github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 22:14:04 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4c2eddf774
linux/drivers
History
Will Deacon 4c2eddf774 FROMGIT: pinctrl: devicetree: Avoid taking direct reference to device name string 
When populating the pinctrl mapping table entries for a device, the
'dev_name' field for each entry is initialised to point directly at the
string returned by 'dev_name()' for the device and subsequently used by
'create_pinctrl()' when looking up the mappings for the device being
probed.

This is unreliable in the presence of calls to 'dev_set_name()', which may
reallocate the device name string leaving the pinctrl mappings with a
dangling reference. This then leads to a use-after-free every time the
name is dereferenced by a device probe:

  | BUG: KASAN: invalid-access in strcmp+0x20/0x64
  | Read of size 1 at addr 13ffffc153494b00 by task modprobe/590
  | Pointer tag: [13], memory tag: [fe]
  |
  | Call trace:
  |  __kasan_report+0x16c/0x1dc
  |  kasan_report+0x10/0x18
  |  check_memory_region
  |  __hwasan_load1_noabort+0x4c/0x54
  |  strcmp+0x20/0x64
  |  create_pinctrl+0x18c/0x7f4
  |  pinctrl_get+0x90/0x114
  |  devm_pinctrl_get+0x44/0x98
  |  pinctrl_bind_pins+0x5c/0x450
  |  really_probe+0x1c8/0x9a4
  |  driver_probe_device+0x120/0x1d8

Follow the example of sysfs, and duplicate the device name string before
stashing it away in the pinctrl mapping entries.

Cc: Linus Walleij <linus.walleij@linaro.org>
Reported-by: Elena Petrova <lenaptr@google.com>
Tested-by: Elena Petrova <lenaptr@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20191002124206.22928-1-will@kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>

