android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f1893feb20
android_kernel_xiaomi_sm8450/drivers
History
Ziyang Xuan b44dd92e2a team: fix null-ptr-deref when team device type is changed 
[ Upstream commit 492032760127251e5540a5716a70996bacf2a3fd ]

Get a null-ptr-deref bug as follows with reproducer [1].

BUG: kernel NULL pointer dereference, address: 0000000000000228
...
RIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]
...
Call Trace:
 <TASK>
 ? __die+0x24/0x70
 ? page_fault_oops+0x82/0x150
 ? exc_page_fault+0x69/0x150
 ? asm_exc_page_fault+0x26/0x30
 ? vlan_dev_hard_header+0x35/0x140 [8021q]
 ? vlan_dev_hard_header+0x8e/0x140 [8021q]
 neigh_connected_output+0xb2/0x100
 ip6_finish_output2+0x1cb/0x520
 ? nf_hook_slow+0x43/0xc0
 ? ip6_mtu+0x46/0x80
 ip6_finish_output+0x2a/0xb0
 mld_sendpack+0x18f/0x250
 mld_ifc_work+0x39/0x160
 process_one_work+0x1e6/0x3f0
 worker_thread+0x4d/0x2f0
 ? __pfx_worker_thread+0x10/0x10
 kthread+0xe5/0x120
 ? __pfx_kthread+0x10/0x10
 ret_from_fork+0x34/0x50
 ? __pfx_kthread+0x10/0x10
 ret_from_fork_asm+0x1b/0x30

[1]
$ teamd -t team0 -d -c '{"runner": {"name": "loadbalance"}}'
$ ip link add name t-dummy type dummy
$ ip link add link t-dummy name t-dummy.100 type vlan id 100
$ ip link add name t-nlmon type nlmon
$ ip link set t-nlmon master team0
$ ip link set t-nlmon nomaster
$ ip link set t-dummy up
$ ip link set team0 up
$ ip link set t-dummy.100 down
$ ip link set t-dummy.100 master team0

When enslave a vlan device to team device and team device type is changed
from non-ether to ether, header_ops of team device is changed to
vlan_header_ops. That is incorrect and will trigger null-ptr-deref
for vlan->real_dev in vlan_dev_hard_header() because team device is not
a vlan device.

Cache eth_header_ops in team_setup(), then assign cached header_ops to
header_ops of team net device when its type is changed from non-ether
to ether to fix the bug.

