 2020-01-23 08:21:39 +01:00
hwspinlock
hwtracing intel_th: pci: Add Elkhart Lake SOC support 2019-12-31 16:36:24 +01:00
i2c i2c: i2c-stm32f7: fix 10-bits check in slave free id search loop 2020-01-27 14:49:51 +01:00
ide
idle
iio iio: buffer: align the size of scan bytes to size of the largest element 2020-01-23 08:21:27 +01:00
infiniband RDMA/srpt: Report the SCSI residual to the initiator 2020-01-17 19:47:03 +01:00
input Input: input_event - fix struct padding on sparc64 2020-01-14 20:07:01 +01:00
iommu iommu/mediatek: Correct the flush_iotlb_all callback 2020-01-17 19:47:11 +01:00
ipack
irqchip irqchip: Place CONFIG_SIFIVE_PLIC into the menu 2020-01-23 08:21:36 +01:00
isdn staging: gigaset: add endpoint-type sanity check 2019-12-17 20:34:33 +01:00
leds leds: lm3692x: Handle failure to probe the regulator 2020-01-04 19:12:43 +01:00
lightnvm lightnvm: pblk: consider max hw sectors supported for max_write_pgs 2019-11-24 08:20:52 +01:00
macintosh macintosh/windfarm_smu_sat: Fix debug output 2019-12-01 09:16:37 +01:00
mailbox mailbox: imx: Fix Tx doorbell shutdown path 2020-01-04 19:13:17 +01:00
mcb
md block: fix an integer overflow in logical block size 2020-01-23 08:21:29 +01:00
media media: exynos4-is: Fix recursive locking in isp_video_release() 2020-01-17 19:47:11 +01:00
memory memory: omap-gpmc: Get the header of the enum 2019-12-05 09:20:29 +01:00
memstick memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' 2019-10-29 09:20:07 +01:00
message scsi: mptfusion: Fix double fetch bug in ioctl 2020-01-23 08:21:28 +01:00
mfd mfd: intel-lpss: Add default I2C device properties for Gemini Lake 2020-01-27 14:49:51 +01:00
misc soc: aspeed: Fix snoop_file_poll()'s return type 2020-01-27 14:49:53 +01:00
mmc mmc: sdhci: Add a quirk for broken command queuing 2019-12-31 16:36:36 +01:00
mtd mtd: devices: fix mchp23k256 read and write 2020-01-23 08:21:37 +01:00
mux
net ixgbe: don't clear IPsec sa counters on HW clearing 2020-01-27 14:49:54 +01:00
nfc NFC: pn533: fix bulk-message timeout 2020-01-23 08:21:34 +01:00
ntb ntb: intel: fix return value for ndev_vec_mask() 2019-12-01 09:17:13 +01:00
nubus
nvdimm libnvdimm/btt: fix variable 'rc' set but not used 2020-01-04 19:13:00 +01:00
nvme nvme-fc: fix double-free scenarios on hw queues 2020-01-09 10:18:54 +01:00
nvmem nvmem: imx-ocotp: reset error status on probe 2019-12-31 16:35:37 +01:00
of of: unittest: fix memory leak in attach_node_and_children 2019-12-17 20:36:04 +01:00
opp OPP: Return error on error from dev_pm_opp_get_opp_count() 2019-11-24 08:20:06 +01:00
oprofile
parisc parisc: Disable HP HSC-PCI Cards to prevent kernel crash 2019-10-05 13:10:04 +02:00
parport parport: load lowlevel driver if ports not found 2019-12-31 16:36:01 +01:00
pci PCI/PTM: Remove spurious "d" from granularity message 2020-01-17 19:47:08 +01:00
pcmcia
perf
phy phy: cpcap-usb: Fix flakey host idling and enumerating of devices 2020-01-14 20:07:08 +01:00
pinctrl pinctrl: lewisburg: Update pin list according to v1.1v6 2020-01-17 19:47:06 +01:00
platform platform/x86: GPD pocket fan: Use default values when wrong modparams are given 2020-01-17 19:47:04 +01:00
pnp
power power: supply: cpcap-battery: Fix signed counter sample register 2019-12-17 20:35:37 +01:00
powercap
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:21:35 +01:00
pwm pwm: Clear chip_data in pwm_put() 2019-12-05 09:21:29 +01:00
rapidio
ras
regulator regulator: rn5t618: fix module aliases 2020-01-12 12:17:18 +01:00
remoteproc remoteproc: qcom: q6v5: Fix a race condition on fatal crash 2019-11-24 08:20:29 +01:00
reset reset: Fix memory leak in reset_control_array_put() 2019-12-05 09:19:36 +01:00
rpmsg rpmsg: glink: Free pending deferred work on remove 2019-12-21 10:57:30 +01:00
rtc rtc: brcmstb-waketimer: add missed clk_disable_unprepare 2020-01-17 19:47:13 +01:00
s390 s390/qeth: Fix vnicc_is_in_use if rx_bcast not set 2020-01-17 19:47:01 +01:00
sbus
scsi scsi: core: scsi_trace: Use get_unaligned_be*() 2020-01-23 08:21:38 +01:00
sfi
sh
siox
slimbus slimbus: ngd: Fix build error on x86 2019-12-13 08:51:54 +01:00
sn
soc soc: renesas: r8a77990-sysc: Fix initialization order of 3DG-{A,B} 2019-12-13 08:52:29 +01:00
soundwire soundwire: intel: fix PDI/stream mapping for Bulk 2019-12-31 16:35:55 +01:00
spi spi: atmel: fix handling of cs_change set on non-last xfer 2020-01-17 19:47:12 +01:00
spmi
ssb
staging staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 2020-01-14 20:07:05 +01:00
target scsi: target: core: Fix a pr_debug() argument 2020-01-23 08:21:38 +01:00
tc
tee tee: optee: add missing of_node_put after of_device_is_available 2019-11-24 08:19:08 +01:00
thermal thermal: Fix deadlock in thermal thermal_zone_device_check 2019-12-13 08:52:50 +01:00
thunderbolt thunderbolt: Power cycle the router if NVM authentication fails 2019-12-05 09:21:27 +01:00
tty tty: serial: pch_uart: correct usage of dma_unmap_sg 2020-01-17 19:47:09 +01:00
uio vmbus: keep pointer to ring buffer page 2019-11-20 18:47:31 +01:00
usb usb: core: hub: Improved device recognition on remote wakeup 2020-01-23 08:21:29 +01:00
uwb
vfio vfio/pci: call irq_bypass_unregister_producer() before freeing irq 2019-12-21 10:57:37 +01:00
vhost vhost/vsock: accept only packets with the right dst_cid 2020-01-04 19:13:36 +01:00
video video/hdmi: Fix AVI bar unpack 2019-12-17 20:35:17 +01:00
virt virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr 2019-11-06 13:06:04 +01:00
virtio virtio-balloon: fix managed page counts when migrating pages between zones 2019-12-17 20:34:43 +01:00
visorbus
vlynq
vme
w1 w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). 2019-12-01 09:16:22 +01:00
watchdog watchdog: sprd: Fix the incorrect pointer getting from driver data 2020-01-27 14:49:53 +01:00
xen xen/balloon: fix ballooned page accounting without hotplug enabled 2020-01-09 10:18:58 +01:00
zorro
Kconfig
Makefile