(cherry picked from commit be4c60b563
https: //git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl.git
devel)
Bug: 140550171
Signed-off-by: Elena Petrova <lenaptr@google.com>
Change-Id: Ia54c7088590ab0f9adc7753c191bba85c06dfdc1
2019-11-25 17:19:04 +00:00
..
accessibility
acpi This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
amba
android This is the 4.19.85 stable release 2019-11-20 20:43:17 +01:00
ata ata: ep93xx: Use proper enums for directions 2019-11-24 08:20:10 +01:00
atm Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 2019-09-21 07:16:57 +02:00
auxdisplay auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach 2019-09-06 10:21:56 +02:00
base This is the 4.19.85 stable release 2019-11-20 20:43:17 +01:00
bcma
block This is the 4.19.83 stable release 2019-11-10 16:00:46 +01:00
bluetooth Bluetooth: btrsi: fix bt tx timeout issue 2019-11-20 18:47:42 +01:00
bus bus: ti-sysc: Simplify cleanup upon failures in sysc_probe() 2019-09-21 07:16:51 +02:00
cdrom
char This is the 4.19.85 stable release 2019-11-20 20:43:17 +01:00
clk clk: samsung: Use clk_hw API for calling clk framework from clk notifiers 2019-11-24 08:20:23 +01:00
clocksource clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines 2019-11-24 08:19:57 +01:00
connector
cpufreq This is the 4.19.81 stable release 2019-10-29 09:41:48 +01:00
cpuidle This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
crypto crypto: mxs-dcp - Fix AES issues 2019-11-24 08:20:31 +01:00
dax mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses 2019-05-22 07:37:40 +02:00
dca
devfreq PM / devfreq: Fix static checker warning in try_then_request_governor 2019-11-24 08:21:07 +01:00
dio
dma dmaengine: rcar-dmac: set scatter/gather max segment size 2019-11-24 08:20:30 +01:00
dma-buf This is the 4.19.78 stable release 2019-10-07 19:17:35 +02:00
edac EDAC: Correct DIMM capacity unit symbol 2019-11-20 18:47:15 +01:00
eisa
energy_model
extcon extcon: cht-wc: Return from default case to avoid warnings 2019-11-20 18:45:26 +01:00
firewire
firmware This is the 4.19.85 stable release 2019-11-20 20:43:17 +01:00
fmc
fpga fpga: altera-ps-spi: Fix getting of optional confd gpio 2019-09-21 07:16:53 +02:00
fsi fsi: scom: Don't abort operations for minor errors 2019-09-06 10:22:19 +02:00
gnss
gpio This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
gpu This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
hid HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() 2019-11-12 19:20:54 +01:00
hsi
hv vmbus: keep pointer to ring buffer page 2019-11-20 18:47:31 +01:00
hwmon hwmon: (npcm-750-pwm-fan) Change initial pwm target to 255 2019-11-24 08:21:01 +01:00
hwspinlock
hwtracing coresight: dynamic-replicator: Handle multiple connections 2019-11-20 18:47:29 +01:00
i2c i2c: zx2967: use core to detect 'no zero length' quirk 2019-11-24 08:20:27 +01:00
ide
idle
iio This is the 4.19.85 stable release 2019-11-20 20:43:17 +01:00
infiniband This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
input Input: silead - try firmware reload after unsuccessful resume 2019-11-24 08:20:28 +01:00
iommu iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout 2019-11-24 08:19:30 +01:00
ipack
irqchip irqchip/irq-mvebu-icu: Fix wrong private data retrieval 2019-11-24 08:19:40 +01:00
isdn net: use skb_queue_empty_lockless() in poll() handlers 2019-11-10 11:27:48 +01:00
leds led: triggers: Fix a memory leak bug 2019-10-05 13:09:45 +02:00
lightnvm lightnvm: pblk: consider max hw sectors supported for max_write_pgs 2019-11-24 08:20:52 +01:00
macintosh
mailbox mbox: qcom: add APCS child device for QCS404 2019-10-07 18:57:02 +02:00
mcb
md This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
media This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
memory memory: tegra: Fix integer overflow on tick value calculation 2019-05-25 18:23:32 +02:00
memstick memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' 2019-10-29 09:20:07 +01:00
message
mfd mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable 2019-11-24 08:20:46 +01:00
misc This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
mmc This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
mtd mtd: devices: m25p80: Make sure WRITE_EN is issued before each write 2019-11-24 08:20:41 +01:00
mux
net This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
nfc NFC: st21nfca: fix double free 2019-11-12 19:20:30 +01:00
ntb ntb: point to right memory window index 2019-10-11 18:21:18 +02:00
nubus
nvdimm libnvdimm/region: Initialize bad block for volatile namespaces 2019-10-11 18:21:20 +02:00
nvme lightnvm: do no update csecs and sos on 1.2 2019-11-24 08:20:51 +01:00
nvmem nvmem: core: return error code instead of NULL from nvmem_device_get 2019-11-20 18:46:31 +01:00
of This is the 4.19.85 stable release 2019-11-20 20:43:17 +01:00
opp This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
oprofile
parisc parisc: Disable HP HSC-PCI Cards to prevent kernel crash 2019-10-05 13:10:04 +02:00
parport parport: Fix mem leak in parport_register_dev_model 2019-06-25 11:35:55 +08:00
pci PCI/ERR: Run error recovery callbacks for all affected devices 2019-11-20 18:47:39 +01:00
pcmcia
perf drivers/perf: arm_pmu: Fix failure path in PM notifier 2019-08-06 19:06:55 +02:00
phy phy: lantiq: Fix compile warning 2019-11-20 18:47:35 +01:00
pinctrl FROMGIT: pinctrl: devicetree: Avoid taking direct reference to device name string 2019-11-25 17:19:04 +00:00
platform platform/x86: mlx-platform: Properly use mlxplat_mlxcpld_msn201x_items 2019-11-24 08:20:39 +01:00
pnp
power This is the 4.19.85 stable release 2019-11-20 20:43:17 +01:00
powercap
pps drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl 2019-08-04 09:30:56 +02:00
ps3
ptp
pwm pwm: stm32-lp: Add check in case requested period cannot be achieved 2019-10-11 18:21:17 +02:00
rapidio drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings 2019-08-06 19:06:52 +02:00
ras RAS/CEC: Fix pfn insertion 2019-07-26 09:14:05 +02:00
regulator regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized 2019-11-10 11:27:15 +01:00
remoteproc remoteproc: qcom: q6v5: Fix a race condition on fatal crash 2019-11-24 08:20:29 +01:00
reset reset: Fix potential use-after-free in __of_reset_control_get() 2019-11-24 08:20:38 +01:00
rpmsg rpmsg: glink: smem: Support rx peak for size less than 4 bytes 2019-11-24 08:20:05 +01:00
rtc rtc: armada38x: fix possible race condition 2019-11-20 18:47:52 +01:00
s390 s390/kasan: avoid instrumentation of early C code 2019-11-24 08:20:44 +01:00
sbus
scsi This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
sfi
sh
siox
slimbus silmbus: ngd: register controller after power up. 2019-11-20 18:47:30 +01:00
sn
soc soc: fsl: bman_portals: defer probe after bman's probe 2019-11-24 08:20:28 +01:00
soundwire soundwire: intel: Fix uninitialized adev deref 2019-11-20 18:45:22 +01:00
spi This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
spmi
ssb ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit 2019-05-31 06:46:04 -07:00
staging media: imx: work around false-positive warning, again 2019-11-20 18:47:16 +01:00
target scsi: target: core: Do not overwrite CDB byte 1 2019-11-10 11:27:28 +01:00
tc
tee This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
thermal This is the 4.19.79 stable release 2019-10-11 19:13:57 +02:00
thunderbolt thunderbolt: Use 32-bit writes when writing ring producer/consumer 2019-11-06 13:06:12 +01:00
tty tty: serial: qcom_geni_serial: Fix serial when not used as console 2019-11-20 18:46:54 +01:00
uio vmbus: keep pointer to ring buffer page 2019-11-20 18:47:31 +01:00
usb This is the 4.19.86 stable release 2019-11-25 10:00:06 +01:00
uwb
vfio This is the 4.19.85 stable release 2019-11-20 20:43:17 +01:00
vhost vhost: make sure log_num < in_num 2019-09-16 08:22:25 +02:00
video backlight: lm3639: Unconditionally call led_classdev_unregister 2019-11-24 08:20:45 +01:00
virt virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr 2019-11-06 13:06:04 +01:00
virtio ANDROID: virtio: virtio_input: Set the amount of multitouch slots in virtio input 2019-10-29 02:22:29 +00:00
visorbus
vlynq
vme
w1 w1: fix the resume command API 2019-05-31 06:46:14 -07:00
watchdog watchdog: w83627hf_wdt: Support NCT6796D, NCT6797D, NCT6798D 2019-11-24 08:19:43 +01:00
xen xen/pci: reserve MCFG areas earlier 2019-10-11 18:21:13 +02:00
zorro
Kconfig
Makefile