github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
12dea26c05
linux/drivers
History
Vincent Whitchurch cc432b0727 i2c: virtio: disable timeout handling 
[ Upstream commit 84e1d0bf1d ]

If a timeout is hit, it can result is incorrect data on the I2C bus
and/or memory corruptions in the guest since the device can still be
operating on the buffers it was given while the guest has freed them.

Here is, for example, the start of a slub_debug splat which was
triggered on the next transfer after one transfer was forced to timeout
by setting a breakpoint in the backend (rust-vmm/vhost-device):

 BUG kmalloc-1k (Not tainted): Poison overwritten
 First byte 0x1 instead of 0x6b
 Allocated in virtio_i2c_xfer+0x65/0x35c age=350 cpu=0 pid=29
 	__kmalloc+0xc2/0x1c9
 	virtio_i2c_xfer+0x65/0x35c
 	__i2c_transfer+0x429/0x57d
 	i2c_transfer+0x115/0x134
 	i2cdev_ioctl_rdwr+0x16a/0x1de
 	i2cdev_ioctl+0x247/0x2ed
 	vfs_ioctl+0x21/0x30
 	sys_ioctl+0xb18/0xb41
 Freed in virtio_i2c_xfer+0x32e/0x35c age=244 cpu=0 pid=29
 	kfree+0x1bd/0x1cc
 	virtio_i2c_xfer+0x32e/0x35c
 	__i2c_transfer+0x429/0x57d
 	i2c_transfer+0x115/0x134
 	i2cdev_ioctl_rdwr+0x16a/0x1de
 	i2cdev_ioctl+0x247/0x2ed
 	vfs_ioctl+0x21/0x30
 	sys_ioctl+0xb18/0xb41

There is no simple fix for this (the driver would have to always create
bounce buffers and hold on to them until the device eventually returns
the buffers), so just disable the timeout support for now.

