redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Jan Engelhardt 203f45003a crypto: n2 - cure use after free 
queue_cache_init is first called for the Control Word Queue
(n2_crypto_probe). At that time, queue_cache[0] is NULL and a new
kmem_cache will be allocated. If the subsequent n2_register_algs call
fails, the kmem_cache will be released in queue_cache_destroy, but
queue_cache_init[0] is not set back to NULL.

So when the Module Arithmetic Unit gets probed next (n2_mau_probe),
queue_cache_init will not allocate a kmem_cache again, but leave it
as its bogus value, causing a BUG() to trigger when queue_cache[0] is
eventually passed to kmem_cache_zalloc:

	n2_crypto: Found N2CP at /virtual-devices@100/n2cp@7
	n2_crypto: Registered NCS HVAPI version 2.0
	called queue_cache_init
	n2_crypto: md5 alg registration failed
	n2cp f028687c: /virtual-devices@100/n2cp@7: Unable to register algorithms.
	called queue_cache_destroy
	n2cp: probe of f028687c failed with error -22
	n2_crypto: Found NCP at /virtual-devices@100/ncp@6
	n2_crypto: Registered NCS HVAPI version 2.0
	called queue_cache_init
	kernel BUG at mm/slab.c:2993!
	Call Trace:
	 [0000000000604488] kmem_cache_alloc+0x1a8/0x1e0
                  (inlined) kmem_cache_zalloc
                  (inlined) new_queue
                  (inlined) spu_queue_setup
                  (inlined) handle_exec_unit
	 [0000000010c61eb4] spu_mdesc_scan+0x1f4/0x460 [n2_crypto]
	 [0000000010c62b80] n2_mau_probe+0x100/0x220 [n2_crypto]
	 [000000000084b174] platform_drv_probe+0x34/0xc0

