asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/drivers
History
Lukasz Majczak 2fbae63413 drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() 
commit 3d887d512494d678b17c57b835c32f4e48d34f26 upstream.

As drm_dp_get_mst_branch_device_by_guid() is called from
drm_dp_get_mst_branch_device_by_guid(), mstb parameter has to be checked,
otherwise NULL dereference may occur in the call to
the memcpy() and cause following:

[12579.365869] BUG: kernel NULL pointer dereference, address: 0000000000000049
[12579.365878] #PF: supervisor read access in kernel mode
[12579.365880] #PF: error_code(0x0000) - not-present page
[12579.365882] PGD 0 P4D 0
[12579.365887] Oops: 0000 [#1] PREEMPT SMP NOPTI
...
[12579.365895] Workqueue: events_long drm_dp_mst_up_req_work
[12579.365899] RIP: 0010:memcmp+0xb/0x29
[12579.365921] Call Trace:
[12579.365927] get_mst_branch_device_by_guid_helper+0x22/0x64
[12579.365930] drm_dp_mst_up_req_work+0x137/0x416
[12579.365933] process_one_work+0x1d0/0x419
[12579.365935] worker_thread+0x11a/0x289
[12579.365938] kthread+0x13e/0x14f
[12579.365941] ? process_one_work+0x419/0x419
[12579.365943] ? kthread_blkcg+0x31/0x31
[12579.365946] ret_from_fork+0x1f/0x30

As get_mst_branch_device_by_guid_helper() is recursive, moving condition
to the first line allow to remove a similar one for step over of NULL elements
inside a loop.

Fixes: 5e93b8208d ("drm/dp/mst: move GUID storage from mgr, port to only mst branch")
Cc: <stable@vger.kernel.org> # 4.14+
Signed-off-by: Lukasz Majczak <lma@semihalf.com>
Reviewed-by: Radoslaw Biernacki <rad@chromium.org>
Signed-off-by: Manasi Navare <navaremanasi@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230922063410.23626-1-lma@semihalf.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-11-08 11:22:17 +01:00
..
accessibility
acpi ACPI: irq: Fix incorrect return value in acpi_register_gsi() 2023-10-25 11:17:02 +02:00
amba amba: bus: fix refcount leak 2023-09-23 10:48:09 +02:00
android binder: fix memory leak in binder_init() 2023-08-16 18:13:00 +02:00
ata ata: libata-eh: Fix compilation warning in ata_eh_link_report() 2023-10-25 11:16:54 +02:00
atm treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
auxdisplay
base regmap: fix NULL deref on lookup 2023-10-25 11:16:42 +02:00
bcma
block loop: Select I/O scheduler 'none' from inside add_disk() 2023-08-11 11:45:36 +02:00
bluetooth Bluetooth: vhci: Fix race when opening vhci device 2023-10-25 11:16:40 +02:00
bus bus: imx-weim: fix branch condition evaluates to a garbage value 2023-04-05 11:15:38 +02:00
cdrom
char parisc: sba: Fix compile warning wrt list of SBA devices 2023-10-10 21:44:58 +02:00
clk clk: tegra: fix error return case for recalc_rate 2023-10-10 21:44:58 +02:00
clocksource clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe 2023-08-11 11:45:02 +02:00
connector
cpufreq cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug 2023-09-23 10:48:11 +02:00
cpuidle sched,idle,rcu: Push rcu_idle deeper into the idle path 2023-10-25 11:16:26 +02:00
crypto crypto: stm32 - fix loop iterating through scatterlist for DMA 2023-09-23 10:48:11 +02:00
dax
dca
devfreq PM / devfreq: Fix leak in devfreq_dev_release() 2023-09-23 10:48:10 +02:00
dio drivers: dio: fix possible memory leak in dio_init() 2023-01-18 11:30:23 +01:00
dma dmaengine: stm32-mdma: abort resume if no ongoing transfer 2023-10-25 11:16:27 +02:00
dma-buf dma-buf/sw_sync: Avoid recursive lock during fence signal 2023-08-30 16:31:56 +02:00
