github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
3bd120956d
linux/drivers
History
Jonathan Bakker 3bd120956d Input: bma150 - register input device after setting private data 
commit 90cc55f067 upstream.

Otherwise we introduce a race condition where userspace can request input
before we're ready leading to null pointer dereference such as

input: bma150 as /devices/platform/i2c-gpio-2/i2c-5/5-0038/input/input3
Unable to handle kernel NULL pointer dereference at virtual address 00000018
pgd = (ptrval)
[00000018] *pgd=55dac831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT ARM
Modules linked in: bma150 input_polldev [last unloaded: bma150]
CPU: 0 PID: 2870 Comm: accelerometer Not tainted 5.0.0-rc3-dirty #46
Hardware name: Samsung S5PC110/S5PV210-based board
PC is at input_event+0x8/0x60
LR is at bma150_report_xyz+0x9c/0xe0 [bma150]
pc : [<80450f70>]    lr : [<7f0a614c>]    psr: 800d0013
sp : a4c1fd78  ip : 00000081  fp : 00020000
r10: 00000000  r9 : a5e2944c  r8 : a7455000
r7 : 00000016  r6 : 00000101  r5 : a7617940  r4 : 80909048
r3 : fffffff2  r2 : 00000000  r1 : 00000003  r0 : 00000000
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c5387d  Table: 54e34019  DAC: 00000051
Process accelerometer (pid: 2870, stack limit = 0x(ptrval))
Stackck: (0xa4c1fd78 to 0xa4c20000)
fd60:                                                       fffffff3 fc813f6c
fd80: 40410581 d7530ce3 a5e2817c a7617f00 a5e29404 a5e2817c 00000000 7f008324
fda0: a5e28000 8044f59c a5fdd9d0 a5e2945c a46a4a00 a5e29668 a7455000 80454f10
fdc0: 80909048 a5e29668 a5fdd9d0 a46a4a00 806316d0 00000000 a46a4a00 801df5f0
fde0: 00000000 d7530ce3 a4c1fec0 a46a4a00 00000000 a5fdd9d0 a46a4a08 801df53c
fe00: 00000000 801d74bc a4c1fec0 00000000 a4c1ff70 00000000 a7038da8 00000000
fe20: a46a4a00 801e91fc a411bbe0 801f2e88 00000004 00000000 80909048 00000041
fe40: 00000000 00020000 00000000 dead4ead a6a88da0 00000000 ffffe000 806fcae8
fe60: a4c1fec8 00000000 80909048 00000002 a5fdd9d0 a7660110 a411bab0 00000001
fe80: dead4ead ffffffff ffffffff a4c1fe8c a4c1fe8c d7530ce3 20000013 80909048
fea0: 80909048 a4c1ff70 00000001 fffff000 a4c1e000 00000005 00026038 801eabd8
fec0: a7660110 a411bab0 b9394901 00000006 a696201b 76fb3000 00000000 a7039720
fee0: a5fdd9d0 00000101 00000002 00000096 00000000 00000000 00000000 a4c1ff00
ff00: a6b310f4 805cb174 a6b310f4 00000010 00000fe0 00000010 a4c1e000 d7530ce3
ff20: 00000003 a5f41400 a5f41424 00000000 a6962000 00000000 00000003 00000002
ff40: ffffff9c 000a0000 80909048 d7530ce3 a6962000 00000003 80909048 ffffff9c
ff60: a6962000 801d890c 00000000 00000000 00020000 a7590000 00000004 00000100
ff80: 00000001 d7530ce3 000288b8 00026320 000288b8 00000005 80101204 a4c1e000
ffa0: 00000005 80101000 000288b8 00026320 000288b8 000a0000 00000000 00000000
ffc0: 000288b8 00026320 000288b8 00000005 7eef3bac 000264e8 00028ad8 00026038
ffe0: 00000005 7eef3300 76f76e91 76f78546 800d0030 000288b8 00000000 00000000
[<80450f70>] (input_event) from [<a5e2817c>] (0xa5e2817c)
Code: e1a08148 eaffffa8 e351001f 812fff1e (e590c018)
---[ end trace 1c691ee85f2ff243 ]---

Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-02-20 10:25:46 +01:00
..
