github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
42dc5f388a
linux/drivers
History
Kishon Vijay Abraham I 42dc5f388a usb: dwc3: ep0: Fix mem corruption on OUT transfers of more than 512 bytes 
commit b2fb5b1a0f upstream.

DWC3 uses bounce buffer to handle non max packet aligned OUT transfers and
the size of bounce buffer is 512 bytes. However if the host initiates OUT
transfers of size more than 512 bytes (and non max packet aligned), the
driver throws a WARN dump but still programs the TRB to receive more than
512 bytes. This will cause bounce buffer to overflow and corrupt the
adjacent memory locations which can be fatal.

Fix it by programming the TRB to receive a maximum of DWC3_EP0_BOUNCE_SIZE
(512) bytes.

Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-09-21 10:00:07 -07:00
..
accessibility
acpi ACPICA: Tables: Fix an issue that FACS initialization is performed twice 2015-08-03 09:29:46 -07:00
amba
ata ata: pmp: add quirk for Marvell 4140 SATA PMP 2015-08-10 12:20:31 -07:00
atm atm: idt77252: fix dev refcnt leak 2013-12-08 07:29:25 -08:00
auxdisplay
base Fix firmware loader uevent buffer NULL pointer dereference 2015-08-03 09:29:47 -07:00
bcma
block rbd: fix copyup completion race 2015-08-16 20:51:39 -07:00
bluetooth Bluetooth: btusb: Fix memory leak in Intel setup routine 2015-08-03 09:29:42 -07:00
bus bus: mvebu: pass the coherency availability information at init time 2015-07-03 19:48:09 -07:00
cdrom
char ipmi: fix timeout calculation when bmc is disconnected 2015-08-16 20:51:37 -07:00
clk clk: versatile: off by one in clk_sp810_timerclken_of_get() 2015-09-21 10:00:07 -07:00
clocksource clocksource: exynos_mct: Fix bitmask regression for exynos4_mct_write 2015-01-29 17:40:56 -08:00
connector net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
cpufreq cpufreq: speedstep-smi: enable interrupts when waiting 2015-03-06 14:40:48 -08:00
cpuidle cpuidle / menu: Return (-1) if there are no suitable states 2015-08-03 09:29:41 -07:00
crypto crypto: caam - fix memory corruption in ahash_final_ctx 2015-09-13 09:07:59 -07:00
dca
devfreq
dio
dma dmaengine: mv_xor: bug fix for racing condition in descriptors cleanup 2015-08-03 09:29:46 -07:00
edac EDAC, ppc4xx: Access mci->csrows array elements properly 2015-09-13 09:07:59 -07:00
eisa Revert "EISA: Initialize device before its resources" 2014-02-13 13:47:59 -08:00
extcon extcon: max77693: Fix two NULL pointer exceptions on missing pdata 2014-07-06 18:54:15 -07:00
firewire firewire: cdev: prevent kernel stack leaking into ioctl arguments 2014-11-21 09:22:53 -08:00
firmware efi-pstore: Make efi-pstore return a unique id 2015-02-05 22:35:40 -08:00
gpio gpio: sysfs: fix memory leaks and device hotplug 2015-05-17 09:51:32 -07:00
gpu DRM - radeon: Don't link train DisplayPort on HPD until we get the dpcd 2015-09-21 10:00:07 -07:00
hid HID: fixup the conflicting keyboard mappings quirk 2015-03-18 13:22:35 +01:00
hsi
hv Drivers: hv: vmbus: Don't wait after requesting offers 2015-05-13 05:15:43 -07:00
hwmon hwmon: (mcp3021) Fix broken output scaling 2015-08-03 09:29:46 -07:00
hwspinlock
i2c i2c: at91: fix a race condition when using the DMA controller 2015-08-03 09:29:43 -07:00
ide
idle x86 idle: Repair large-server 50-watt idle-power regression 2014-01-09 12:24:21 -08:00
iio iio: adis16480: Fix scale factors 2015-09-21 10:00:07 -07:00
infiniband iser-target: release stale iser connections 2015-08-03 09:29:46 -07:00
input Input: usbtouchscreen - avoid unresponsive TSC-30 touch screen 2015-08-10 12:20:30 -07:00
iommu iommu/vt-d: Fix an off-by-one bug in __domain_mapping() 2015-01-16 06:59:01 -08:00
ipack
irqchip irqchip: gic: Fix core ID calculation when topology is read from DT 2014-07-28 08:00:06 -07:00
