redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
YueHaibing b2c01aab96 ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit 
Syzkaller report this:

kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 4492 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:sysfs_remove_file_ns+0x27/0x70 fs/sysfs/file.c:468
Code: 00 00 00 41 54 55 48 89 fd 53 49 89 d4 48 89 f3 e8 ee 76 9c ff 48 8d 7d 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 2d 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 8b 6d
RSP: 0018:ffff8881e9d9fc00 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff900367e0 RCX: ffffffff81a95952
RDX: 0000000000000006 RSI: ffffc90001405000 RDI: 0000000000000030
RBP: 0000000000000000 R08: fffffbfff1fa22ed R09: fffffbfff1fa22ed
R10: 0000000000000001 R11: fffffbfff1fa22ec R12: 0000000000000000
R13: ffffffffc1abdac0 R14: 1ffff1103d3b3f8b R15: 0000000000000000
FS:  00007fe409dc1700(0000) GS:ffff8881f1200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d721000 CR3: 00000001e98b6005 CR4: 00000000007606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 sysfs_remove_file include/linux/sysfs.h:519 [inline]
 driver_remove_file+0x40/0x50 drivers/base/driver.c:122
 pcmcia_remove_newid_file drivers/pcmcia/ds.c:163 [inline]
 pcmcia_unregister_driver+0x7d/0x2b0 drivers/pcmcia/ds.c:209
 ssb_modexit+0xa/0x1b [ssb]
 __do_sys_delete_module kernel/module.c:1018 [inline]
 __se_sys_delete_module kernel/module.c:961 [inline]
 __x64_sys_delete_module+0x3dc/0x5e0 kernel/module.c:961
 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe409dc0c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe409dc16bc
R13: 00000000004bccaa R14: 00000000006f6bc8 R15: 00000000ffffffff
Modules linked in: ssb(-) 3c59x nvme_core macvlan tap pata_hpt3x3 rt2x00pci null_blk tsc40 pm_notifier_error_inject notifier_error_inject mdio cdc_wdm nf_reject_ipv4 ath9k_common ath9k_hw ath pppox ppp_generic slhc ehci_platform wl12xx wlcore tps6507x_ts ioc4 nf_synproxy_core ide_gd_mod ax25 can_dev iwlwifi can_raw atm tm2_touchkey can_gw can sundance adp5588_keys rt2800mmio rt2800lib rt2x00mmio rt2x00lib eeprom_93cx6 pn533 lru_cache elants_i2c ip_set nfnetlink gameport tipc hampshire nhc_ipv6 nhc_hop nhc_udp nhc_fragment nhc_routing nhc_mobility nhc_dest 6lowpan silead brcmutil nfc mt76_usb mt76 mac80211 iptable_security iptable_raw iptable_mangle iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_gre sit hsr veth vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon vcan bridge stp llc ip6_gre ip6_tunnel tunnel6 tun joydev mousedev serio_raw ide_pci_generic piix floppy ide_core sch_fq_codel ip_tables x_tables ipv6
 [last unloaded: 3c59x]
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 3913cbf8011e1c05 ]---

In ssb_modinit, it does not fail SSB init when ssb_host_pcmcia_init failed,
however in ssb_modexit, ssb_host_pcmcia_exit calls pcmcia_unregister_driver
unconditionally, which may tigger a NULL pointer dereference issue as above.

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 399500da18 ("ssb: pick PCMCIA host code support from b43 driver")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 		2019-04-25 19:39:34 +03:00
..
