android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_kernel_samsung_sm8650/drivers
History
Manish Chopra ffb057f989 qed: Fix stack out of bounds bug 
KASAN reported following bug in qed_init_qm_get_idx_from_flags
due to inappropriate casting of "pq_flags". Fix the type of "pq_flags".

[  196.624707] BUG: KASAN: stack-out-of-bounds in qed_init_qm_get_idx_from_flags+0x1a4/0x1b8 [qed]
[  196.624712] Read of size 8 at addr ffff809b00bc7360 by task kworker/0:9/1712
[  196.624714]
[  196.624720] CPU: 0 PID: 1712 Comm: kworker/0:9 Not tainted 4.18.0-60.el8.aarch64+debug #1
[  196.624723] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL024 09/26/2018
[  196.624733] Workqueue: events work_for_cpu_fn
[  196.624738] Call trace:
[  196.624742]  dump_backtrace+0x0/0x2f8
[  196.624745]  show_stack+0x24/0x30
[  196.624749]  dump_stack+0xe0/0x11c
[  196.624755]  print_address_description+0x68/0x260
[  196.624759]  kasan_report+0x178/0x340
[  196.624762]  __asan_report_load_n_noabort+0x38/0x48
[  196.624786]  qed_init_qm_get_idx_from_flags+0x1a4/0x1b8 [qed]
[  196.624808]  qed_init_qm_info+0xec0/0x2200 [qed]
[  196.624830]  qed_resc_alloc+0x284/0x7e8 [qed]
[  196.624853]  qed_slowpath_start+0x6cc/0x1ae8 [qed]
[  196.624864]  __qede_probe.isra.10+0x1cc/0x12c0 [qede]
[  196.624874]  qede_probe+0x78/0xf0 [qede]
[  196.624879]  local_pci_probe+0xc4/0x180
[  196.624882]  work_for_cpu_fn+0x54/0x98
[  196.624885]  process_one_work+0x758/0x1900
[  196.624888]  worker_thread+0x4e0/0xd18
[  196.624892]  kthread+0x2c8/0x350
[  196.624897]  ret_from_fork+0x10/0x18
[  196.624899]
[  196.624902] Allocated by task 2:
[  196.624906]  kasan_kmalloc.part.1+0x40/0x108
[  196.624909]  kasan_kmalloc+0xb4/0xc8
[  196.624913]  kasan_slab_alloc+0x14/0x20
[  196.624916]  kmem_cache_alloc_node+0x1dc/0x480
[  196.624921]  copy_process.isra.1.part.2+0x1d8/0x4a98
[  196.624924]  _do_fork+0x150/0xfa0
[  196.624926]  kernel_thread+0x48/0x58
[  196.624930]  kthreadd+0x3a4/0x5a0
[  196.624932]  ret_from_fork+0x10/0x18
[  196.624934]
[  196.624937] Freed by task 0:
[  196.624938] (stack is not available)
[  196.624940]
[  196.624943] The buggy address belongs to the object at ffff809b00bc0000
[  196.624943]  which belongs to the cache thread_stack of size 32768
[  196.624946] The buggy address is located 29536 bytes inside of
[  196.624946]  32768-byte region [ffff809b00bc0000, ffff809b00bc8000)
[  196.624948] The buggy address belongs to the page:
[  196.624952] page:ffff7fe026c02e00 count:1 mapcount:0 mapping:ffff809b4001c000 index:0x0 compound_mapcount: 0
[  196.624960] flags: 0xfffff8000008100(slab|head)
[  196.624967] raw: 0fffff8000008100 dead000000000100 dead000000000200 ffff809b4001c000
[  196.624970] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  196.624973] page dumped because: kasan: bad access detected
[  196.624974]
[  196.624976] Memory state around the buggy address:
[  196.624980]  ffff809b00bc7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624983]  ffff809b00bc7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624985] >ffff809b00bc7300: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2
[  196.624988]                                                        ^
[  196.624990]  ffff809b00bc7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624993]  ffff809b00bc7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624995] ==================================================================

Signed-off-by: Manish Chopra <manishc@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-28 11:13:34 -08:00
..
