redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Mark Salter f1702e2047 crypto: ccp - fix uninitialized list head 
commit 691505a803 upstream.

A NULL-pointer dereference was reported in fedora bz#1762199 while
reshaping a raid6 array after adding a fifth drive to an existing
array.

[   47.343549] md/raid:md0: raid level 6 active with 3 out of 5 devices, algorithm 2
[   47.804017] md0: detected capacity change from 0 to 7885289422848
[   47.822083] Unable to handle kernel read from unreadable memory at virtual address 0000000000000000
...
[   47.940477] CPU: 1 PID: 14210 Comm: md0_raid6 Tainted: G        W         5.2.18-200.fc30.aarch64 #1
[   47.949594] Hardware name: AMD Overdrive/Supercharger/To be filled by O.E.M., BIOS ROD1002C 04/08/2016
[   47.958886] pstate: 00400085 (nzcv daIf +PAN -UAO)
[   47.963668] pc : __list_del_entry_valid+0x2c/0xa8
[   47.968366] lr : ccp_tx_submit+0x84/0x168 [ccp]
[   47.972882] sp : ffff00001369b970
[   47.976184] x29: ffff00001369b970 x28: ffff00001369bdb8
[   47.981483] x27: 00000000ffffffff x26: ffff8003b758af70
[   47.986782] x25: ffff8003b758b2d8 x24: ffff8003e6245818
[   47.992080] x23: 0000000000000000 x22: ffff8003e62450c0
[   47.997379] x21: ffff8003dfd6add8 x20: 0000000000000003
[   48.002678] x19: ffff8003e6245100 x18: 0000000000000000
[   48.007976] x17: 0000000000000000 x16: 0000000000000000
[   48.013274] x15: 0000000000000000 x14: 0000000000000000
[   48.018572] x13: ffff7e000ef83a00 x12: 0000000000000001
[   48.023870] x11: ffff000010eff998 x10: 00000000000019a0
[   48.029169] x9 : 0000000000000000 x8 : ffff8003e6245180
[   48.034467] x7 : 0000000000000000 x6 : 000000000000003f
[   48.039766] x5 : 0000000000000040 x4 : ffff8003e0145080
[   48.045064] x3 : dead000000000200 x2 : 0000000000000000
[   48.050362] x1 : 0000000000000000 x0 : ffff8003e62450c0
[   48.055660] Call trace:
[   48.058095]  __list_del_entry_valid+0x2c/0xa8
[   48.062442]  ccp_tx_submit+0x84/0x168 [ccp]
[   48.066615]  async_tx_submit+0x224/0x368 [async_tx]
[   48.071480]  async_trigger_callback+0x68/0xfc [async_tx]
[   48.076784]  ops_run_biofill+0x178/0x1e8 [raid456]
[   48.081566]  raid_run_ops+0x248/0x818 [raid456]
[   48.086086]  handle_stripe+0x864/0x1208 [raid456]
[   48.090781]  handle_active_stripes.isra.0+0xb0/0x278 [raid456]
[   48.096604]  raid5d+0x378/0x618 [raid456]
[   48.100602]  md_thread+0xa0/0x150
[   48.103905]  kthread+0x104/0x130
[   48.107122]  ret_from_fork+0x10/0x18
[   48.110686] Code: d2804003 f2fbd5a3 eb03003f 54000320 (f9400021)
[   48.116766] ---[ end trace 23f390a527f7ad77 ]---

ccp_tx_submit is passed a dma_async_tx_descriptor which is contained in
a ccp_dma_desc and adds it to a ccp channel's pending list:

	list_del(&desc->entry);
	list_add_tail(&desc->entry, &chan->pending);

The problem is that desc->entry may be uninitialized in the
async_trigger_callback path where the descriptor was gotten
from ccp_prep_dma_interrupt which got it from ccp_alloc_dma_desc
which doesn't initialize the desc->entry list head. So, just
initialize the list head to avoid the problem.

