android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46ec86ea0d
android_kernel_asus_sm8350/drivers
History
Zhou Qingyang 46ec86ea0d drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() 
[ Upstream commit b220110e4cd442156f36e1d9b4914bb9e87b0d00 ]

In amdgpu_connector_lcd_native_mode(), the return value of
drm_mode_duplicate() is assigned to mode, and there is a dereference
of it in amdgpu_connector_lcd_native_mode(), which will lead to a NULL
pointer dereference on failure of drm_mode_duplicate().

Fix this bug add a check of mode.

This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.

Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.

Builds with CONFIG_DRM_AMDGPU=m show no new warnings, and
our static analyzer no longer warns about this code.

Fixes: d38ceaf99e ("drm/amdgpu: add core driver (v4)")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-01-27 09:19:32 +01:00
..
accessibility
acpi ACPI: EC: Rework flushing of EC work while suspended to idle 2022-01-27 09:19:32 +01:00
amba ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" 2021-11-06 13:59:45 +01:00
android binder: fix async_free_space accounting for empty parcels 2022-01-05 12:37:46 +01:00
ata libata: if T_LENGTH is zero, dma direction should be DMA_NONE 2021-12-22 09:29:39 +01:00
atm atm: nicstar: register the interrupt handler in the right place 2021-07-19 08:53:12 +02:00
auxdisplay auxdisplay: ht16k33: Fix frame buffer device blanking 2021-11-17 09:48:45 +01:00
base devtmpfs regression fix: reconfigure on each mount 2022-01-20 09:19:17 +01:00
bcma bcma: Fix memory leak for internally-handled cores 2021-09-15 09:47:37 +02:00
block xen/blkfront: harden blkfront against event channel storms 2021-12-22 09:29:40 +01:00
bluetooth Bluetooth: bfusb: fix division by zero in send path 2022-01-16 09:15:38 +01:00
bus bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893 2021-10-13 10:08:19 +02:00
cdrom cdrom: gdrom: initialize global variable at init time 2021-05-26 12:05:19 +02:00
char random: fix crash on multiple early calls to add_bootloader_randomness() 2022-01-16 09:15:39 +01:00
clk clk: bcm-2835: Remove rounding up the dividers 2022-01-27 09:19:29 +01:00
clocksource clocksource/drivers/timer-ti-dm: Select TIMER_OF 2021-11-17 09:48:39 +01:00
connector
counter counter: 104-quad-8: Return error when invalid mode during ceiling_write 2021-09-15 09:47:34 +02:00
cpufreq cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink() 2021-12-08 09:01:11 +01:00
cpuidle cpuidle: Fix kobject memory leaks in error paths 2021-11-17 09:48:36 +01:00
crypto crypto: qce - fix uaf on qce_ahash_register_one 2022-01-27 09:19:30 +01:00
dax device-dax/core: Fix memory leak when rmmod dax.ko 2020-12-30 11:51:46 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:44:20 +02:00
dio
dma dmaengine: st_fdma: fix MODULE_ALIAS 2021-12-22 09:29:36 +01:00
dma-buf dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() 2022-01-27 09:19:28 +01:00
edac EDAC/amd64: Handle three rank interleaving mode 2021-11-17 09:48:36 +01:00
eisa
extcon extcon: intel-mrfld: Sync hardware and software state on init 2021-07-19 08:53:16 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 14:47:43 +02:00
firmware firmware: qemu_fw_cfg: fix kobject leak in probe error path 2022-01-20 09:19:18 +01:00
fpga fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() 2021-09-30 10:09:23 +02:00
fsi fsi/sbefifo: Fix reset timeout 2021-07-14 16:53:42 +02:00
gnss
gpio gpio: pca953x: Improve bias setting 2021-10-20 11:40:15 +02:00
gpu drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() 2022-01-27 09:19:32 +01:00
greybus
hid HID: wacom: Avoid using stale array indicies to read contact count 2022-01-27 09:19:26 +01:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:44:25 +02:00
hv hyperv/vmbus: include linux/bitops.h 2021-11-17 09:48:20 +01:00
hwmon hwmon: (lm90) Do not report 'busy' status bit as alarm 2021-12-29 12:23:37 +01:00
hwspinlock
hwtracing intel_th: Wait until port is in reset before programming it 2021-07-20 16:10:46 +02:00
i2c i2c: validate user data in compat ioctl 2022-01-05 12:37:45 +01:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:44:15 +02:00
ide scsi: ide: Do not set the RQF_PREEMPT flag for sense requests 2021-01-12 20:16:09 +01:00
idle
iio iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda 2021-12-22 09:29:35 +01:00
infiniband RDMA/uverbs: Check for null return of kmalloc_array 2022-01-11 15:23:31 +01:00
input Input: touchscreen - Fix backport of a02dcde595f7cbd240ccd64de96034ad91cffc40 2022-01-11 15:23:30 +01:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:46:37 +02:00
iommu iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure 2022-01-27 09:19:28 +01:00
ipack ipack: ipoctal: fix module reference leak 2021-10-06 15:42:36 +02:00
irqchip irqchip: nvic: Fix offset for Interrupt Priority Offsets 2021-12-14 14:49:06 +01:00
isdn mISDN: change function names to avoid conflicts 2022-01-11 15:23:33 +01:00
leds leds: trigger: audio: Add an activate callback to ensure the initial brightness is set 2021-09-15 09:47:33 +02:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:47:53 +01:00
macintosh
mailbox
mcb mcb: fix error handling in mcb_alloc_bus() 2021-09-30 10:09:22 +02:00
md dm btree remove: fix use after free in rebalance_children() 2021-12-22 09:29:35 +01:00
