github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
d384f8b855
linux/drivers
History
Yue Haibing 9b9b0df4e7 fm10k: Fix a potential NULL pointer dereference 
commit 01ca667133 upstream.

Syzkaller report this:

kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 4378 Comm: syz-executor.0 Tainted: G         C        5.0.0+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:__lock_acquire+0x95b/0x3200 kernel/locking/lockdep.c:3573
Code: 00 0f 85 28 1e 00 00 48 81 c4 08 01 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 24 00 00 49 81 7d 00 e0 de 03 a6 41 bc 00 00
RSP: 0018:ffff8881e3c07a40 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000080
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8881e3c07d98 R11: ffff8881c7f21f80 R12: 0000000000000001
R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000001
FS:  00007fce2252e700(0000) GS:ffff8881f2400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffc7eb0228 CR3: 00000001e5bea002 CR4: 00000000007606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 lock_acquire+0xff/0x2c0 kernel/locking/lockdep.c:4211
 __mutex_lock_common kernel/locking/mutex.c:925 [inline]
 __mutex_lock+0xdf/0x1050 kernel/locking/mutex.c:1072
 drain_workqueue+0x24/0x3f0 kernel/workqueue.c:2934
 destroy_workqueue+0x23/0x630 kernel/workqueue.c:4319
 __do_sys_delete_module kernel/module.c:1018 [inline]
 __se_sys_delete_module kernel/module.c:961 [inline]
 __x64_sys_delete_module+0x30c/0x480 kernel/module.c:961
 do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fce2252dc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce2252e6bc
R13: 00000000004bcca9 R14: 00000000006f6b48 R15: 00000000ffffffff

If alloc_workqueue fails, it should return -ENOMEM, otherwise may
trigger this NULL pointer dereference while unloading drivers.

Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 0a38c17a21 ("fm10k: Remove create_workqueue")
Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-02 09:58:57 +02:00
..
accessibility
acpi nfit/ars: Avoid stale ARS results 2019-04-27 09:36:39 +02:00
amba
android binder: fix handling of misaligned binder object 2019-05-02 09:58:56 +02:00
ata libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD 2019-02-15 08:10:10 +01:00
atm atm: he: fix sign-extension overflow on large shift 2019-02-27 10:08:57 +01:00
auxdisplay auxdisplay: hd44780: Fix memory leak on ->remove() 2019-04-20 09:15:55 +02:00
base mm: hide incomplete nr_indirectly_reclaimable in sysfs 2019-04-20 09:16:05 +02:00
bcma
block zram: pass down the bvec we need to read into in the work struct 2019-05-02 09:58:53 +02:00
bluetooth Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() 2019-03-27 14:14:42 +09:00
bus
cdrom cdrom: Fix race condition in cdrom_sysctl_register 2019-04-05 22:33:10 +02:00
char tpm: Fix the type of the return value in calc_tpm2_event_size() 2019-04-27 09:36:40 +02:00
clk Revert "clk: meson: clean-up clock registration" 2019-04-17 08:38:46 +02:00
clocksource clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability 2019-03-23 20:09:58 +01:00
connector connector: fix unsafe usage of ->real_parent 2019-03-19 13:12:38 +01:00
cpufreq cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies 2019-04-05 22:33:03 +02:00
cpuidle cpuidle: big.LITTLE: fix refcount leak 2019-02-12 19:47:08 +01:00
crypto crypto: axis - fix for recursive locking from bottom half 2019-04-20 09:16:04 +02:00
