AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
8f49e1694c
kernel_optimize_test/drivers
History
Zhihao Cheng 6d8d3f68cb ubi: ubi_create_volume: Fix use-after-free when volume creation failed 
[ Upstream commit 8c03a1c21d72210f81cb369cc528e3fde4b45411 ]

There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s
error handling path:

  ubi_eba_replace_table(vol, eba_tbl)
    vol->eba_tbl = tbl
out_mapping:
  ubi_eba_destroy_table(eba_tbl)   // Free 'eba_tbl'
out_unlock:
  put_device(&vol->dev)
    vol_release
      kfree(tbl->entries)	  // UAF

Fix it by removing redundant 'eba_tbl' releasing.
Fetch a reproducer in [Link].

Fixes: 493cfaeaa0 ("mtd: utilize new cdev_device_add helper function")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215965
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-06-14 18:32:35 +02:00
..
accessibility
acpi ACPI: property: Release subnode properties with data nodes 2022-06-09 10:21:23 +02:00
amba amba: Make the remove callback return void 2022-04-08 14:40:02 +02:00
android
ata ata: pata_marvell: Check the 'bmdma_addr' beforing reading 2022-04-27 13:53:54 +02:00
atm atm: eni: Add check for dma_map_single 2022-03-23 09:13:27 +01:00
auxdisplay
base driver core: fix deadlock in __device_attach 2022-06-14 18:32:34 +02:00
bcma
block virtio_blk: fix the discard_granularity and discard_alignment queue limits 2022-06-09 10:21:05 +02:00
bluetooth Bluetooth: hci_qca: Use del_timer_sync() before freeing 2022-06-06 08:42:43 +02:00
bus bus: ti-sysc: Fix warnings for unbind for serial 2022-06-14 18:32:34 +02:00
cdrom
char Revert "random: use static branch for crng_ready()" 2022-06-09 10:21:31 +02:00
clk clk: at91: generated: consider range when calculating best rate 2022-05-25 09:17:58 +02:00
clocksource clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value 2022-06-14 18:32:34 +02:00
connector
counter
cpufreq cpufreq: mediatek: Unregister platform device on exit 2022-06-09 10:21:19 +02:00
cpuidle
crypto crypto: sun8i-ss - handle zero sized sg 2022-06-09 10:21:17 +02:00
dax dax: make sure inodes are flushed before destroy cache 2022-04-08 14:40:16 +02:00
dca
devfreq PM / devfreq: rk3399_dmc: Disable edev on remove() 2022-06-09 10:20:57 +02:00
dio
dma dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() 2022-06-09 10:21:20 +02:00
dma-buf udmabuf: validate ubuf->pagecount 2022-04-08 14:40:12 +02:00
edac EDAC/dmc520: Don't print an error for each unconfigured interrupt line 2022-06-09 10:21:02 +02:00
eisa
extcon extcon: ptn5150: Add queue work sync before driver release 2022-06-14 18:32:33 +02:00
firewire firewire: core: extend card->lock in fw_core_handle_bus_reset 2022-05-12 12:25:32 +02:00
firmware firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle 2022-06-14 18:32:34 +02:00
fpga
fsi fsi: Aspeed: Fix a potential double free 2022-04-08 14:40:23 +02:00
gnss
gpio gpiolib: of: Introduce hook for missing gpio-ranges 2022-06-09 10:21:15 +02:00
gpu gma500: fix an incorrect NULL check on list iterator 2022-06-09 10:21:28 +02:00
greybus greybus: svc: fix an error handling bug in gb_svc_hello() 2022-04-08 14:39:50 +02:00
hid HID: elan: Fix potential double free in elan_input_configured 2022-06-09 10:21:02 +02:00
hsi
hv random: remove unused irq_flags argument from add_interrupt_randomness() 2022-05-30 09:33:27 +02:00
hwmon hwmon: (f71882fg) Fix negative temperature 2022-05-18 10:23:45 +02:00
hwspinlock
hwtracing coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier 2022-06-14 18:32:32 +02:00
i2c i2c: rcar: fix PM ref counts in probe error paths 2022-06-09 10:21:20 +02:00
i3c
ide
idle
iio iio: adc: sc27xx: Fine tune the scale calibration values 2022-06-14 18:32:32 +02:00
infiniband RDMA/rxe: Generate a completion for unsupported/invalid opcode 2022-06-09 10:21:31 +02:00
input Input: stmfts - do not leave device disabled in stmfts_input_open 2022-06-09 10:21:18 +02:00
interconnect
iommu iommu/msm: Fix an incorrect NULL check on list iterator 2022-06-09 10:21:26 +02:00
ipack
irqchip irqchip: irq-xtensa-mx: fix initial IRQ affinity 2022-06-09 10:21:26 +02:00
isdn isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() 2022-03-16 14:15:57 +01:00
leds
lightnvm lightnvm: disable the subsystem 2022-05-09 09:04:56 +02:00
macintosh macintosh: via-pmu and via-cuda need RTC_LIB 2022-06-09 10:21:18 +02:00
mailbox mailbox: forward the hrtimer if not queued and under a lock 2022-06-09 10:21:18 +02:00