isdn isdnloop: several buffer overflows 2014-04-14 06:42:18 -07:00
leds leds: leds-pwm: properly clean up after probe failure 2014-06-07 13:25:34 -07:00
lguest lguest: fix out-by-one error in address checking. 2015-06-05 23:19:54 -07:00
macintosh
mailbox
md dm thin metadata: delete btrees when releasing metadata snapshot 2015-09-13 09:07:59 -07:00
media cx24116: fix a buffer overflow when checking userspace params 2015-08-03 09:29:44 -07:00
memory
memstick memstick: mspro_block: add missing curly braces 2015-05-06 21:56:28 +02:00
message mptfusion: enable no_write_same for vmware scsi disks 2014-10-30 09:35:10 -07:00
mfd mfd: sm501: dbg_regs attribute must be read-only 2015-08-16 20:51:37 -07:00
misc mei: bus: fix possible boundaries violation 2014-11-21 09:22:55 -08:00
mmc mmc: sdhci-pxav3: fix platform_data is not initialized 2015-08-10 12:20:30 -07:00
mtd mtd: dc21285: use raw spinlock functions for nw_gpio_lock 2015-08-03 09:29:41 -07:00
net ath9k: fix DMA stop sequence for AR9003+ 2015-08-03 09:29:42 -07:00
nfc NFC: microread: Potential overflows in microread_target_discovered() 2014-10-05 14:54:12 -07:00
ntb NTB: Correct debugfs to work with more than 1 NTB Device 2013-11-13 12:05:35 +09:00
nubus
of of/base: Fix PowerPC address parsing hack 2014-12-06 15:05:47 -08:00
oprofile
parisc
parport drivers: parport: Kconfig: exclude arm64 for PARPORT_PC 2015-05-06 21:56:26 +02:00
pci PCI: Fix TI816X class code quirk 2015-09-21 10:00:07 -07:00
pcmcia Disable write buffering on Toshiba ToPIC95 2015-08-03 09:29:41 -07:00
pinctrl pinctrl: mvebu: armada-xp: fix functions of MPP48 2015-08-03 09:29:42 -07:00
platform hp_accel: Add support for HP ZBook 15 2015-01-27 07:52:31 -08:00
pnp PNP / ACPI: proper handling of ACPI IO/Memory resource parsing failures 2014-03-23 21:38:22 -07:00
power power_supply: lp8788-charger: Fix leaked power supply on probe fail 2015-05-06 21:56:21 +02:00
pps
ps3
ptp
pwm
rapidio rapidio/tsi721_dma: fix failure to obtain transaction descriptor 2014-08-07 14:30:25 -07:00
regulator regulator: core: fix constraints output buffer 2015-08-03 09:29:41 -07:00
remoteproc
reset
rpmsg
rtc rtc: rtc-at91rm9200: fix infinite wait for ACKUPD irq 2014-06-26 15:12:37 -04:00
s390 crypto: prefix module autoloading with "crypto-" 2015-01-29 17:40:57 -08:00
sbus bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000 2014-08-14 09:24:16 +08:00
scsi libfc: Fix fc_fcp_cleanup_each_cmd() 2015-09-13 09:07:59 -07:00
sfi
sh
sn
spi spi: spidev: fix possible arithmetic overflow for multi-transfer message 2015-05-06 21:56:21 +02:00
ssb
ssbi
staging staging: rtl8712: prevent buffer overrun in recvbuf2recvframe 2015-08-03 09:29:42 -07:00
target iscsi-target: Fix iscsit_start_kthreads failure OOPs 2015-08-16 20:51:39 -07:00
tc
thermal
tty xen/console: Update console event channel on resume 2015-05-17 09:51:32 -07:00
uio
usb usb: dwc3: ep0: Fix mem corruption on OUT transfers of more than 512 bytes 2015-09-21 10:00:07 -07:00
uwb
vfio vfio-pci: Fix the check on pci device type in vfio_pci_probe() 2015-01-27 07:52:32 -08:00
vhost vhost: actually track log eventfd file 2015-08-10 12:20:31 -07:00
video video: vgacon: Don't build on arm64 2015-05-06 21:56:25 +02:00
virt
virtio virtio_pci: fix virtio spec compliance on restore 2014-11-14 08:47:55 -08:00
vlynq
vme VME: Correct read/write alignment algorithm 2014-02-22 12:41:28 -08:00
w1 w1: fix w1_send_slave dropping a slave id 2014-05-06 07:55:28 -07:00
watchdog watchdog: omap: assert the counter being stopped before reprogramming 2015-08-03 09:29:47 -07:00
xen xen/gntdevt: Fix race condition in gntdev_release() 2015-08-16 20:51:39 -07:00
zorro
Kconfig
Makefile