redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/pci
History
Jubin Zhong be23b04074 PCI: Fix pci_slot_release() NULL pointer dereference 
commit 4684709bf8 upstream.

If kobject_init_and_add() fails, pci_slot_release() is called to delete
slot->list from parent->slots.  But slot->list hasn't been initialized
yet, so we dereference a NULL pointer:

  Unable to handle kernel NULL pointer dereference at virtual address
00000000
  ...
  CPU: 10 PID: 1 Comm: swapper/0 Not tainted 4.4.240 #197
  task: ffffeb398a45ef10 task.stack: ffffeb398a470000
  PC is at __list_del_entry_valid+0x5c/0xb0
  LR is at pci_slot_release+0x84/0xe4
  ...
  __list_del_entry_valid+0x5c/0xb0
  pci_slot_release+0x84/0xe4
  kobject_put+0x184/0x1c4
  pci_create_slot+0x17c/0x1b4
  __pci_hp_initialize+0x68/0xa4
  pciehp_probe+0x1a4/0x2fc
  pcie_port_probe_service+0x58/0x84
  driver_probe_device+0x320/0x470

Initialize slot->list before calling kobject_init_and_add() to avoid this.

Fixes: 8a94644b44 ("PCI: Fix pci_create_slot() reference count leak")
Link: https://lore.kernel.org/r/1606876422-117457-1-git-send-email-zhongjubin@huawei.com
Signed-off-by: Jubin Zhong <zhongjubin@huawei.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org	# v5.9+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-12-30 11:51:47 +01:00
..
controller PCI: iproc: Fix out-of-bound array accesses 2020-12-30 11:51:14 +01:00
endpoint PCI: endpoint: Fix for concurrent memory allocation in OB address region 2020-04-17 10:50:11 +02:00
hotplug PCI: pciehp: Fix MSI interrupt race 2020-10-01 13:17:52 +02:00
pcie PCI/ASPM: Add missing newline in sysfs 'policy' 2020-08-19 08:16:13 +02:00
switch PCI/switchtec: Fix init_completion race condition with poll_wait() 2020-04-17 10:50:02 +02:00
Kconfig pci-v5.4-changes 2019-09-23 19:16:01 -07:00
Makefile PCI: OF: Allow of_pci_get_max_link_speed() to be used by PCI Endpoint drivers 2019-04-15 13:24:02 +01:00
access.c PCI: Fix pci_cfg_wait queue locking problem 2020-08-19 08:16:11 +02:00
ats.c PCI: Fix typos and whitespace errors 2019-07-09 07:24:53 -05:00
bus.c PCI: Add device even if driver attach failed 2020-08-21 13:05:20 +02:00
ecam.c
host-bridge.c
iov.c PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY 2020-10-29 09:57:54 +01:00
irq.c
mmap.c PCI: Fix typos and whitespace errors 2019-07-09 07:24:53 -05:00
msi.c PCI/MSI: Fix incorrect MSI-X masking on resume 2019-12-21 11:04:28 +01:00
of.c PCI: OF: Correct of_irq_parse_pci() documentation 2019-08-30 14:00:34 -05:00
p2pdma.c PCI/P2PDMA: Update pci_p2pdma_distance_many() documentation 2019-08-16 08:41:59 -05:00
pci-acpi.c PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() 2020-12-30 11:51:32 +01:00
pci-bridge-emul.c PCI: pci-bridge-emul: Fix PCIe bit conflicts 2020-06-24 17:50:15 +02:00
pci-bridge-emul.h
pci-driver.c PCI/PM: Add missing link delays required by the PCIe spec 2020-04-29 16:33:06 +02:00
pci-label.c
pci-mid.c
pci-pf-stub.c PCI: Fix typos and whitespace errors 2019-07-09 07:24:53 -05:00
pci-stub.c PCI: Replace printk(KERN_INFO) with pr_info(), etc 2019-05-09 07:49:54 -05:00
pci-sysfs.c PCI: sysfs: Revert "rescan" file renames 2020-04-08 09:08:42 +02:00
pci.c PCI: Fix overflow in command-line resource alignment requests 2020-12-30 11:51:14 +01:00
pci.h PCI/PM: Add missing link delays required by the PCIe spec 2020-04-29 16:33:06 +02:00
probe.c PCI: Fix pci_register_host_bridge() device_register() error handling 2020-06-24 17:50:27 +02:00
proc.c Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
quirks.c PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken 2020-08-21 13:05:20 +02:00
remove.c
rom.c PCI: Use ioremap(), not phys_to_virt() for platform ROM 2020-10-01 13:17:51 +02:00
search.c PCI: Fix pci_add_dma_alias() bitmask size 2020-02-24 08:36:24 +01:00
setup-bus.c PCI: Avoid double hpmemsize MMIO window assignment 2020-10-01 13:17:19 +02:00
setup-irq.c
setup-res.c PCI: Allow pci_resize_resource() for devices on root bus 2020-06-24 17:50:11 +02:00
slot.c PCI: Fix pci_slot_release() NULL pointer dereference 2020-12-30 11:51:47 +01:00
syscall.c PCI: Lock down BAR access when the kernel is locked down 2019-08-19 21:54:15 -07:00
vc.c Merge branch 'pci/trivial' 2019-09-23 16:10:31 -05:00
vpd.c PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port 2019-09-16 14:10:09 +01:00
xen-pcifront.c Merge branch 'pci/printk' 2019-05-13 18:34:46 -05:00