dax mm, devm_memremap_pages: fix shutdown handling 2019-01-13 09:51:04 +01:00
dca
devfreq
dio
dma dmaengine: sh: rcar-dmac: Fix glitch in dmaengine_tx_status 2019-05-02 09:58:55 +02:00
dma-buf
edac EDAC, skx_edac: Fix logical channel intermediate decoding 2018-11-13 11:08:44 -08:00
eisa
extcon
firewire
firmware efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted 2019-04-05 22:33:12 +02:00
fmc
fpga fpga: altera-cvp: fix 'bad IO access' on x86_64 2019-02-12 19:46:59 +01:00
fsi fsi: master-ast-cf: select GENERIC_ALLOCATOR 2018-12-17 09:24:35 +01:00
gnss gnss: sirf: fix premature wakeup interrupt enable 2019-03-10 07:17:21 +01:00
gpio gpio: eic: sprd: Fix incorrect irq type setting for the sync EIC 2019-05-02 09:58:53 +02:00
gpu drm/vc4: Fix compilation error reported by kbuild test bot 2019-05-02 09:58:56 +02:00
hid i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array 2019-04-27 09:36:41 +02:00
hsi
hv Drivers: hv: vmbus: Check for ring when getting debug info 2019-01-31 08:14:36 +01:00
hwmon hwmon: (w83773g) Select REGMAP_I2C to fix build error 2019-04-17 08:38:47 +02:00
hwspinlock
hwtracing intel_th: gth: Fix an off-by-one in output unassigning 2019-05-02 09:58:56 +02:00
i2c i2c: of: Try to find an I2C adapter matching the parent 2019-04-05 22:33:11 +02:00
ide ide: fix a typo in the settings proc file name 2019-01-31 08:14:42 +01:00
idle
iio io: accel: kxcjk1013: restore the range after resume. 2019-04-27 09:36:35 +02:00
infiniband RDMA/mlx5: Do not allow the user to write to the clock page 2019-05-02 09:58:54 +02:00
input Input: synaptics-rmi4 - write config register values to the right offset 2019-05-02 09:58:55 +02:00
iommu iommu/dmar: Fix buffer overflow during PCI bus notification 2019-04-20 09:16:03 +02:00
ipack
irqchip irqchip/mbigen: Don't clear eventid when freeing an MSI 2019-04-20 09:15:59 +02:00
isdn mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S 2019-04-03 06:26:16 +02:00
leds leds: lp55xx: fix null deref on firmware load failure 2019-04-05 22:33:07 +02:00
lightnvm lightnvm: pblk: add lock protection to list operations 2019-02-12 19:47:08 +01:00
macintosh
mailbox mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue 2019-03-23 20:09:49 +01:00
mcb
md dm integrity: fix deadlock with overlapping I/O 2019-04-17 08:38:54 +02:00
media media: au0828: cannot kfree dev before usb disconnect 2019-04-20 09:16:01 +02:00
memory
memstick memstick: Prevent memstick host from getting runtime suspended during card detection 2019-02-12 19:47:10 +01:00
message
mfd mfd: sm501: Fix potential NULL pointer dereference 2019-03-23 20:10:09 +01:00
misc lkdtm: Add tests for NULL pointer dereference 2019-04-20 09:16:04 +02:00
mmc mmc: sdhci: Handle auto-command errors 2019-04-27 09:36:39 +02:00
mtd mtd: rawnand: gpmi: fix MX28 bus master lockup problem 2019-02-15 08:10:10 +01:00
mux mux: adgs1408: use the correct MODULE_LICENSE 2018-10-12 17:36:39 +02:00
net fm10k: Fix a potential NULL pointer dereference 2019-05-02 09:58:57 +02:00
nfc NFC: nfcmrvl_uart: fix OF child-node lookup 2018-11-13 11:08:48 -08:00
ntb
nubus
nvdimm libnvdimm: Fix altmap reservation size calculation 2019-03-23 20:09:53 +01:00
nvme nvme-pci: add missing unlock for reset error 2019-03-13 14:02:38 -07:00
nvmem nvmem: check the return value of nvmem_add_cells() 2018-11-13 11:08:35 -08:00
