github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-06 05:27:07 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4210c35fe8
linux/drivers
History
Zhou Qingyang 4210c35fe8 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() 
[ Upstream commit 977d2e7c63 ]

In nonstatic_find_mem_region(), pcmcia_make_resource() is assigned to
res and used in pci_bus_alloc_resource(). There a dereference of res
in pci_bus_alloc_resource(), which could lead to a NULL pointer
dereference on failure of pcmcia_make_resource().

Fix this bug by adding a check of res.

This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.

Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.

Builds with CONFIG_PCCARD_NONSTATIC=y show no new warnings,
and our static analyzer no longer warns about this code.

Fixes: 49b1153adf ("pcmcia: move all pcmcia_resource_ops providers into one module")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-01-27 10:54:00 +01:00
..
accessibility
acpi ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes 2022-01-27 10:54:00 +01:00
amba ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" 2021-11-06 14:10:09 +01:00
android binder: fix async_free_space accounting for empty parcels 2022-01-05 12:40:33 +01:00
ata libata: if T_LENGTH is zero, dma direction should be DMA_NONE 2021-12-22 09:30:58 +01:00
atm
auxdisplay auxdisplay: ht16k33: Fix frame buffer device blanking 2021-11-18 14:04:24 +01:00
base software node: fix wrong node passed to find nargs_prop 2022-01-27 10:53:59 +01:00
bcma bcma: Fix memory leak for internally-handled cores 2021-09-15 09:50:45 +02:00
block floppy: Fix hang in watchdog when disk is ejected 2022-01-27 10:53:53 +01:00
bluetooth Bluetooth: hci_qca: Stop IBS timer during BT OFF 2022-01-27 10:54:00 +01:00
bus bus: ti-sysc: Fix variable set but not used warning for reinit_modules 2021-12-22 09:30:59 +01:00
cdrom
char random: fix crash on multiple early calls to add_bootloader_randomness() 2022-01-16 09:14:23 +01:00
clk clk: bcm-2835: Remove rounding up the dividers 2022-01-27 10:53:45 +01:00
clocksource clocksource/drivers/timer-ti-dm: Select TIMER_OF 2021-11-18 14:04:09 +01:00
connector
counter counter: 104-quad-8: Return error when invalid mode during ceiling_write 2021-09-15 09:50:38 +02:00
cpufreq cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink() 2021-12-08 09:03:21 +01:00
cpuidle cpuidle: Fix kobject memory leaks in error paths 2021-11-18 14:04:05 +01:00
crypto crypto: stm32 - Revert broken pm_runtime_resume_and_get changes 2022-01-27 10:53:56 +01:00
dax
dca
devfreq
dio
dma dmaengine: st_fdma: fix MODULE_ALIAS 2021-12-22 09:30:53 +01:00
dma-buf dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() 2022-01-27 10:53:43 +01:00
edac EDAC/amd64: Handle three rank interleaving mode 2021-11-18 14:04:06 +01:00
eisa
extcon
firewire
firmware firmware: qemu_fw_cfg: fix kobject leak in probe error path 2022-01-20 09:17:51 +01:00
fpga fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() 2021-09-30 10:11:04 +02:00
fsi
gnss
gpio gpio: dln2: Fix interrupts when replugging the device 2021-12-29 12:26:03 +01:00
gpu drm/tegra: vic: Fix DMA API misuse 2022-01-27 10:53:57 +01:00
greybus
hid HID: wacom: Avoid using stale array indicies to read contact count 2022-01-27 10:53:40 +01:00
hsi
hv hyperv/vmbus: include linux/bitops.h 2021-11-18 14:03:42 +01:00
hwmon hwmon: (mr75203) fix wrong power-up delay value 2022-01-27 10:54:00 +01:00
hwspinlock
hwtracing coresight: cti: Correct the parameter for pm_runtime_put 2021-11-18 14:03:51 +01:00
i2c i2c: validate user data in compat ioctl 2022-01-05 12:40:32 +01:00
i3c
ide
idle
iio iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs 2022-01-27 10:53:43 +01:00
infiniband RDMA/uverbs: Check for null return of kmalloc_array 2022-01-11 15:24:59 +01:00
input Input: zinitix - make sure the IRQ is allocated before it gets enabled 2022-01-11 15:25:02 +01:00
interconnect treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
iommu iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure 2022-01-27 10:53:43 +01:00
ipack ipack: ipoctal: fix module reference leak 2021-10-06 15:56:01 +02:00
irqchip irqchip: nvic: Fix offset for Interrupt Priority Offsets 2021-12-14 11:32:46 +01:00
isdn mISDN: change function names to avoid conflicts 2022-01-11 15:25:02 +01:00
leds leds: trigger: audio: Add an activate callback to ensure the initial brightness is set 2021-09-15 09:50:36 +02:00
lightnvm
macintosh
mailbox soc: mediatek: cmdq: add address shift in jump 2021-09-18 13:40:16 +02:00
mcb mcb: fix error handling in mcb_alloc_bus() 2021-09-30 10:11:00 +02:00