Cc: <stable@vger.kernel.org>
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
 		2017-12-22 19:02:44 +11:00
..
accessibility License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
acpi ACPI / CPPC: Fix KASAN global out of bounds warning 2017-12-05 23:25:49 +01:00
amba A couple of dma-mapping updates: 2017-11-14 16:54:12 -08:00
android ANDROID: binder: fix transaction leak. 2017-11-28 16:54:45 +01:00
ata Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2017-11-15 14:11:41 -08:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-29 13:10:25 -08:00
auxdisplay auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM 2017-11-27 12:36:45 -08:00
base Power management fix for v4.15-rc3 2017-12-08 09:58:10 -08:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
block Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-12-01 08:05:45 -05:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
bus bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. 2017-12-04 17:15:20 +00:00
cdrom Merge branch 'for-4.15/block' of git://git.kernel.dk/linux-block 2017-11-14 15:32:19 -08:00
char Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:11:54 -08:00
clk We have two changes to the core framework this time around. The first being a 2017-11-17 20:04:24 -08:00
clocksource - final batch of "non trivial" timer conversions (multi-tree dependencies, 2017-11-23 16:29:05 +01:00
connector
cpufreq cpufreq: mediatek: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE 2017-11-22 00:00:14 +01:00
cpuidle powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
crypto crypto: n2 - cure use after free 2017-12-22 19:02:44 +11:00
dax device-dax: implement ->split() to catch invalid munmap attempts 2017-11-29 18:40:42 -08:00
dca
devfreq Merge branches 'pm-devfreq' and 'pm-tools' 2017-11-13 01:41:39 +01:00
dio License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dma dmaengine updates for 4.15-rc1 2017-11-14 16:49:31 -08:00
dma-buf Tracing updates for 4.15: 2017-11-17 14:58:01 -08:00
edac Modules updates for v4.15 2017-11-15 13:46:33 -08:00
eisa License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
extcon USB/PHY patches for 4.15-rc1 2017-11-13 21:14:07 -08:00
firewire Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
firmware ARM: SoC fixes for 4.15-rc 2017-12-10 08:26:59 -08:00
fmc License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fpga Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
fsi
gpio gpio: pca953x: fix vendor prefix for PCA9654 2017-12-02 22:41:43 +01:00
gpu Merge tag 'drm-misc-fixes-2017-12-07' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes 2017-12-08 08:17:53 +10:00
hid treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
hsi HSI changes for the v4.15 series 2017-11-15 13:35:43 -08:00
hv Drivers: hv: vmbus: Fix a rescind issue 2017-11-28 16:56:26 +01:00
hwmon hwmon: (jc42) optionally try to disable the SMBUS timeout 2017-11-30 13:12:44 -08:00
hwspinlock hwspinlock update for v4.15 2017-11-17 20:16:20 -08:00
hwtracing Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
i2c i2c: i2c-boardinfo: fix memory leaks on devinfo 2017-11-27 19:14:29 +01:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2017-11-19 08:04:41 -10:00
idle Merge branch 'pm-cpuidle' 2017-11-13 01:34:14 +01:00
iio iio: health: max30102: Temperature should be in milli Celsius 2017-12-02 11:15:14 +00:00
infiniband Here is the first rc pull request for RDMA. This includes an important core 2017-12-05 10:10:15 -08:00
input treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
iommu IOMMU fixes for Linux v4.15-rc3 2017-12-06 10:53:02 -08:00
ipack
irqchip Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:39:20 -08:00
isdn treewide: setup_timer() -> timer_setup() (2 field) 2017-11-21 15:57:09 -08:00
leds LED updates for 4.15rc1 2017-11-14 18:09:31 -08:00
lightnvm lightnvm: Convert timers to use timer_setup() 2017-11-21 15:46:44 -08:00
macintosh Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
mailbox Change to POLL api and fixes for FlexRM and OMAP driver 2017-11-15 13:39:18 -08:00
mcb License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
md md/raid1/10: add missed blk plug 2017-12-01 12:19:48 -08:00
media media fixes for v4.15-rc3 2017-12-08 13:18:47 -08:00
memory ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
memstick treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
message Modules updates for v4.15 2017-11-15 13:46:33 -08:00
mfd treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
misc Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2017-12-03 10:48:24 -05:00
mmc MMC core: 2017-12-01 08:14:22 -05:00
mtd Rename superblock flags (MS_xyz -> SB_xyz) 2017-11-27 13:05:09 -08:00
mux
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-12-08 13:32:44 -08:00
nfc treewide: setup_timer() -> timer_setup() (2 field) 2017-11-21 15:57:09 -08:00
ntb treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
nubus m68k updates for 4.15 2017-11-13 12:10:24 -08:00
nvdimm libnvdimm for 4.15 2017-11-17 09:51:57 -08:00
nvme nvme-pci: fix NULL pointer dereference in nvme_free_host_mem() 2017-11-28 08:49:26 -08:00
nvmem Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
of of: overlay: Make node skipping in init_overlay_changeset() clearer 2017-12-08 09:32:18 -06:00
opp
oprofile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
parisc License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
parport Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
pci Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:11:54 -08:00
pcmcia drivers/pcmcia/sa1111_badge4.c: avoid unused function warning 2017-11-17 16:10:04 -08:00
perf arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
phy USB/PHY patches for 4.15-rc1 2017-11-13 21:14:07 -08:00
pinctrl pinctrl: sunxi: Disable strict mode for H5 driver 2017-11-30 16:50:43 +01:00
platform Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
pnp License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
power power supply and reset changes for the v4.15 series 2017-11-15 13:37:15 -08:00
powercap
pps treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ps3
ptp xen: features and fixes for v4.15-rc1 2017-11-16 13:06:27 -08:00
pwm pwm: Changes for v4.15-rc1 2017-11-22 21:09:18 -10:00
rapidio Merge branch 'akpm' (patches from Andrew) 2017-11-17 16:56:17 -08:00
ras Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
regulator - New Drivers 2017-11-16 09:15:57 -08:00
remoteproc remoteproc updates for v4.15 2017-11-17 20:14:10 -08:00
reset ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
rpmsg rpmsg updates for v4.15 2017-11-17 20:12:08 -08:00
rtc Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
s390 s390: add a few more SPDX identifiers 2017-12-05 07:51:09 +01:00
sbus Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2017-11-17 20:21:44 -08:00
scsi SCSI fixes on 20171205 2017-12-05 10:31:32 -08:00
sfi
sh A couple of dma-mapping updates: 2017-11-14 16:54:12 -08:00
sn
soc meson-gx-socinfo: Fix package id parsing 2017-11-30 15:29:44 -08:00
spi Merge remote-tracking branches 'spi/topic/sh-msiof', 'spi/topic/slave', 'spi/topic/spreadtrum' and 'spi/topic/tegra114' into spi-next 2017-11-10 21:33:51 +00:00
spmi
ssb License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-12-08 13:32:44 -08:00
target Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
tc
tee optee: fix invalid of_node_put() in optee_driver_init() 2017-11-29 10:24:57 +01:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-11-17 14:31:27 -08:00
thunderbolt Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
tty serdev: ttyport: fix tty locking in close 2017-11-28 16:00:50 +01:00
uio License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
usb usb: xhci: fix panic in xhci_free_virt_devices_depth_first 2017-12-01 15:24:59 +00:00
uwb treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
vfio VFIO Updates for Linux v4.15 2017-11-14 16:47:47 -08:00
vhost vhost: fix skb leak in handle_rx() 2017-12-02 21:31:03 -05:00
video fbdev changes for v4.15: 2017-11-20 21:50:24 -10:00
virt
virtio virtio_mmio: add cleanup for virtio_mmio_remove 2017-12-07 18:30:50 +02:00
vlynq
vme Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
w1 Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
watchdog treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
xen xen: fixes for 4.15-rc3 2017-12-08 12:53:43 -08:00
zorro License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig Merge branches 'pm-cpufreq-sched' and 'pm-opp' 2017-11-13 01:40:52 +01:00
Makefile usb: build drivers/usb/common/ when USB_SUPPORT is set 2017-11-28 15:17:49 +01:00