accessibility
acpi libnvdimm fixes v5.1-rc6 2019-04-15 16:48:51 -07:00
amba ARM: 8836/1: drivers: amba: Update component matching to use the CoreSight UCI values. 2019-02-26 11:23:49 +00:00
android binder: fix race between munmap() and direct reclaim 2019-03-21 06:51:32 +01:00
ata libata: fix using DMA buffers on stack 2019-03-28 08:16:04 -06:00
atm
auxdisplay auxdisplay: charlcd: make backlight initial state configurable 2019-03-17 08:48:45 +01:00
base Device properties framework fix for 5.1-rc2 2019-03-22 12:08:52 -07:00
bcma
block Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-04-17 11:26:25 -07:00
bluetooth Bluetooth: btusb: request wake pin with NOAUTOEN 2019-04-09 17:38:24 -10:00
bus ARM: SoC driver updates for 5.1 2019-03-06 09:41:12 -08:00
cdrom cdrom: Fix race condition in cdrom_sysctl_register 2019-02-08 06:46:59 -07:00
char ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier 2019-04-17 10:29:27 -05:00
clk clk: imx: Fix PLL_1416X not rounding rates 2019-04-12 14:21:43 -07:00
clocksource clocksource/drivers/clps711x: Remove board support 2019-03-24 11:30:11 +01:00
connector connector: fix unsafe usage of ->real_parent 2019-03-08 15:06:38 -08:00
cpufreq cpufreq/intel_pstate: Load only on Intel hardware 2019-04-01 23:39:23 +02:00
cpuidle cpuidle: governor: Add new governors to cpuidle_governors again 2019-03-12 23:46:55 +01:00
crypto crypto: caam - fix copy of next buffer for xcbc and cmac 2019-03-28 13:54:32 +08:00
dax device-dax for 5.1 2019-03-16 13:05:32 -07:00
dca
devfreq
dio
dma dmaengine: stm32-mdma: Revert "dmaengine: stm32-mdma: Add a check on read_u32_array" 2019-03-25 21:56:54 +05:30
dma-buf
edac Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-08 09:11:39 -08:00
eisa
extcon extcon: ptn5150: Fix return value check in ptn5150_i2c_probe() 2019-02-11 17:21:38 +09:00
firewire
firmware memblock: drop memblock_alloc_*_nopanic() variants 2019-03-12 10:04:02 -07:00
fmc
fpga Merge 5.0-rc6 into char-misc-next 2019-02-11 09:05:58 +01:00
fsi
gnss gnss: add driver for mediatek receivers 2019-02-15 16:54:38 +01:00
gpio gpio fixes for v5.1-rc3 2019-03-29 03:04:47 +01:00
gpu - Revert back to max link rate and lane count on eDP. 2019-04-12 13:39:32 +10:00
hid HID: input: add mapping for Assistant key 2019-04-03 13:33:25 +02:00
hsi HSI: omap_ssi_port: fix debugfs_simple_attr.cocci warnings 2019-02-14 12:36:21 +01:00
hv Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
hwmon hwmon: (ntc_thermistor) Fix temperature type reporting 2019-03-29 09:51:44 -07:00
hwspinlock
hwtracing ARM updates for 5.1-rc1 2019-03-15 14:37:46 -07:00
i2c i2c: imx: don't leak the i2c adapter on error 2019-04-06 17:54:28 +02:00
i3c - Add a /* fall-through */ comment in the dw-i3c-master driver 2019-03-04 19:05:02 -08:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2019-03-11 09:34:00 -07:00
idle intel_idle: add support for Jacobsville 2019-02-15 10:49:14 +01:00
iio - New Drivers 2019-03-08 10:02:58 -08:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-04-17 11:26:25 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-03-11 10:57:11 -07:00
interconnect
iommu iommu/amd: Set exclusion range correctly 2019-04-12 12:59:45 +02:00
ipack
irqchip irqchip/irq-ls1x: Missing error code in ls1x_intc_of_init() 2019-04-05 14:37:56 +02:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-04-17 11:26:25 -07:00
leds leds: trigger: netdev: use memcpy in device_name_store 2019-03-30 19:09:32 +01:00
lightnvm lightnvm: pblk: fix crash in pblk_end_partial_read due to multipage bvecs 2019-04-10 12:17:01 -06:00
macintosh treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
mailbox mailbox: imx: keep MU irq working during suspend/resume 2019-03-11 02:51:43 -05:00
mcb
md dm integrity: fix deadlock with overlapping I/O 2019-04-05 18:49:08 -04:00
media DMA mapping updates for 5.1 2019-03-10 11:54:48 -07:00
memory
memstick
message
mfd mfd: sun6i-prcm: Allow to compile with COMPILE_TEST 2019-04-03 08:38:07 +01:00
misc 5.1 Merge Window Pull Request 2019-03-09 15:53:03 -08:00