accessibility
acpi ACPI: NUMA: Use correct type for printing addresses on i386-PAE 2019-02-20 10:25:39 +01:00
amba
android binder: fix race that allows malicious free of live buffer 2018-12-05 19:32:11 +01:00
ata libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD 2019-02-15 08:10:10 +01:00
atm
auxdisplay auxdisplay: charlcd: fix x/y command parsing 2019-01-13 09:51:03 +01:00
base cacheinfo: Keep the old value if of_property_read_u32 fails 2019-02-12 19:47:26 +01:00
bcma
block block/swim3: Fix -EBUSY error when re-opening device after unmount 2019-02-12 19:47:18 +01:00
bluetooth Bluetooth: hci_bcm: Handle deferred probing for the clock supply 2019-02-12 19:47:13 +01:00
bus
cdrom gdrom: fix a memory leak bug 2019-02-12 19:47:18 +01:00
char char/mwave: fix potential Spectre v1 vulnerability 2019-01-31 08:14:36 +01:00
clk clk: imx6sl: ensure MMDC CH0 handshake is bypassed 2019-02-12 19:47:08 +01:00
clocksource clocksource/drivers/integrator-ap: Add missing of_node_put() 2019-01-26 09:32:42 +01:00
connector
cpufreq cpufreq: check if policy is inactive early in __cpufreq_get() 2019-02-20 10:25:40 +01:00
cpuidle cpuidle: big.LITTLE: fix refcount leak 2019-02-12 19:47:08 +01:00
crypto crypto: ux500 - Use proper enum in hash_set_dma_transfer 2019-02-12 19:47:17 +01:00
dax mm, devm_memremap_pages: fix shutdown handling 2019-01-13 09:51:04 +01:00
dca
devfreq
dio
dma dmaengine: imx-dma: fix wrong callback invoke 2019-02-12 19:47:24 +01:00
dma-buf
edac EDAC, skx_edac: Fix logical channel intermediate decoding 2018-11-13 11:08:44 -08:00
eisa
extcon
firewire
firmware firmware: arm_scmi: provide the mandatory device release callback 2019-02-15 08:10:12 +01:00
fmc
fpga fpga: altera-cvp: fix 'bad IO access' on x86_64 2019-02-12 19:46:59 +01:00
fsi fsi: master-ast-cf: select GENERIC_ALLOCATOR 2018-12-17 09:24:35 +01:00
gnss gnss: sirf: fix activation retry handling 2018-12-13 09:16:22 +01:00
gpio gpio: mxc: move gpio noirq suspend/resume to syscore phase 2019-02-20 10:25:44 +01:00
gpu drm/nouveau/falcon: avoid touching registers if engine is off 2019-02-20 10:25:43 +01:00
hid HID: debug: fix the ring buffer implementation 2019-02-12 19:47:24 +01:00
hsi
hv Drivers: hv: vmbus: Check for ring when getting debug info 2019-01-31 08:14:36 +01:00
hwmon hwmon: (lm80) fix a missing check of bus read in lm80 probe 2019-02-12 19:47:16 +01:00
hwspinlock
hwtracing intel_th: msu: Fix an off-by-one in attribute store 2019-01-13 09:51:10 +01:00
i2c i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E) 2019-02-12 19:47:11 +01:00
ide ide: fix a typo in the settings proc file name 2019-01-31 08:14:42 +01:00
idle
iio iio: ti-ads8688: Update buffer allocation for timestamps 2019-02-15 08:10:10 +01:00
infiniband IB/hfi1: Add limit test for RC/UC send via loopback 2019-02-12 19:47:26 +01:00
input Input: bma150 - register input device after setting private data 2019-02-20 10:25:46 +01:00
iommu iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer 2019-02-12 19:47:07 +01:00
ipack
irqchip irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID 2019-02-12 19:47:24 +01:00
isdn isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() 2019-02-12 19:47:18 +01:00
leds leds: pwm: silently error out on EPROBE_DEFER 2019-01-13 09:51:08 +01:00
lightnvm lightnvm: pblk: add lock protection to list operations 2019-02-12 19:47:08 +01:00
macintosh
mailbox mailbox: PCC: handle parse error 2018-11-13 11:08:18 -08:00
mcb
md md: fix raid10 hang issue caused by barrier 2019-02-12 19:47:15 +01:00
media media: coda: fix H.264 deblocking filter controls 2019-02-12 19:47:07 +01:00
memory
memstick memstick: Prevent memstick host from getting runtime suspended during card detection 2019-02-12 19:47:10 +01:00
message
mfd mfd: tps6586x: Handle interrupts on suspend 2019-01-22 21:40:33 +01:00