mcb
md md: bcache: check the return value of kzalloc() in detached_dev_do_request() 2022-06-09 10:21:31 +02:00
media media: coda: Add more H264 levels for CODA960 2022-06-09 10:21:25 +02:00
memory memory: samsung: exynos5422-dmc: Avoid some over memory allocation 2022-06-09 10:21:12 +02:00
memstick
message
mfd mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() 2022-06-09 10:21:18 +02:00
misc misc: fastrpc: fix an incorrect NULL check on list iterator 2022-06-14 18:32:31 +02:00
mmc drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit 2022-06-09 10:20:52 +02:00
most
mtd ubi: ubi_create_volume: Fix use-after-free when volume creation failed 2022-06-14 18:32:35 +02:00
mux
net net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register 2022-06-14 18:32:35 +02:00
nfc NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx 2022-06-09 10:21:11 +02:00
ntb
nubus
nvdimm nvdimm: Allow overwrite in the presence of disabled dimms 2022-06-09 10:21:15 +02:00
nvme nvme: set dma alignment to dword 2022-06-09 10:21:09 +02:00
nvmem
of of: overlay: do not break notify on NOTIFY_{OK|STOP} 2022-06-09 10:21:03 +02:00
opp OPP: call of_node_put() on error path in _bandwidth_supported() 2022-06-09 10:21:18 +02:00
oprofile
parisc parisc: Fix CPU affinity for Lasi, WAX and Dino chips 2022-04-13 21:01:03 +02:00
parport
pci PCI: qcom: Fix unbalanced PHY init on probe errors 2022-06-09 10:21:23 +02:00
pcmcia pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards 2022-06-14 18:32:30 +02:00
perf arm_pmu: Validate single/group leader events 2022-04-27 13:53:55 +02:00
phy phy: qcom-qmp: fix pipe-clock imbalance on power-on failure 2022-06-14 18:32:32 +02:00
pinctrl pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() 2022-06-09 10:21:16 +02:00
platform MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon 2022-06-09 10:21:19 +02:00
pnp
power power: supply: axp288-charger: Set Vhold to 4.4V 2022-04-13 21:00:57 +02:00
powercap
pps
ps3
ptp ptp: replace snprintf with sysfs_emit 2022-04-13 21:00:55 +02:00
pwm pwm: lp3943: Fix duty calculation in case period was clamped 2022-06-14 18:32:31 +02:00
rapidio
ras
regulator regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt 2022-06-09 10:21:07 +02:00
remoteproc remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region 2022-04-08 14:40:26 +02:00
reset reset: tegra-bpmp: Restore Handle errors in BPMP response 2022-04-27 13:53:52 +02:00
rpmsg rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails 2022-06-14 18:32:32 +02:00
rtc rtc: mt6397: check return value after calling platform_get_resource() 2022-06-14 18:32:33 +02:00
s390 s390/lcs: fix variable dereferenced before check 2022-05-18 10:23:44 +02:00
sbus
scsi scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled 2022-06-09 10:21:24 +02:00
sfi
sh
siox
slimbus slimbus: qcom: Fix IRQ check in qcom_slim_probe 2022-05-18 10:23:47 +02:00
soc soc: rockchip: Fix refcount leak in rockchip_grf_init 2022-06-14 18:32:33 +02:00
soundwire soundwire: intel: fix wrong register name in intel_shim_wake 2022-04-08 14:40:24 +02:00
spi spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() 2022-06-09 10:21:06 +02:00
spmi
ssb
staging staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() 2022-06-14 18:32:31 +02:00
target target: remove an incorrect unmap zeroes data deduction 2022-06-09 10:21:01 +02:00
tc
tee
thermal thermal/core: Fix memory leak in the error path 2022-06-09 10:21:30 +02:00
thunderbolt
tty serial: stm32-usart: Correct CSIZE, bits, and parity 2022-06-14 18:32:34 +02:00
uio
usb usb: typec: mux: Check dev_set_name() return value 2022-06-14 18:32:32 +02:00
vdpa vdpasim: allow to enable a vq repeatedly 2022-06-09 10:21:29 +02:00
vfio amba: Make the remove callback return void 2022-04-08 14:40:02 +02:00
vhost Fix double fget() in vhost_net_set_backend() 2022-05-25 09:17:55 +02:00
video video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup 2022-06-09 10:21:20 +02:00
virt
virtio virtio: acknowledge all features before access 2022-03-16 14:16:02 +01:00
visorbus
vlynq
vme
w1 w1: w1_therm: fixes w1_seq for ds28ea00 sensors 2022-04-13 21:01:01 +02:00
watchdog watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe 2022-06-14 18:32:34 +02:00
xen xen/gnttab: fix gnttab_end_foreign_access() without page specified 2022-03-11 12:11:54 +01:00
zorro
Kconfig
Makefile