of of: overlay: do not duplicate properties from overlay for new nodes 2019-02-06 17:30:16 +01:00
opp OPP: Use opp_table->regulators to verify no regulator case 2019-02-12 19:47:08 +01:00
oprofile
parisc
parport parport_pc: fix find_superio io compare code, should use equal test. 2019-03-23 20:10:05 +01:00
pci PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe ports 2019-04-20 09:16:04 +02:00
pcmcia pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges 2018-11-13 11:08:17 -08:00
perf perf/aux: Make perf_event accessible to setup_aux() 2019-04-05 22:33:11 +02:00
phy phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs 2019-04-03 06:26:27 +02:00
pinctrl pinctrl: core: make sure strcmp() doesn't get a null parameter 2019-04-20 09:16:01 +02:00
platform platform/x86: Add Intel AtomISP2 dummy / power-management driver 2019-04-20 09:16:02 +02:00
pnp
power power: supply: charger-manager: Fix incorrect return value 2019-03-27 14:14:43 +09:00
powercap
pps
ps3
ptp ptp: Fix pass zero to ERR_PTR() in ptp_clock_register 2019-02-12 19:47:01 +01:00
pwm
rapidio
ras
regulator regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting 2019-04-05 22:33:15 +02:00
remoteproc remoteproc: qcom: q6v5: Propagate EPROBE_DEFER 2018-11-13 11:08:52 -08:00
reset
rpmsg rpmsg: smd: fix memory leak on channel create 2018-11-13 11:08:55 -08:00
rtc rtc: m41t80: Correct alarm month range with RTC reads 2019-01-09 17:38:48 +01:00
s390 s390/ism: ignore some errors during deregistration 2019-04-05 22:33:04 +02:00
sbus drivers/sbus/char: add of_node_put() 2018-12-21 14:15:17 +01:00
scsi Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" 2019-04-27 09:36:36 +02:00
sfi
sh
siox
slimbus slimbus: ngd: mark PM functions as __maybe_unused 2018-12-19 19:19:49 +01:00
sn
soc soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() 2019-04-20 09:16:03 +02:00
soundwire
spi spi: pxa2xx: Setup maximum supported DMA transfer length 2019-03-23 20:09:57 +01:00
spmi
ssb
staging staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf 2019-04-27 09:36:36 +02:00
target scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock 2019-03-23 20:09:59 +01:00
tc TC: Set DMA masks for devices 2018-11-13 11:08:51 -08:00
tee tee: optee: avoid possible double list_del() 2019-02-12 19:47:08 +01:00
thermal thermal/intel_powerclamp: fix truncated kthread name 2019-04-20 09:15:56 +02:00
thunderbolt thunderbolt: Prevent root port runtime suspend during NVM upgrade 2018-12-17 09:24:36 +01:00
tty vt: fix cursor when clearing the screen 2019-04-27 09:36:36 +02:00
uio uio: Fix an Oops on load 2018-11-27 16:13:09 +01:00
usb USB: Consolidate LPM checks to avoid enabling LPM twice 2019-05-02 09:58:56 +02:00
uwb
vfio vfio/type1: Limit DMA mappings per container 2019-05-02 09:58:55 +02:00
vhost vhost: reject zero size iova range 2019-04-27 09:36:31 +02:00
video backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state 2019-04-05 22:33:13 +02:00
virt vbox: fix link error with 'gcc -Og' 2019-02-12 19:46:59 +01:00
virtio virtio: Honour 'may_reduce_num' in vring_create_virtqueue 2019-04-17 08:38:52 +02:00
visorbus
vlynq
vme
w1 w1: omap-hdq: fix missing bus unregister at removal 2018-11-13 11:08:48 -08:00
watchdog watchdog: mt7621_wdt/rt2880_wdt: Fix compilation problem 2019-02-27 10:08:52 +01:00
xen xen/gntdev: Do not destroy context while dma-bufs are in use 2019-04-05 22:33:06 +02:00
zorro
Kconfig
Makefile