Fixes: 3cfc883804 ("i2c: virtio: add a virtio i2c frontend driver")
Acked-by: Jie Deng <jie.deng@intel.com>
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-12-01 09:04:50 +01:00
..
accessibility
acpi ACPI: CPPC: Add NULL pointer check to cppc_get_perf() 2021-12-01 09:04:38 +01:00
amba ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" 2021-11-06 14:13:31 +01:00
android binder: fix test regression due to sender_euid change 2021-12-01 09:04:40 +01:00
ata ata: libata: add missing ata_identify_page_supported() calls 2021-11-25 09:48:44 +01:00
atm
auxdisplay auxdisplay: ht16k33: Fix frame buffer device blanking 2021-11-18 19:17:02 +01:00
base firmware_loader: fix pre-allocated buf built-in firmware use 2021-11-25 09:48:27 +01:00
bcma Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
block loop: Use blk_validate_block_size() to validate block size 2021-11-21 13:44:13 +01:00
bluetooth Bluetooth: btusb: Add support for TP-Link UB500 Adapter 2021-11-21 13:44:13 +01:00
bus bus: ti-sysc: Use context lost quirk for otg 2021-11-25 09:48:25 +01:00
cdrom
char ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()' 2021-11-18 19:16:44 +01:00
clk clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk 2021-11-25 09:48:32 +01:00
clocksource clocksource/drivers/timer-ti-dm: Select TIMER_OF 2021-11-18 19:16:39 +01:00
comedi comedi: vmk80xx: fix bulk and interrupt message timeouts 2021-11-12 15:05:51 +01:00
connector
counter
cpufreq cpufreq: intel_pstate: Fix active mode offline/online EPP handling 2021-12-01 09:04:44 +01:00
cpuidle cpuidle: Fix kobject memory leaks in error paths 2021-11-18 19:16:29 +01:00
crypto crypto: octeontx2 - set assoclen in aead_do_fallback() 2021-11-18 19:16:33 +01:00
cxl cxl/pci: Fix NULL vs ERR_PTR confusion 2021-11-18 19:16:04 +01:00
dax libnvdimm for v5.15 2021-09-09 11:39:57 -07:00
dca
devfreq devfreq: use HZ macros 2021-09-08 11:50:26 -07:00
dio
dma dmaengine: remove debugfs #ifdef 2021-11-25 09:48:41 +01:00
dma-buf dma-buf: WARN on dmabuf release with pending attachments 2021-11-18 19:16:08 +01:00
edac EDAC/amd64: Handle three rank interleaving mode 2021-11-18 19:16:30 +01:00
eisa
extcon
firewire FireWire (IEEE 1394) subsystem updates: 2021-09-11 09:47:33 -07:00
firmware firmware: smccc: Fix check for ARCH_SOC_ID not implemented 2021-12-01 09:04:49 +01:00
fpga fpga: ice40-spi: Add SPI device ID table 2021-09-27 14:00:41 -07:00
fsi
gnss
gpio gpio: rockchip: needs GENERIC_IRQ_CHIP to fix build errors 2021-11-25 09:48:36 +01:00
gpu drm/aspeed: Fix vga_pw sysfs output 2021-12-01 09:04:47 +01:00
greybus
hid HID: magicmouse: prevent division by 0 on scroll 2021-12-01 09:04:48 +01:00
hsi
hv Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for dm_ring_size 2021-11-25 09:48:46 +01:00
hwmon hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff 2021-11-18 19:16:32 +01:00
hwspinlock
hwtracing coresight: trbe: Defer the probe on offline CPUs 2021-11-18 19:16:06 +01:00
i2c i2c: virtio: disable timeout handling 2021-12-01 09:04:50 +01:00
i3c
idle
iio iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() 2021-11-25 09:48:29 +01:00
infiniband RDMA/mlx4: Do not fail the registration on port stats 2021-11-25 09:48:39 +01:00
input Input: st1232 - increase "wait ready" timeout 2021-11-18 19:17:01 +01:00
interconnect interconnect: qcom: sdm660: Add missing a2noc qos clocks 2021-09-13 15:49:55 +03:00
iommu iommu/dart: Initialize DART_STREAMS_ENABLE 2021-11-25 09:48:30 +01:00
ipack ipack: ipoctal: fix module reference leak 2021-09-27 17:38:49 +02:00
irqchip irqchip/sifive-plic: Fixup EOI failed when masked 2021-11-18 19:17:14 +01:00
isdn mISDN: Fix return values of the probe function 2021-10-19 13:09:28 +01:00
leds leds: pca955x: Switch to i2c probe_new 2021-08-20 11:00:08 +02:00
macintosh memblock: introduce saner 'memblock_free_ptr()' interface 2021-09-14 13:23:22 -07:00
mailbox mailbox: mtk-cmdq: Fix local clock ID usage 2021-11-18 19:16:35 +01:00
mcb mcb: fix error handling in mcb_alloc_bus() 2021-09-14 11:22:26 +02:00
md bcache: Revert "bcache: use bvec_virt" 2021-11-18 19:17:17 +01:00
media media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86 2021-12-01 09:04:45 +01:00
memory memory: tegra20-emc: Add runtime dependency on devfreq governor module 2021-11-25 09:48:30 +01:00
memstick memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() 2021-11-18 19:16:32 +01:00