edac EDAC/skx: Fix overflows on the DRAM row address mapping arrays 2023-05-17 11:13:09 +02:00
eisa
extcon extcon: Fix kernel doc of property capability fields to avoid warnings 2023-08-11 11:45:12 +02:00
firewire treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
firmware firmware: arm_sdei: Fix sleep from invalid context BUG 2023-05-30 12:42:08 +01:00
fmc
fpga fpga: bridge: fix kernel-doc parameter description 2023-05-17 11:13:15 +02:00
fsi fsi: master-ast-cf: Add MODULE_FIRMWARE macro 2023-09-23 10:47:57 +02:00
gnss
gpio gpio: vf610: set value before the direction to avoid a glitch 2023-10-25 11:17:02 +02:00
gpu drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() 2023-11-08 11:22:17 +01:00
hid HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event 2023-10-25 11:16:55 +02:00
hsi HSI: omap_ssi_core: Fix error handling in ssi_init() 2023-01-18 11:30:30 +01:00
hv Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs 2023-06-28 10:15:28 +02:00
hwmon hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled 2023-08-11 11:45:34 +02:00
hwspinlock
hwtracing coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet() 2023-05-30 12:42:15 +01:00
i2c i2c: stm32f7: Fix PEC handling in case of SMBUS transfers 2023-11-08 11:22:16 +01:00
ide treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
idle intel_idle: Disable IBRS during long idle 2022-11-23 07:53:45 +01:00
iio iio: exynos-adc: request second interupt only when touchscreen mode is used 2023-11-08 11:22:17 +01:00
infiniband RDMA/cxgb4: Check skb value for failure to allocate 2023-10-25 11:16:19 +02:00
input Input: xpad - add PXN V900 support 2023-10-25 11:16:33 +02:00
iommu iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() 2023-01-18 11:30:55 +01:00
ipack
irqchip irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable 2023-08-30 16:31:56 +02:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-16 18:13:00 +02:00
leds
lightnvm
macintosh macintosh: via-pmu-led: requires ATA to be set 2023-05-17 11:13:18 +02:00
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-08-11 11:45:13 +02:00
mcb mcb-lpc: Reallocate memory region to avoid memory overlapping 2023-11-08 11:22:15 +01:00
md md/raid1: fix error: ISO C90 forbids mixed declarations 2023-09-23 10:48:17 +02:00
media media: dvb: symbol fixup for dvb_attach() - again 2023-10-10 21:45:00 +02:00
memory memory: of: Fix refcount leak bug in of_get_ddr_timings() 2022-10-26 13:19:28 +02:00
memstick memstick r592: make memstick_debug_get_tpc_name() static 2023-08-11 11:45:06 +02:00
message scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition 2023-05-30 12:42:09 +01:00
mfd mfd: stmpe: Only disable the regulators if they are enabled 2023-08-11 11:45:13 +02:00
misc misc: pci_endpoint_test: Re-init completion for every test 2023-08-11 11:45:21 +02:00
mmc mmc: core: sdio: hold retuning if sdio in 1-bit mode 2023-11-08 11:22:14 +01:00
mtd mtd: spinand: micron: correct bitmask for ecc status 2023-10-25 11:17:00 +02:00
mux
net i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR 2023-11-08 11:22:16 +01:00
nfc nfcsim.c: Fix error checking for debugfs_create_dir 2023-06-28 10:15:31 +02:00
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-23 10:48:10 +02:00
nubus
nvdimm
nvme nvme-pci: do not set the NUMA node of device if it has none 2023-10-10 21:44:59 +02:00
nvmem nvmem: imx: correct nregs for i.MX6UL 2023-11-08 11:22:16 +01:00