Cc: <stable@vger.kernel.org>
Reported-by: Sahaj Sarup <sahajsarup@gmail.com>
Signed-off-by: Mark Salter <msalter@redhat.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-12-13 08:43:08 +01:00
..
accessibility
acpi Power management fix for 5.4-rc6 2019-11-01 09:30:48 -07:00
amba ARM updates for 5.4-rc: 2019-10-23 06:26:33 -04:00
android binder: Don't modify VMA bounds in ->mmap handler 2019-10-17 05:58:44 -07:00
ata ata: libahci_platform: Fix regulator_get_optional() misuse 2019-10-25 14:22:20 -06:00
atm atm: he: clean up an indentation issue 2019-09-25 13:54:45 +02:00
auxdisplay It's a somewhat calmer cycle for docs this time, as the churn of the mass 2019-09-17 16:22:26 -07:00
base driver core: platform: use the correct callback type for bus_find_device 2019-12-04 22:30:45 +01:00
bcma bcma: make arrays pwr_info_offset and sprom_sizes static const, shrinks object size 2019-09-13 16:44:49 +03:00
block nbd: prevent memory leak 2019-11-29 10:09:47 +01:00
bluetooth Revert "Bluetooth: hci_ll: set operational frequency earlier" 2019-11-29 10:09:43 +01:00
bus bus: ti-sysc: Fix watchdog quirk handling 2019-10-18 08:45:32 -07:00
cdrom
char lp: fix sparc64 LPSETTIMEOUT ioctl 2019-12-13 08:42:17 +01:00
clk Fixes for various clk driver issues that happened because of code we 2019-11-08 08:15:01 -08:00
clocksource - Fix scary messages in sh_mtu2 by using platform_irq_count() helper 2019-11-04 18:43:23 +01:00
connector
counter
cpufreq cpufreq: Add NULL checks to show() and store() methods of cpufreq 2019-11-29 10:10:07 +01:00
cpuidle cpuidle: haltpoll: Take 'idle=' override into account 2019-10-22 11:43:17 +02:00
crypto crypto: ccp - fix uninitialized list head 2019-12-13 08:43:08 +01:00
dax
dca
devfreq
dio
dma dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle 2019-10-23 21:15:21 +05:30
dma-buf dma-buf/resv: fix exclusive fence get 2019-10-10 17:05:20 +02:00
edac EDAC/ghes: Fix Use after free in ghes_edac remove path 2019-10-17 11:27:05 +02:00
eisa
extcon chrome platform changes for v5.4 2019-09-19 14:14:28 -07:00
firewire
firmware efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN 2019-10-31 09:40:21 +01:00
fpga Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
fsi
gnss
gpio gpio fixes for v5.4-rc8 2019-11-13 22:58:01 +01:00
gpu drm/i810: Prevent underflow in ioctl 2019-12-13 08:42:56 +01:00
greybus
hid HID: core: check whether Usage Page item is after Usage ID items 2019-12-04 22:31:07 +01:00
hsi HSI changes for the 5.4 series 2019-09-22 12:02:21 -07:00
hv Drivers: hv: vmbus: Fix harmless building warnings without CONFIG_PM_SLEEP 2019-10-01 14:49:45 -04:00
hwmon hwmon: (ina3221) Fix read timeout issue 2019-10-28 18:46:55 -07:00
hwspinlock
hwtracing coresight: etm4x: Fix input validation for sysfs. 2019-12-13 08:42:43 +01:00
i2c i2c: core: fix use after free in of_i2c_notify 2019-11-15 22:01:13 +01:00
i3c
ide
idle
iio iio: adc: stm32-adc: fix stopping dma 2019-10-27 15:57:19 +00:00
infiniband RDMA/hns: Correct the value of srq_desc_size 2019-11-06 13:37:02 -04:00
input Input: Fix memory leak in psxpad_spi_probe 2019-12-13 08:42:44 +01:00
interconnect interconnect: Add locking in icc_set_tag() 2019-10-20 12:14:41 +03:00
iommu iommu/vt-d: Fix panic after kexec -p for kdump 2019-10-30 10:30:22 +01:00
ipack
irqchip irqchip updates for 5.4, take 2 2019-10-25 14:25:15 +02:00
isdn net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
leds leds: lm3532: Fix optional led-max-microamp prop error handling 2019-09-12 20:45:52 +02:00
lightnvm lightnvm: print error when target is not found 2019-09-05 13:17:01 -06:00
macintosh cpufreq: Use per-policy frequency QoS 2019-10-21 02:05:21 +02:00
mailbox mailbox: tegra: Fix superfluous IRQ error message 2019-12-13 08:42:19 +01:00
mcb
md md/raid10: prevent access of uninitialized resync_pages offset 2019-11-29 10:09:45 +01:00
media media: rc: mark input device as pointing stick 2019-12-13 08:42:45 +01:00
memory
memstick memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' 2019-10-09 11:08:03 +02:00
message