accessibility
acpi
acpi/nfit: Fix command-supported detection
2019-01-21 09:58:31 -08:00
amba
android
binderfs: switch from d_add() to d_instantiate()
2019-01-22 12:25:54 +01:00
ata
SCSI fixes on 20190125
2019-01-26 15:03:43 -08:00
atm
atm: he: fix sign-extension overflow on large shift
2019-01-17 11:27:00 -08:00
auxdisplay
auxdisplay: charlcd: fix x/y command parsing
2018-12-21 21:27:21 +01:00
base
regmap: Fixes for v5.0
2019-01-19 07:17:19 +12:00
bcma
block
for-linus-20190118
2019-01-20 09:12:50 +12:00
bluetooth
Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading
2018-12-19 13:43:42 +01:00
bus
ARM: SoC driver updates
2018-12-31 17:32:35 -08:00
cdrom
gdrom: fix a memory leak bug
2018-12-29 08:20:44 -07:00
char
Char/Misc driver fixes for 5.0-rc4
2019-01-25 13:03:34 -10:00
clk
clk: socfpga: stratix10: fix naming convention for the fixed-clocks
2019-01-15 12:58:38 -08:00
clocksource
arch/csky patches for 4.21-rc1
2019-01-05 09:50:07 -08:00
connector
cpufreq
Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'pm-sleep'
2019-01-11 10:09:51 +01:00
cpuidle
powerpc updates for 4.21
2018-12-27 10:43:24 -08:00
crypto
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2019-01-19 05:48:43 +12:00
dax
mm, devm_memremap_pages: fix shutdown handling
2018-12-28 12:11:47 -08:00
dca
devfreq
dio
dma
cross-tree: phase out dma_zalloc_coherent()
2019-01-08 07:58:37 -05:00
dma-buf
drivers/dma-buf/udmabuf.c: convert to use vm_fault_t
2019-01-04 13:13:46 -08:00
edac
EDAC, fsl_ddr: Add LS1021A to the list of supported hardware
2018-12-19 11:57:45 +01:00
eisa
extcon
firewire
scsi: communicate max segment size to the DMA mapping code
2019-01-22 20:40:59 -05:00
firmware
arm64 fixes for -rc1
2019-01-05 11:28:39 -08:00
fmc
fpga
Remove 'type' argument from access_ok() function
2019-01-03 18:57:57 -08:00
fsi
gnss
gpio
gpio: pca953x: Make symbol 'pca953x_i2c_regmap' static
2019-01-11 09:16:40 +01:00
gpu
Merge tag 'drm-msm-fixes-2019-01-24' of git://people.freedesktop.org/~robclark/linux into drm-fixes
2019-01-25 07:45:00 +10:00
hid
HID: core: simplify active collection tracking
2019-01-16 14:29:48 +01:00
hsi
hv
vmbus: fix subchannel removal
2019-01-09 19:20:31 -05:00
hwmon
hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table
2019-01-17 12:54:52 -08:00
hwspinlock
hwspinlock: fix return value check in stm32_hwspinlock_probe()
2019-01-03 11:42:10 -08:00
hwtracing
intel_th: msu: Fix an off-by-one in attribute store
2018-12-19 20:21:06 +01:00
i2c
i2c: tegra: Fix Maximum transfer size
2019-01-11 00:15:04 +01:00
i3c
i3c: master: Fix an error checking typo in 'cdns_i3c_master_probe()'
2019-01-22 13:56:37 +01:00
ide
ide: fix a typo in the settings proc file name
2019-01-22 15:08:12 +13:00
idle
iio
- New Device Support
2019-01-15 06:24:36 +12:00
infiniband
First 5.0 rc pull request
2019-01-18 17:17:20 +12:00
input
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2019-01-27 09:07:03 -08:00
iommu
IOMMU Fix for Linux v5.0-rc3
2019-01-22 07:27:17 +13:00
ipack
irqchip
irqchip/csky: fixup handle_irq_perbit break irq
2019-01-09 00:18:46 +08:00
isdn
isdn: avm: Fix string plus integer warning from Clang
2019-01-19 10:01:03 -08:00
leds
leds: lp5523: fix a missing check of return value of lp55xx_read
2019-01-17 22:27:39 +01:00
lightnvm
lightnvm: pblk: fix use-after-free bug
2018-12-22 14:45:35 -07:00
macintosh
Remove 'type' argument from access_ok() function
2019-01-03 18:57:57 -08:00
mailbox
mailbox: tegra-hsp: Use device-managed registration API
2018-12-21 22:31:26 -06:00
mcb
md
- Fix DM crypt's parsing of extended IV arguments.