of of: unittest: Fix overlay type in apply/revert check 2023-09-23 10:48:04 +02:00
opp
oprofile
parisc parisc: iosapic.c: Fix sparse warnings 2023-10-10 21:44:58 +02:00
parport parport_pc: Avoid FIFO port location truncation 2022-11-25 17:40:23 +01:00
pci Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3" 2023-10-10 21:45:00 +02:00
pcmcia pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() 2023-08-30 16:31:43 +02:00
perf perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() 2023-01-18 11:30:02 +01:00
phy phy: mapphone-mdm6600: Fix runtime PM for remove 2023-10-25 11:17:02 +02:00
pinctrl Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" 2023-10-25 11:17:01 +02:00
platform platform/x86: intel: hid: Always call BTNL ACPI method 2023-09-23 10:47:58 +02:00
pnp PNP: fix name memory leak in pnp_alloc_dev() 2023-01-18 11:30:05 +01:00
power power: supply: Fix logic checking if system is running from battery 2023-06-21 15:39:56 +02:00
powercap powercap: fix possible name leak in powercap_register_zone() 2023-03-11 16:31:36 +01:00
pps
ps3
ptp
pwm pwm: lpc32xx: Remove handling of PWM channels 2023-09-23 10:48:13 +02:00
rapidio rapidio: devices: fix missing put_device in mport_cdev_open 2023-01-18 11:30:08 +01:00
ras
regulator regulator: Fix error checking for debugfs_create_dir 2023-06-21 15:39:56 +02:00
remoteproc
reset
rpmsg rpmsg: glink: Add check for kstrdup 2023-09-23 10:48:09 +02:00
rtc rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff 2023-09-23 10:47:56 +02:00
s390 scsi: zfcp: Fix a double put in zfcp_port_enqueue() 2023-10-10 21:45:00 +02:00
sbus
scsi scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers 2023-10-10 21:44:59 +02:00
sfi
sh
siox siox: fix possible memory leak in siox_device_add() 2022-11-25 17:40:23 +01:00
slimbus slimbus: stream: correct presence rate frequencies 2022-11-25 17:40:25 +01:00
sn
soc soc: qcom: qmi_encdec: Restrict string length in decode 2023-09-23 10:48:12 +02:00
soundwire
spi spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() 2023-09-23 10:48:00 +02:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-05-17 11:13:17 +02:00
ssb treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
staging erofs: ensure that the post-EOF tails are all zeroed 2023-09-23 10:47:56 +02:00
target scsi: target: core: Fix deadlock due to recursive locking 2023-10-10 21:45:01 +02:00
tc
tee
thermal thermal: intel: powerclamp: Fix cur_state for multi package system 2023-03-11 16:32:02 +01:00
thunderbolt thunderbolt: Use const qualifier for ring_interrupt_index 2023-04-05 11:15:35 +02:00
tty serial: 8250_port: Check IRQ data before use 2023-10-10 21:44:59 +02:00
uio uio: uio_dmem_genirq: Fix deadlock between irq config and handling 2023-01-18 11:30:25 +01:00
usb USB: serial: option: add Fibocom to DELL custom modem FM101R-GL 2023-10-25 11:17:02 +02:00
uwb
vfio vfio: platform: Do not pass return buffer to ACPI _RST method 2023-01-18 11:30:25 +01:00
vhost treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
video fbdev/sh7760fb: Depend on FB=y 2023-10-10 21:44:59 +02:00
virt
virtio virtio-mmio: fix memory leak of vm_dev 2023-11-08 11:22:15 +01:00
visorbus
vlynq
vme vme: Fix error not catched in fake_init() 2023-01-18 11:30:28 +01:00
w1 w1: fix loop in w1_fini() 2023-08-11 11:45:11 +02:00
watchdog watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running 2023-10-10 21:44:59 +02:00
xen xen/events: replace evtchn_rwlock with RCU 2023-10-10 21:45:02 +02:00
zorro
Kconfig
Makefile