mfd mfd: mt6397: Fix probe after changing mt6397-core 2019-10-24 08:49:25 +01:00
misc mei: me: add comet point V device id 2019-12-04 22:30:49 +01:00
mmc mmc: sdhci-of-at91: fix quirk2 overwrite 2019-11-14 14:57:53 +01:00
mtd mtd: rawnand: au1550nd: Fix au_read_buf16() prototype 2019-10-07 09:56:36 +02:00
mux
net can: slcan: Fix use-after-free Read in slcan_open 2019-12-13 08:42:50 +01:00
nfc nfc: port100: handle command failure cleanly 2019-11-21 11:48:17 -08:00
ntb NTB: fix IDT Kconfig typos/spellos 2019-09-23 17:20:40 -04:00
nubus
nvdimm libnvdimm fixes v5.4-rc1 2019-09-29 10:33:41 -07:00
nvme for-linus-2019-11-08 2019-11-08 18:15:55 -08:00
nvmem Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
of of: reserved_mem: add missing of_node_put() for proper ref-counting 2019-10-23 15:15:05 -05:00
opp opp: Reinitialize the list_kref before adding the static OPPs again 2019-10-23 10:58:44 +05:30
oprofile
parisc parisc: Remove 32-bit DMA enforcement from sba_iommu 2019-10-14 21:44:26 +02:00
parport Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
pci PCI: PM: Fix pci_power_up() 2019-10-15 23:51:36 +02:00
pcmcia Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
perf
phy pci-v5.4-changes 2019-09-23 19:16:01 -07:00
pinctrl pinctrl: stmfx: fix valid_mask init sequence 2019-11-07 10:06:46 +01:00
platform platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size 2019-12-04 22:31:08 +01:00
pnp
power power supply and reset changes for the v5.4 series 2019-09-22 12:04:59 -07:00
powercap Power management updates for 5.4-rc1 2019-09-17 19:15:14 -07:00
pps
ps3
ptp ptp: Introduce strict checking of external time stamp options. 2019-11-15 12:48:32 -08:00
pwm pwm: bcm-iproc: Prevent unloading the driver module while in use 2019-11-08 18:38:06 +01:00
rapidio
ras
regulator regulator: Fixes for v5.4 2019-10-23 15:31:17 -04:00
remoteproc remoteproc updates for v5.4 2019-09-22 10:55:08 -07:00
reset reset: fix of_reset_control_get_count kerneldoc comment 2019-10-24 10:26:33 +02:00
rpmsg rpmsg: glink-smem: Name the edge based on parent remoteproc 2019-09-17 15:33:31 -07:00
rtc RTC for 5.4 2019-09-22 11:05:43 -07:00
s390 s390/qeth: return proper errno on IO error 2019-11-20 12:29:47 -08:00
sbus
scsi SCSI fixes on 20191111 2019-11-11 09:14:36 -08:00
sfi
sh
siox
slimbus
soc soc: mediatek: cmdq: fixup wrong input order of write api 2019-12-13 08:42:40 +01:00
soundwire soundwire: slave: fix scanf format 2019-10-24 16:55:45 +05:30
spi LED updates for 5.4-rc1 2019-09-17 18:40:42 -07:00
spmi
ssb ssb: make array pwr_info_offset static const, makes object smaller 2019-09-13 17:23:18 +03:00
staging staging/octeon: Use stubs for MIPS && !CAVIUM_OCTEON_SOC 2019-12-13 08:42:19 +01:00
target SCSI fixes on 20191101 2019-11-02 11:15:52 -07:00
tc
tee tee/shm: untag user pointers in tee_shm_register 2019-09-25 17:51:41 -07:00
thermal cpufreq: Use per-policy frequency QoS 2019-10-21 02:05:21 +02:00
thunderbolt thunderbolt: Power cycle the router if NVM authentication fails 2019-12-04 22:30:50 +01:00
tty tty: vt: keyboard: reject invalid keycodes 2019-12-13 08:42:50 +01:00
uio Char/Misc driver patches for 5.4-rc1 2019-09-18 11:14:31 -07:00
usb usb: gadget: u_serial: add missing port entry locking 2019-12-13 08:42:20 +01:00
vfio vfio/type1: Initialize resv_msi_base 2019-10-15 14:07:01 -06:00
vhost vringh: fix copy direction of vringh_iov_push_kern() 2019-10-28 04:25:04 -04:00
video - Some new documentation for GEM shmem madvise helpers 2019-11-08 12:12:57 +10:00
virt virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr 2019-10-10 14:50:32 +02:00
virtio virtio_balloon: fix shrinker count 2019-11-20 02:15:57 -05:00
visorbus
vlynq
vme
w1 w1: ds250x: Fix build error without CRC16 2019-10-10 15:35:41 +02:00
watchdog watchdog: bd70528: Add MODULE_ALIAS to allow module auto loading 2019-11-05 16:58:12 +01:00
xen Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-10-19 17:09:11 -04:00
zorro
Kconfig Staging/IIO driver patches for 5.4-rc1 2019-09-18 11:05:34 -07:00
Makefile Staging/IIO driver patches for 5.4-rc1 2019-09-18 11:05:34 -07:00