github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
ccf4f2933d
linux/drivers/pci
History
Jubin Zhong 3b20e285bb PCI: Fix pci_slot_release() NULL pointer dereference 
commit 4684709bf8 upstream.

If kobject_init_and_add() fails, pci_slot_release() is called to delete
slot->list from parent->slots.  But slot->list hasn't been initialized
yet, so we dereference a NULL pointer:

  Unable to handle kernel NULL pointer dereference at virtual address
00000000
  ...
  CPU: 10 PID: 1 Comm: swapper/0 Not tainted 4.4.240 #197
  task: ffffeb398a45ef10 task.stack: ffffeb398a470000
  PC is at __list_del_entry_valid+0x5c/0xb0
  LR is at pci_slot_release+0x84/0xe4
  ...
  __list_del_entry_valid+0x5c/0xb0
  pci_slot_release+0x84/0xe4
  kobject_put+0x184/0x1c4
  pci_create_slot+0x17c/0x1b4
  __pci_hp_initialize+0x68/0xa4
  pciehp_probe+0x1a4/0x2fc
  pcie_port_probe_service+0x58/0x84
  driver_probe_device+0x320/0x470

Initialize slot->list before calling kobject_init_and_add() to avoid this.

Fixes: 8a94644b44 ("PCI: Fix pci_create_slot() reference count leak")
Link: https://lore.kernel.org/r/1606876422-117457-1-git-send-email-zhongjubin@huawei.com
Signed-off-by: Jubin Zhong <zhongjubin@huawei.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org	# v5.9+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:26:17 +01:00
..
controller PCI: iproc: Fix out-of-bound array accesses 2020-12-30 11:25:58 +01:00
endpoint PCI: endpoint: Fix for concurrent memory allocation in OB address region 2020-04-17 10:48:46 +02:00
hotplug PCI: pciehp: Fix MSI interrupt race 2020-10-01 13:14:41 +02:00
pcie PCI/ASPM: Add missing newline in sysfs 'policy' 2020-08-19 08:14:58 +02:00
switch PCI/switchtec: Fix init_completion race condition with poll_wait() 2020-04-17 10:48:40 +02:00
access.c PCI: Fix pci_cfg_wait queue locking problem 2020-08-19 08:14:56 +02:00
ats.c
bus.c PCI: Add device even if driver attach failed 2020-08-21 11:05:29 +02:00
ecam.c
host-bridge.c
iov.c PCI/IOV: Fix memory leak in pci_iov_add_virtfn() 2020-02-14 16:33:23 -05:00
irq.c
Kconfig
Makefile
mmap.c
msi.c PCI/MSI: Fix incorrect MSI-X masking on resume 2019-12-21 10:57:24 +01:00
of.c
pci-acpi.c PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() 2020-12-30 11:26:08 +01:00
pci-driver.c PM: ACPI/PCI: Resume all devices during hibernation 2020-01-27 14:50:59 +01:00
pci-label.c
pci-mid.c
pci-pf-stub.c
pci-stub.c
pci-sysfs.c
pci.c PCI: Fix overflow in command-line resource alignment requests 2020-12-30 11:25:58 +01:00
pci.h PCI/ERR: Use slot reset if available 2019-11-20 18:47:13 +01:00
probe.c PCI: Probe bridge window attributes once at enumeration-time 2020-08-21 11:05:29 +02:00
proc.c
quirks.c PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken 2020-08-21 11:05:29 +02:00
remove.c
rom.c PCI: Use ioremap(), not phys_to_virt() for platform ROM 2020-10-01 13:14:40 +02:00
search.c
setup-bus.c PCI: Probe bridge window attributes once at enumeration-time 2020-08-21 11:05:29 +02:00
setup-irq.c
setup-res.c PCI: Allow pci_resize_resource() for devices on root bus 2020-06-25 15:32:48 +02:00
slot.c PCI: Fix pci_slot_release() NULL pointer dereference 2020-12-30 11:26:17 +01:00
syscall.c
vc.c
vpd.c
xen-pcifront.c