mmc mmc: sdhci-omap: Don't finish_mrq() on a command error during tuning 2019-04-11 12:40:32 +02:00
mtd mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer 2019-04-05 00:39:19 +02:00
mux
net ray_cs: use remove_proc_subtree to simplify procfs code 2019-04-25 19:38:52 +03:00
nfc
ntb Fixes for switchtec debugability and mapping table entries, NTB 2019-03-15 14:32:59 -07:00
nubus
nvdimm libnvdimm/pmem: fix a possible OOB access when read and write pmem 2019-04-07 14:36:04 -07:00
nvme nvmet: fix discover log page when offsets are used 2019-04-11 17:28:30 +02:00
nvmem Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
of of: fix kmemleak crash caused by imbalance in early memory reservation 2019-03-12 10:04:02 -07:00
opp PM / OPP: Update performance state when freq == old_freq 2019-03-12 09:45:56 +01:00
oprofile
parisc Revert: parisc: Use F_EXTEND() macro in iosapic code 2019-04-06 19:07:55 +02:00
parport Revert "parport: daisy: use new parport device model" 2019-03-25 14:49:00 -07:00
pci PCI: pciehp: Ignore Link State Changes after powering off a slot 2019-04-10 16:06:43 -05:00
pcmcia
perf arm64 updates for 5.1: 2019-03-10 10:17:23 -07:00
phy phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs 2019-03-26 16:48:55 +09:00
pinctrl This is the bulk of pin control changes for the v5.1 kernel cycle. 2019-03-11 11:12:50 -07:00
platform Here's more than a handful of clk driver fixes for changes that came in 2019-04-13 14:33:56 -07:00
pnp ACPI/ACPICA: Trivial: fix spelling mistakes and fix whitespace formatting 2019-02-24 21:12:01 +01:00
power power: reset: at91-reset: add support for sam9x60 SoC 2019-02-20 00:41:01 +01:00
powercap powercap/intel_rapl: add Ice Lake mobile 2019-02-18 11:31:39 +01:00
pps
ps3
ptp Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-05 14:08:26 -08:00
pwm pwm: atmel: Remove useless symbolic definitions 2019-03-04 12:52:49 +01:00
rapidio rapidio/mport_cdev: mark expected switch fall-through 2019-03-07 18:32:02 -08:00
ras
regulator regulator: mc13xxx: Constify regulator_ops variables 2019-03-04 00:01:08 +00:00
remoteproc remoteproc updates for v5.1 2019-03-14 09:00:06 -07:00
reset reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev 2019-03-25 16:22:10 +01:00
rpmsg rpmsg: virtio: change header file sort style 2019-02-20 21:15:54 -08:00
rtc rtc: da9063: set uie_unsupported when relevant 2019-04-02 23:33:09 +02:00
s390 s390/qeth: stop/wake TX queues based on their fill level 2019-04-17 10:33:59 -07:00
sbus
scsi for-linus-20190412 2019-04-13 16:23:16 -07:00
sfi
sh
siox
slimbus
sn
soc This pull request brings in a build fix for arm64 with bcm2835 2019-03-18 10:31:24 -07:00
soundwire
spi pci-v5.1-changes 2019-03-09 14:57:08 -08:00
spmi spmi: pmic-arb: select IRQ_DOMAIN_HIERARCHY in Kconfig 2019-02-14 09:14:50 +01:00
ssb ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit 2019-04-25 19:39:34 +03:00
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-04-05 14:14:19 -07:00
target Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-27 17:37:58 -07:00
tc
tee ARM: SoC driver updates for 5.1 2019-03-06 09:41:12 -08:00
thermal Merge branches 'fixes' and 'thermal-intel' into next 2019-03-18 22:37:44 +08:00
thunderbolt
tty tty: fix NULL pointer issue when tty_port ops is not set 2019-03-28 01:21:21 +09:00
uio
usb USB-serial fixes for 5.1-rc3 2019-03-29 15:31:16 +01:00
uwb
vfio vfio/type1: Limit DMA mappings per container 2019-04-03 12:43:05 -06:00
vhost vhost: reject zero size iova range 2019-04-10 22:45:38 -07:00
video fbdev changes for v5.1: 2019-03-15 14:22:59 -07:00
virt virt: vbox: Implement passing requestor info to the host for VirtualBox 6.0.x 2019-03-28 01:55:18 +09:00
virtio virtio: Honour 'may_reduce_num' in vring_create_virtqueue 2019-04-08 17:05:52 -04:00
visorbus
vlynq
vme
w1
watchdog linux-watchdog 5.1-rc1 tag 2019-03-11 11:22:15 -07:00
xen xen: fixes for 5.1-rc4 2019-04-07 06:12:10 -10:00
zorro
Kconfig
Makefile IOMMU Updates for Linux v5.1 2019-03-10 12:29:52 -07:00