md md: revert io stats accounting 2022-01-16 09:14:21 +01:00
media media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes 2022-01-27 10:53:56 +01:00
memory memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails 2022-01-27 10:53:48 +01:00
memstick memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() 2021-11-18 14:04:07 +01:00
message
mfd mfd: atmel-flexcom: Use .resume_noirq 2022-01-27 10:53:51 +01:00
misc lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() 2022-01-27 10:53:43 +01:00
mmc mmc: meson-mx-sdio: add IRQ check 2022-01-27 10:53:58 +01:00
most most: fix control-message timeouts 2021-11-18 14:03:51 +01:00
mtd mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove 2022-01-27 10:53:50 +01:00
mux
net iwlwifi: mvm: test roc running status bits before removing the sta 2022-01-27 10:53:58 +01:00
nfc NFC: st21nfca: Fix memory leak in device probe and remove 2022-01-05 12:40:31 +01:00
ntb NTB: perf: Fix an error code in perf_setup_inbuf() 2021-09-22 12:28:02 +02:00
nubus
nvdimm libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind 2021-09-18 13:40:36 +02:00
nvme nvmet: use IOCB_NOWAIT only if the filesystem supports it 2021-12-01 09:19:07 +01:00
nvmem nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells 2021-10-20 11:45:01 +02:00
of of: unittest: fix EXPECT text for gpio hog errors 2021-11-18 14:04:13 +01:00
opp opp: Fix return in _opp_add_static_v2() 2021-11-18 14:04:22 +01:00
oprofile
parisc parisc: Move pci_dev_is_behind_card_dino to where it is used 2021-09-26 14:08:59 +02:00
parport parport: remove non-zero check on count 2021-09-18 13:40:34 +02:00
pci PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller 2022-01-27 10:53:43 +01:00
pcmcia pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() 2022-01-27 10:54:00 +01:00
perf
phy phy: qcom-snps: Correct the FSEL_MASK 2021-11-18 14:04:20 +01:00
pinctrl pinctrl: mediatek: fix global-out-of-bounds issue 2021-12-29 12:26:07 +01:00
platform platform/x86: apple-gmux: use resource_size() with res 2022-01-05 12:40:29 +01:00
pnp
power power: bq25890: Enable continuous conversion for ADC at charging 2022-01-11 15:25:01 +01:00
powercap
pps
ps3
ptp ptp_pch: Load module automatically if ID matches 2021-10-13 10:04:27 +02:00
pwm pwm: stm32-lp: Don't modify HW state in .remove() callback 2021-09-26 14:09:01 +02:00
rapidio
ras
regulator regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled 2021-11-18 14:03:45 +01:00
remoteproc remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided 2022-01-20 09:17:50 +01:00
reset reset: socfpga: add empty driver allowing consumers to probe 2021-11-18 14:03:42 +01:00
rpmsg
rtc rtc: cmos: take rtc_lock while reading from CMOS 2022-01-27 10:53:42 +01:00
s390 s390/cio: make ccw_device_dma_* more robust 2021-11-18 14:04:30 +01:00
sbus
scsi scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() 2022-01-11 15:25:02 +01:00
sfi
sh maple: fix wrong return value of maple_bus_init(). 2021-11-26 10:39:12 +01:00
siox
slimbus slimbus: ngd: reset dma setup during runtime pm 2021-08-26 08:35:55 -04:00
soc soc/tegra: fuse: Fix bitwise vs. logical OR warning 2021-12-22 09:30:54 +01:00
soundwire soundwire: debugfs: use controller id and link_id for debugfs 2021-11-18 14:04:16 +01:00
spi spi: change clk_disable_unprepare to clk_unprepare 2021-12-29 12:25:54 +01:00
spmi
ssb
staging media: hantro: Fix probe func error path 2022-01-27 10:53:57 +01:00
target scsi: target: Fix alua_tg_pt_gps_count tracking 2021-11-26 10:39:11 +01:00
tc
tee tee: fix put order in teedev_close_context() 2022-01-27 10:53:49 +01:00
thermal thermal/drivers/imx8mm: Enable ADC when enabling monitor 2022-01-27 10:53:52 +01:00
thunderbolt thunderbolt: Fix port linking by checking all adapters 2021-09-18 13:40:27 +02:00
tty serial: amba-pl011: do not request memory region twice 2022-01-27 10:53:53 +01:00
uio
usb usb: ftdi-elan: fix memory leak on device disconnect 2022-01-27 10:53:58 +01:00
vdpa vdpa/mlx5: Avoid destroying MR on empty iotlb 2021-08-26 08:35:42 -04:00
vfio vfio: Use config not menuconfig for VFIO_NOIOMMU 2021-09-18 13:40:12 +02:00
vhost vdpa: check that offsets are within bounds 2021-12-22 09:30:51 +01:00
video backlight: qcom-wled: Respect enabled-strings in set_brightness 2022-01-27 10:53:59 +01:00
virt
virtio virtio_ring: Fix querying of maximum DMA mapping size for virtio device 2021-12-22 09:30:51 +01:00
visorbus
vlynq
vme
w1
watchdog ar7: fix kernel builds for compiler test 2021-11-18 14:04:24 +01:00
xen xen: detect uninitialized xenbus in xenbus_init 2021-12-01 09:19:01 +01:00
zorro
Kconfig
Makefile