2019-01-25 09:07:18 +13:00
media
media: vim2m: only cancel work if it is for right context
2019-01-16 11:13:25 -05:00
memory
ARM: SoC: late updates
2019-01-05 11:30:37 -08:00
memstick
MMC core:
2018-12-28 16:52:18 -08:00
message
scsi: flip the default on use_clustering
2018-12-18 23:13:12 -05:00
mfd
- New Device Support
2019-01-15 06:24:36 +12:00
misc
Char/Misc driver fixes for 5.0-rc4
2019-01-25 13:03:34 -10:00
mmc
MMC host:
2019-01-25 13:07:03 -10:00
mtd
mtd: rawnand: denali: get ->setup_data_interface() working again
2019-01-18 10:27:01 +01:00
mux
net
qed: Fix stack out of bounds bug
2019-01-28 11:13:34 -08:00
nfc
ntb
cross-tree: phase out dma_zalloc_coherent()
2019-01-08 07:58:37 -05:00
nubus
nvdimm
libnvdimm/security: Require nvdimm_security_setup_events() to succeed
2019-01-21 09:57:43 -08:00
nvme
for-linus-20190125
2019-01-26 12:42:41 -08:00
nvmem
of
OF: properties: add missing of_node_put
2019-01-16 12:49:53 -06:00
opp
cpufreq: scpi/scmi: Fix freeing of dynamic OPPs
2019-01-04 12:19:40 +01:00
oprofile
parisc
Kconfig file consolidation for v4.21
2018-12-29 13:40:29 -08:00
parport
pci
pci-v5.0-fixes-2
2019-01-19 07:26:16 +12:00
pcmcia
Included in this update:
2019-01-05 11:23:17 -08:00
perf
drivers/perf: hisi: Fixup one DDRC PMU register offset
2019-01-04 10:13:27 +00:00
phy
USB/PHY fixes for 5.0-rc4
2019-01-25 12:57:09 -10:00
pinctrl
Pin control bulk changes for the v4.21 kernel cycle:
2019-01-01 13:19:16 -08:00
platform
platform/x86: apple-gmux: Make PCI dependency explicit
2019-01-15 23:17:16 +01:00
pnp
Remove 'type' argument from access_ok() function
2019-01-03 18:57:57 -08:00
power
power supply and reset changes for the v4.21 series
2018-12-28 20:22:45 -08:00
powercap
pps
Kconfig updates for v4.21
2018-12-29 13:03:29 -08:00
ps3
ptp
ptp: check that rsv field is zero in struct ptp_sys_offset_extended
2019-01-08 16:22:56 -05:00
pwm
pwm: imx: Add ipg clock operation
2018-12-24 12:06:56 +01:00
rapidio
cross-tree: phase out dma_zalloc_coherent()
2019-01-08 07:58:37 -05:00
ras
treewide: surround Kconfig file paths with double quotes
2018-12-22 00:25:54 +09:00
regulator
Merge remote-tracking branch 'regulator/topic/coupled' into regulator-next
2018-12-21 13:43:35 +00:00
remoteproc
virtio: don't allocate vqs when names[i] = NULL
2019-01-14 20:15:19 -05:00
reset
reset: uniphier-glue: Add AHCI reset control support in glue layer
2019-01-07 16:38:51 +01:00
rpmsg
rtc
RTC for 4.21
2019-01-01 13:24:31 -08:00
s390
s390 update with bug fixes for 5.0-rc4
2019-01-24 08:58:01 +13:00
sbus
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next
2018-12-26 10:32:18 -08:00
scsi
SCSI fixes on 20190125
2019-01-26 15:03:43 -08:00
sfi
sh
siox
slimbus
sn
soc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-01-16 05:13:36 +12:00
soundwire
spi
cross-tree: phase out dma_zalloc_coherent()
2019-01-08 07:58:37 -05:00
spmi
ssb
staging
staging: android: ion: Support cpu access during dma_buf_detach
2019-01-22 11:38:09 +01:00
target
scsi: tcmu: fix use after free
2019-01-22 20:54:00 -05:00
tc
tee
OP-TEE dynamic shm log message
2018-12-31 13:06:30 -08:00
thermal
Merge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
2019-01-23 16:23:41 +13:00
thunderbolt
tty
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
2019-01-22 09:32:08 +01:00
uio
Char/Misc driver patches for 4.21-rc1
2018-12-28 20:54:57 -08:00
usb
USB-serial fixes for 5.0-rc3
2019-01-18 12:58:20 +01:00
uwb
vfio
vfio-pci/nvlink2: Fix ancient gcc warnings
2019-01-23 08:20:43 -07:00
vhost
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-01-21 12:52:31 +13:00
video
TTY/Serial driver fixes for 5.0-rc4
2019-01-25 12:58:40 -10:00
virt
virtio
virtio-balloon: tweak config_changed implementation
2019-01-14 20:15:20 -05:00
visorbus
vlynq
vme
w1
treewide: surround Kconfig file paths with double quotes
2018-12-22 00:25:54 +09:00
watchdog
watchdog: tqmx86: Fix a couple IS_ERR() vs NULL bugs
2019-01-07 10:10:35 +01:00
xen
arm64/xen: fix xen-swiotlb cache flushing
2019-01-23 22:14:56 +01:00
zorro
Kconfig
Kconfig file consolidation for v4.21
2018-12-29 13:40:29 -08:00
Makefile