Fixes: 1d76efe157 ("team: add support for non-ethernet devices")
Suggested-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230918123011.1884401-1-william.xuanziyang@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-10-10 21:53:28 +02:00
..
accessibility speakup: fix a segfault caused by switching consoles 2022-11-25 17:45:50 +01:00
acpi ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 2023-09-23 11:01:05 +02:00
amba amba: bus: fix refcount leak 2023-09-19 12:20:19 +02:00
android binder: fix memory leak in binder_init() 2023-08-16 18:21:00 +02:00
ata ata: libahci: clear pending interrupt status 2023-10-10 21:53:24 +02:00
atm atm: idt77252: fix kmemleak when rmmod idt77252 2023-04-05 11:23:35 +02:00
auxdisplay
base driver core: test_async: fix an error code 2023-09-19 12:20:18 +02:00
bcma
block rbd: prevent busy loop when requesting exclusive lock 2023-08-30 16:23:12 +02:00
bluetooth Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() 2023-09-19 12:20:09 +02:00
bus bus: ti-sysc: Configure uart quirks for k3 SoC 2023-09-23 11:01:07 +02:00
cdrom
char tpm_tis: Resend command to recover from data transfer errors 2023-09-23 11:01:06 +02:00
clk clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock 2023-09-19 12:20:25 +02:00
clocksource clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe 2023-07-27 08:43:33 +02:00
connector
counter counter: 104-quad-8: Fix race condition between FLAG and CNTR reads 2023-05-17 11:47:28 +02:00
cpufreq cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug 2023-09-19 12:20:23 +02:00
cpuidle powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT 2023-09-19 12:20:15 +02:00
crypto crypto: stm32 - fix loop iterating through scatterlist for DMA 2023-09-19 12:20:23 +02:00
dax dax: Introduce alloc_dev_dax_id() 2023-07-27 08:44:00 +02:00
dca
devfreq PM / devfreq: Fix leak in devfreq_dev_release() 2023-09-19 12:20:21 +02:00
dio drivers: dio: fix possible memory leak in dio_init() 2023-01-14 10:15:54 +01:00
dma dmaengine: ste_dma40: Add missing IRQ check in d40_probe 2023-09-19 12:20:20 +02:00
dma-buf dma-buf/sw_sync: Avoid recursive lock during fence signal 2023-08-30 16:23:19 +02:00
edac EDAC/skx: Fix overflows on the DRAM row address mapping arrays 2023-05-17 11:47:39 +02:00
eisa
extcon extcon: Fix kernel doc of property capability fields to avoid warnings 2023-07-27 08:44:04 +02:00
firewire firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region 2023-02-15 17:22:09 +01:00
firmware arm64: sdei: abort running SDEI handlers during crash 2023-09-19 12:20:28 +02:00
fpga fpga: bridge: fix kernel-doc parameter description 2023-05-17 11:47:55 +02:00
fsi fsi: aspeed: Reset master errors after CFAM reset 2023-09-19 12:20:18 +02:00
gnss
gpio gpio: tps68470: Make tps68470_gpio_output() always set the initial value 2023-08-11 11:57:31 +02:00
gpu drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma 2023-09-23 11:01:10 +02:00
greybus
hid HID: multitouch: Correct devm device reference for hidinput input_dev name 2023-09-19 12:20:19 +02:00
hsi HSI: omap_ssi_core: Fix error handling in ssi_init() 2023-01-14 10:16:03 +01:00
hv Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs 2023-06-28 10:28:07 +02:00
hwmon hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() 2023-09-19 12:20:10 +02:00
hwspinlock hwspinlock: qcom: correct MMIO max register for newer SoCs 2022-11-16 09:57:07 +01:00
hwtracing coresight: tmc: Explicit type conversions to prevent integer overflow 2023-09-19 12:20:18 +02:00
i2c i2c: aspeed: Reset the i2c controller when timeout occurs 2023-09-23 11:01:11 +02:00
i3c
ide
idle
iio iio: addac: stx104: Fix race condition when converting analog-to-digital 2023-08-26 15:26:47 +02:00
infiniband RDMA/siw: Correct wrong debug message 2023-09-19 12:20:19 +02:00
input Input: adxl34x - do not hardcode interrupt trigger type 2023-07-27 08:43:46 +02:00
interconnect interconnect: qcom: osm-l3: fix icc_onecell_data allocation 2023-04-05 11:23:29 +02:00
iommu iommu/vt-d: Fix to flush cache of PASID directory table 2023-09-19 12:20:18 +02:00
ipack
irqchip irqchip/mips-gic: Use raw spinlock for gic_lock 2023-08-26 15:26:48 +02:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-16 18:21:01 +02:00
leds leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename 2023-07-27 08:44:14 +02:00
lightnvm
macintosh macintosh: via-pmu-led: requires ATA to be set 2023-05-17 11:48:00 +02:00
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-07-27 08:44:08 +02:00
mcb mcb-pci: Reallocate memory region to avoid memory overlapping 2023-05-30 12:57:50 +01:00
md md/raid1: fix error: ISO C90 forbids mixed declarations 2023-09-23 11:01:09 +02:00
media media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning 2023-09-23 11:01:08 +02:00
memory memory: brcmstb_dpfe: fix testing array offset after use 2023-07-27 08:43:48 +02:00
memstick memstick r592: make memstick_debug_get_tpc_name() static 2023-07-27 08:43:40 +02:00
message scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition 2023-05-30 12:57:49 +01:00
mfd mfd: stmpe: Only disable the regulators if they are enabled 2023-07-27 08:44:07 +02:00
misc misc: pci_endpoint_test: Re-init completion for every test 2023-07-27 08:44:29 +02:00
mmc mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 2023-09-23 11:01:06 +02:00
most
mtd mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller 2023-09-23 11:01:08 +02:00
mux
net team: fix null-ptr-deref when team device type is changed 2023-10-10 21:53:28 +02:00
nfc nfcsim.c: Fix error checking for debugfs_create_dir 2023-06-28 10:28:14 +02:00
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-19 12:20:22 +02:00
nubus nubus: Partially revert proc_create_single_data() conversion 2023-07-27 08:43:31 +02:00
nvdimm
nvme nvme-rdma: fix potential unbalanced freeze & unfreeze 2023-08-16 18:21:02 +02:00
nvmem nvmem: core: fix return value 2023-02-22 12:56:00 +01:00
of of: unittest: Fix overlay type in apply/revert check 2023-09-19 12:20:13 +02:00
opp OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() 2023-09-19 12:20:07 +02:00
oprofile
parisc parisc: led: Reduce CPU overhead for disk & lan LED computation 2023-09-19 12:20:24 +02:00
parport parport_pc: Avoid FIFO port location truncation 2022-11-25 17:45:44 +01:00
pci Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" 2023-09-19 12:20:22 +02:00
pcmcia pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() 2023-08-26 15:26:45 +02:00
perf perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 2023-09-23 11:01:05 +02:00
phy phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write 2023-09-19 12:20:20 +02:00
pinctrl pinctrl: cherryview: fix address_space_handler() argument 2023-09-19 12:20:24 +02:00
platform platform/x86: intel_scu_ipc: Fail IPC send if still busy 2023-10-10 21:53:27 +02:00
pnp PNP: fix name memory leak in pnp_alloc_dev() 2023-01-14 10:15:17 +01:00
power power: supply: Fix logic checking if system is running from battery 2023-06-21 15:45:36 +02:00
powercap powercap: RAPL: Fix CONFIG_IOSF_MBI dependency 2023-07-27 08:43:34 +02:00
pps
ps3
ptp ptp_qoriq: fix memory leak in probe() 2023-04-05 11:23:47 +02:00
pwm pwm: lpc32xx: Remove handling of PWM channels 2023-09-19 12:20:25 +02:00
rapidio rapidio: devices: fix missing put_device in mport_cdev_open 2023-01-14 10:15:23 +01:00
ras
regulator regulator: core: Streamline debugfs operations 2023-07-27 08:43:38 +02:00
remoteproc remoteproc: stm32_rproc: Add mutex protection for workqueue 2023-05-30 12:57:48 +01:00
reset reset: imx7: Fix the iMX8MP PCIe PHY PERST support 2022-10-05 10:38:40 +02:00
rpmsg rpmsg: glink: Add check for kstrdup 2023-09-19 12:20:20 +02:00
rtc rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff 2023-09-19 12:20:02 +02:00
s390 s390/zcrypt: don't leak memory if dev_set_name() fails 2023-09-19 12:20:27 +02:00
sbus
scsi scsi: pm8001: Setup IRQs on resume 2023-09-23 11:01:11 +02:00
sfi
sh
siox siox: fix possible memory leak in siox_device_add() 2022-11-25 17:45:44 +01:00
slimbus slimbus: stream: correct presence rate frequencies 2022-11-25 17:45:50 +01:00
soc soc: qcom: qmi_encdec: Restrict string length in decode 2023-09-19 12:20:25 +02:00
soundwire soundwire: fix enumeration completion 2023-08-11 11:57:55 +02:00
spi spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() 2023-09-19 12:20:08 +02:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-05-17 11:47:59 +02:00
ssb
staging media: rkvdec: increase max supported height for H.264 2023-09-19 12:20:17 +02:00
target scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() 2023-09-23 11:01:08 +02:00
tc
tee tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta' 2023-06-14 11:09:53 +02:00
thermal thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() 2023-07-27 08:43:34 +02:00
thunderbolt thunderbolt: Use const qualifier for ring_interrupt_index 2023-04-05 11:23:37 +02:00
tty serial: cpm_uart: Avoid suspicious locking 2023-09-23 11:01:08 +02:00
uio uio: uio_dmem_genirq: Fix deadlock between irq config and handling 2023-01-14 10:15:55 +01:00
usb usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc 2023-09-23 11:01:08 +02:00
vdpa vdpa/mlx5: Don't clear mr struct on destroy MR 2023-03-11 16:39:45 +01:00
vfio vfio/type1: fix cap_migration information leak 2023-09-19 12:20:14 +02:00
vhost vhost: support PACKED when setting-getting vring_base 2023-06-14 11:09:57 +02:00
video backlight: gpio_backlight: Drop output GPIO direction check for initial power state 2023-09-19 12:20:25 +02:00
virt
virtio virtio_ring: fix avail_wrap_counter in virtqueue_add_packed 2023-09-19 12:20:20 +02:00
visorbus
vlynq
vme vme: Fix error not catched in fake_init() 2023-01-14 10:16:00 +01:00
w1 w1: fix loop in w1_fini() 2023-07-27 08:44:02 +02:00
watchdog watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load 2023-09-19 12:20:25 +02:00
xen xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() 2023-05-30 12:57:58 +01:00
zorro
Kconfig
Makefile