misc eeprom: at24: add support for 24c2048 2019-02-20 10:25:35 +01:00
mmc mmc: block: handle complete_work on separate workqueue 2019-02-20 10:25:46 +01:00
mtd mtd: rawnand: gpmi: fix MX28 bus master lockup problem 2019-02-15 08:10:10 +01:00
mux mux: adgs1408: use the correct MODULE_LICENSE 2018-10-12 17:36:39 +02:00
net ath9k: dynack: check da->enabled first in sampling routines 2019-02-12 19:47:27 +01:00
nfc NFC: nfcmrvl_uart: fix OF child-node lookup 2018-11-13 11:08:48 -08:00
ntb
nubus
nvdimm mm, devm_memremap_pages: fix shutdown handling 2019-01-13 09:51:04 +01:00
nvme nvme: pad fake subsys NQN vid and ssvid with zeros 2019-02-20 10:25:41 +01:00
nvmem nvmem: check the return value of nvmem_add_cells() 2018-11-13 11:08:35 -08:00
of of: overlay: do not duplicate properties from overlay for new nodes 2019-02-06 17:30:16 +01:00
opp OPP: Use opp_table->regulators to verify no regulator case 2019-02-12 19:47:08 +01:00
oprofile
parisc
parport
pci PCI: imx: Enable MSI from downstream components 2019-02-12 19:47:19 +01:00
pcmcia pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges 2018-11-13 11:08:17 -08:00
perf perf: arm_spe: handle devm_kasprintf() failure 2019-02-12 19:47:03 +01:00
phy phy: sun4i-usb: add support for missing USB PHY index 2019-02-12 19:47:09 +01:00
pinctrl pinctrl: cherryview: fix Strago DMI workaround 2019-02-15 08:10:11 +01:00
platform platform/x86: mlx-platform: Fix tachometer registers 2019-02-12 19:47:08 +01:00
pnp
power power: supply: olpc_battery: correct the temperature units 2019-01-13 09:51:10 +01:00
powercap
pps
ps3
ptp ptp: Fix pass zero to ERR_PTR() in ptp_clock_register 2019-02-12 19:47:01 +01:00
pwm
rapidio
ras
regulator
remoteproc remoteproc: qcom: q6v5: Propagate EPROBE_DEFER 2018-11-13 11:08:52 -08:00
reset
rpmsg rpmsg: smd: fix memory leak on channel create 2018-11-13 11:08:55 -08:00
rtc rtc: m41t80: Correct alarm month range with RTC reads 2019-01-09 17:38:48 +01:00
s390 s390/zcrypt: improve special ap message cmd handling 2019-02-12 19:47:04 +01:00
sbus drivers/sbus/char: add of_node_put() 2018-12-21 14:15:17 +01:00
scsi scsi: aic94xx: fix module loading 2019-02-12 19:47:25 +01:00
sfi
sh
siox
slimbus slimbus: ngd: mark PM functions as __maybe_unused 2018-12-19 19:19:49 +01:00
sn
soc soc: bcm: brcmstb: Don't leak device tree node reference 2019-02-12 19:47:03 +01:00
soundwire
spi spi: bcm2835: Unbreak the build of esoteric configs 2019-01-09 17:38:49 +01:00
spmi
ssb
staging staging: speakup: fix tty-operation NULL derefs 2019-02-12 19:47:25 +01:00
target scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough 2019-01-26 09:32:38 +01:00
tc TC: Set DMA masks for devices 2018-11-13 11:08:51 -08:00
tee tee: optee: avoid possible double list_del() 2019-02-12 19:47:08 +01:00
thermal thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set 2019-02-12 19:47:21 +01:00
thunderbolt thunderbolt: Prevent root port runtime suspend during NVM upgrade 2018-12-17 09:24:36 +01:00
tty serial: sh-sci: Do not free irqs that have already been freed 2019-02-12 19:47:26 +01:00
uio uio: Fix an Oops on load 2018-11-27 16:13:09 +01:00
usb usb: gadget: musb: fix short isoc packets with inventra dma 2019-02-12 19:47:25 +01:00
uwb
vfio vfio/type1: Fix unmap overflow off-by-one 2019-01-16 22:04:34 +01:00
vhost vhost: fix OOB in get_rx_bufs() 2019-02-06 17:30:08 +01:00
video fbdev: fbcon: Fix unregister crash when more than one framebuffer 2019-02-12 19:47:15 +01:00
virt vbox: fix link error with 'gcc -Og' 2019-02-12 19:46:59 +01:00
virtio
visorbus
vlynq
vme
w1 w1: omap-hdq: fix missing bus unregister at removal 2018-11-13 11:08:48 -08:00
watchdog watchdog: renesas_wdt: don't set divider while watchdog is running 2019-02-12 19:47:07 +01:00
xen xen: Fix x86 sched_clock() interface for xen 2019-01-22 21:40:32 +01:00
zorro
Kconfig
Makefile