android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
993,916 Commits 2 Branches 0 Tags 2.3 GiB
C 97.8%
Assembly 1.2%
Shell 0.3%
Makefile 0.3%
Python 0.2%
Other 0.1%
b40328eea9
Go to file
Frank Li b40328eea9 usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() 
commit cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6 upstream.

  ...
  cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);
  list_del_init(&priv_req->list);
  ...

'priv_req' actually free at cdns3_gadget_ep_free_request(). But
list_del_init() use priv_req->list after it.

[ 1542.642868][  T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4
[ 1542.642868][  T534]
[ 1542.653162][  T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):
[ 1542.660311][  T534]  __list_del_entry_valid+0x10/0xd4
[ 1542.665375][  T534]  cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]
[ 1542.671571][  T534]  usb_ep_disable+0x44/0xe4
[ 1542.675948][  T534]  ffs_func_eps_disable+0x64/0xc8
[ 1542.680839][  T534]  ffs_func_set_alt+0x74/0x368
[ 1542.685478][  T534]  ffs_func_disable+0x18/0x28

Move list_del_init() before cdns3_gadget_ep_free_request() to resolve this
problem.

Cc: stable@vger.kernel.org
Fixes: 7733f6c32e ("usb: cdns3: Add Cadence USB3 DRD Driver")
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Reviewed-by: Roger Quadros <rogerq@kernel.org>
Acked-by: Peter Chen <peter.chen@kernel.org>
Link: https://lore.kernel.org/r/20240202154217.661867-1-Frank.Li@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-01 13:16:49 +01:00
arch x86/alternative: Make custom return thunk unconditional 2024-03-01 13:16:49 +01:00
block blk-iocost: Fix an UBSAN shift-out-of-bounds warning 2024-02-23 08:42:21 +01:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:13:17 +02:00
crypto crypto: api - Disallow identical driver names 2024-02-23 08:41:52 +01:00
Documentation net: sysfs: Fix /sys/class/net/<iface> path for statistics 2024-02-23 08:42:23 +01:00
drivers usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() 2024-03-01 13:16:49 +01:00
fs erofs: fix lz4 inplace decompression 2024-03-01 13:16:48 +01:00
include task_stack, x86/cea: Force-inline stack helpers 2024-03-01 13:16:47 +01:00
init rootfs: Fix support for rootfstype= when root= is given 2024-01-25 14:37:52 -08:00
io_uring io_uring/rw: ensure io->bytes_done is always initialized 2024-01-25 14:37:52 -08:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:24:00 +01:00
kernel seccomp: Invalidate seccomp mode to catch death failures 2024-03-01 13:16:46 +01:00
lib crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init 2024-02-23 08:42:30 +01:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb 2024-03-01 13:16:43 +01:00
net l2tp: pass correct message length to ip6_append_data 2024-03-01 13:16:48 +01:00
samples samples/hw_breakpoint: fix building without module unloading 2023-09-23 11:01:09 +02:00
scripts scripts/decode_stacktrace.sh: optionally use LLVM utilities 2024-02-23 08:42:31 +01:00
security lsm: fix the logic in security_inode_getsecctx() 2024-02-23 08:42:26 +01:00
sound ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use 2024-03-01 13:16:47 +01:00
tools selftests: net: avoid just another constant wait 2024-02-23 08:42:19 +01:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:25:48 +01:00
virt KVM: use __vcalloc for very large allocations 2024-02-23 08:41:55 +01:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
Makefile Linux 5.10.210 2024-02-23 08:42:33 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.