message
mfd mfd: dln2: Add cell for initializing DLN2 ADC 2021-11-18 19:17:17 +01:00
misc eeprom: 93xx46: fix MODULE_DEVICE_TABLE 2021-10-15 10:54:02 +02:00
mmc mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB 2021-12-01 09:04:43 +01:00
most most: fix control-message timeouts 2021-11-18 19:16:08 +01:00
mtd mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines 2021-11-18 19:17:19 +01:00
mux
net ice: avoid bpf_prog refcount underflow 2021-12-01 09:04:50 +01:00
nfc nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails 2021-11-18 19:17:10 +01:00
ntb Bug fixes and clean-ups for Linux v5.15 2021-09-07 13:05:02 -07:00
nubus
nvdimm nvdimm/pmem: cleanup the disk if pmem_release_disk() is yet assigned 2021-11-18 19:17:07 +01:00
nvme nvme-rdma: fix error code in nvme_rdma_setup_ctrl 2021-11-18 19:16:38 +01:00
nvmem nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells 2021-10-13 15:09:58 +02:00
of of: unittest: fix EXPECT text for gpio hog errors 2021-11-18 19:16:45 +01:00
opp opp: Fix return in _opp_add_static_v2() 2021-11-18 19:17:00 +01:00
parisc parisc: Move pci_dev_is_behind_card_dino to where it is used 2021-09-09 12:44:31 +02:00
parport parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci PCI: aardvark: Fix link training 2021-12-01 09:04:44 +01:00
pcmcia
perf KVM: arm64: Fix PMU probe ordering 2021-09-20 12:43:34 +01:00
phy phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe() 2021-11-18 19:16:56 +01:00
pinctrl pinctrl: ralink: include 'ralink_regs.h' in 'pinctrl-mt7620.c' 2021-11-25 09:48:44 +01:00
platform platform/x86: think-lmi: Abort probe on analyze failure 2021-11-25 09:48:37 +01:00
pnp
power power: supply: bq27xxx: Fix kernel crash on IRQ handler register error 2021-11-18 19:16:58 +01:00
powercap powercap: Add Power Limit4 support for Alder Lake SoC 2021-08-25 20:12:16 +02:00
pps
ps3
ptp ptp: ocp: Fix a couple NULL vs IS_ERR() checks 2021-11-25 09:48:40 +01:00
pwm pwm: mtk-disp: Implement atomic API .get_state() 2021-09-02 22:27:46 +02:00
rapidio
ras
regulator regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled 2021-11-18 19:15:57 +01:00
remoteproc remoteproc: imx_rproc: Fix rsc-table name 2021-11-18 19:17:18 +01:00
reset reset: socfpga: add empty driver allowing consumers to probe 2021-10-05 12:23:16 +02:00
rpmsg
rtc rtc: rv3032: fix error handling in rv3032_clkout_set_rate() 2021-11-18 19:17:01 +01:00
s390 s390/cio: make ccw_device_dma_* more robust 2021-11-18 19:17:18 +01:00
sbus
scsi scsi: scsi_debug: Zero clear zones at reset write pointer 2021-12-01 09:04:50 +01:00
sh maple: fix wrong return value of maple_bus_init(). 2021-11-25 09:48:31 +01:00
siox
slimbus Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
soc soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read 2021-11-18 19:17:02 +01:00
soundwire soundwire: bus: stop dereferencing invalid slave pointer 2021-11-18 19:16:54 +01:00
spi spi: fix use-after-free of the add_lock mutex 2021-11-25 09:48:46 +01:00
spmi
ssb
staging staging: r8188eu: fix a memory leak in rtw_wx_read32() 2021-12-01 09:04:41 +01:00
target scsi: target: Fix alua_tg_pt_gps_count tracking 2021-11-25 09:48:29 +01:00
tc
tee tee: optee: Fix missing devices unregister during optee_remove 2021-10-12 13:24:39 +02:00
thermal thermal: Fix NULL pointer dereferences in of_thermal_ functions 2021-11-21 13:44:14 +01:00
thunderbolt thunderbolt: build kunit tests without structleak plugin 2021-10-06 17:53:49 -06:00
tty tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc 2021-11-25 09:48:28 +01:00
uio
usb usb: hub: Fix locking issues with address0_mutex 2021-12-01 09:04:40 +01:00
vdpa vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit 2021-11-18 19:16:58 +01:00
vfio vfio/pci: add missing identifier name in argument of function prototype 2021-09-23 14:12:36 -06:00
vhost virtio,vdpa: fixes 2021-10-17 18:17:19 -10:00
video parisc/sticon: fix reverse colors 2021-11-25 09:48:46 +01:00
virt
virtio virtio_ring: check desc == NULL when using indirect with packed 2021-11-18 19:16:58 +01:00
visorbus
vlynq
vme
w1
watchdog ar7: fix kernel builds for compiler test 2021-11-18 19:17:03 +01:00
xen xen: detect uninitialized xenbus in xenbus_init 2021-12-01 09:04:42 +01:00
zorro
Kconfig firmware: include drivers/firmware/Kconfig unconditionally 2021-10-07 16:51:26 +02:00
Makefile remove the lightnvm subsystem 2021-08-14 15:54:09 -06:00