media media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' 2022-01-27 09:19:31 +01:00
memory memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe 2021-11-17 09:48:42 +01:00
memstick memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() 2021-11-17 09:48:37 +01:00
message
mfd mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() 2022-01-16 09:15:38 +01:00
misc lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() 2022-01-27 09:19:28 +01:00
mmc mmc: sdhci-pci: Add PCI ID for Intel ADL 2022-01-16 09:15:38 +01:00
mtd mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 2022-01-27 09:19:26 +01:00
mux
net wcn36xx: Release DMA channel descriptor allocations 2022-01-27 09:19:29 +01:00
nfc NFC: st21nfca: Fix memory leak in device probe and remove 2022-01-05 12:37:44 +01:00
ntb NTB: perf: Fix an error code in perf_setup_inbuf() 2021-09-22 12:26:44 +02:00
nubus
nvdimm libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind 2021-10-06 15:42:38 +02:00
nvme nvmet: use IOCB_NOWAIT only if the filesystem supports it 2021-12-01 09:23:33 +01:00
nvmem nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells 2021-10-20 11:40:14 +02:00
of of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS 2021-09-22 12:26:34 +02:00
opp opp: Fix return in _opp_add_static_v2() 2021-11-17 09:48:44 +01:00
oprofile
parisc parisc: Move pci_dev_is_behind_card_dino to where it is used 2021-09-26 14:07:10 +02:00
parport parport: remove non-zero check on count 2021-09-22 12:26:36 +02:00
pci PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller 2022-01-27 09:19:28 +01:00
pcmcia pcmcia: i82092: fix a null pointer dereference bug 2021-08-12 13:21:03 +02:00
perf drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe() 2021-07-14 16:53:14 +02:00
phy phy: qcom-qusb2: Fix a memory leak on probe 2021-11-17 09:48:43 +01:00
pinctrl pinctrl: mediatek: fix global-out-of-bounds issue 2021-12-29 12:23:37 +01:00
platform platform/x86: apple-gmux: use resource_size() with res 2022-01-05 12:37:43 +01:00
pnp
power power: reset: ltc2952: Fix use of floating point literals 2022-01-11 15:23:32 +01:00
powercap
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:51:26 +01:00
ptp ptp_pch: Load module automatically if ID matches 2021-10-13 10:08:19 +02:00
pwm pwm: stm32-lp: Don't modify HW state in .remove() callback 2021-09-26 14:07:13 +02:00
rapidio rapidio: handle create_workqueue() failure 2021-05-26 12:05:17 +02:00
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:24:18 +02:00
regulator regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled 2021-11-17 09:48:22 +01:00
remoteproc remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() 2020-12-30 11:51:24 +01:00
reset reset: socfpga: add empty driver allowing consumers to probe 2021-11-17 09:48:20 +01:00
rpmsg rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() 2021-05-19 10:08:25 +02:00
rtc rtc: cmos: take rtc_lock while reading from CMOS 2022-01-27 09:19:27 +01:00
s390 s390/cio: make ccw_device_dma_* more robust 2021-11-17 09:48:50 +01:00
sbus
scsi scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() 2022-01-11 15:23:33 +01:00
sfi
sh maple: fix wrong return value of maple_bus_init(). 2021-11-26 10:47:17 +01:00
siox
slimbus slimbus: ngd: reset dma setup during runtime pm 2021-08-26 08:36:21 -04:00
soc soc/tegra: fuse: Fix bitwise vs. logical OR warning 2021-12-22 09:29:37 +01:00
soundwire soundwire: stream: Fix test for DP prepare complete 2021-07-14 16:53:45 +02:00
spi spi: change clk_disable_unprepare to clk_unprepare 2021-12-29 12:23:34 +01:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 10:26:49 +01:00
ssb ssb: Fix error return code in ssb_bus_scan() 2021-07-14 16:53:29 +02:00
staging staging: greybus: fix stack size warning with UBSAN 2022-01-16 09:15:39 +01:00
target scsi: target: Fix alua_tg_pt_gps_count tracking 2021-11-26 10:47:16 +01:00
tc
tee tee: fix put order in teedev_close_context() 2022-01-27 09:19:30 +01:00
thermal thermal: core: Reset previous low and high trip during thermal zone init 2021-12-08 09:01:09 +01:00
thunderbolt thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 2021-06-03 08:59:03 +02:00
tty tty: serial: atmel: Call dma_async_issue_pending() 2022-01-27 09:19:31 +01:00
uio uio_hv_generic: Fix a memory leak in error handling paths 2021-05-26 12:05:17 +02:00
usb USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status 2022-01-16 09:15:38 +01:00
vfio vfio: Use config not menuconfig for VFIO_NOIOMMU 2021-09-22 12:26:23 +02:00
vhost vhost/vsock: fix incorrect used length reported to the guest 2021-12-01 09:23:34 +01:00
video vgacon: Propagate console boot parameters before calling `vc_resize' 2021-12-08 09:01:13 +01:00
virt virt: vbox: Do not use wait_event_interruptible when called from kernel context 2021-03-04 10:26:10 +01:00
virtio virtio_ring: Fix querying of maximum DMA mapping size for virtio device 2021-12-22 09:29:34 +01:00
visorbus visorbus: fix error return code in visorchipset_init() 2021-07-14 16:53:42 +02:00
vlynq
vme
w1 w1: ds2438: fixing bug that would always get page0 2021-07-20 16:10:41 +02:00
watchdog ar7: fix kernel builds for compiler test 2021-11-17 09:48:46 +01:00
xen xen: detect uninitialized xenbus in xenbus_init 2021-12-01 09:23:28 +01:00
zorro
Kconfig
Makefile