brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/drivers
History
Zou Wei 3ecd228c63 mISDN: fix possible use-after-free in HFC_cleanup() 
[ Upstream commit 009fc857c5f6fda81f2f7dd851b2d54193a8e733 ]

This module's remove path calls del_timer(). However, that function
does not wait until the timer handler finishes. This means that the
timer handler may still be running after the driver's remove function
has finished, which would result in a use-after-free.

Fix by calling del_timer_sync(), which makes sure the timer handler
has finished, and unable to re-schedule itself.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zou Wei <zou_wei@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2021-07-19 08:53:08 +02:00
..
accessibility
acpi ACPI: bgrt: Fix CFI violation 2021-07-14 16:53:25 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 10:26:32 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:51:35 +01:00
ata pata_ep93xx: fix deferred probing 2021-07-14 16:53:21 +02:00
atm atm: iphase: fix possible use-after-free in ia_module_exit() 2021-07-19 08:53:08 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 10:26:30 +01:00
base PM: runtime: Fix unpaired parent child_count for force_resume 2021-05-19 10:08:20 +02:00
bcma
block nbd: Fix NULL pointer in flush_workqueue 2021-05-19 10:08:30 +02:00
bluetooth Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl 2021-03-07 12:20:44 +01:00
bus bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act 2021-06-10 13:37:08 +02:00
cdrom cdrom: gdrom: initialize global variable at init time 2021-05-26 12:05:19 +02:00
char char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() 2021-07-14 16:53:40 +02:00
clk clk: si5341: Update initialization magic 2021-07-14 16:53:35 +02:00
clocksource clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined 2021-03-04 10:26:29 +01:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-04-14 08:24:09 +02:00
cpufreq cpufreq: Make cpufreq_online() call driver->offline() on errors 2021-07-14 16:53:25 +02:00
cpuidle
crypto crypto: nx - Fix RCU warning in nx842_OF_upd_status 2021-07-14 16:53:24 +02:00
dax device-dax/core: Fix memory leak when rmmod dax.ko 2020-12-30 11:51:46 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:44:20 +02:00
dio
dma dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma 2021-06-30 08:47:46 -04:00
dma-buf dmabuf: fix use-after-free of dmabuf's file->f_inode 2021-01-12 20:16:23 +01:00
edac EDAC/Intel: Do not load EDAC driver when running as a guest 2021-07-14 16:53:18 +02:00
eisa
extcon extcon: max8997: Add missing modalias string 2021-07-14 16:53:46 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 14:47:43 +02:00
firmware firmware: stratix10-svc: Fix a resource leak in an error handling path 2021-07-14 16:53:40 +02:00
fpga
fsi fsi/sbefifo: Fix reset timeout 2021-07-14 16:53:42 +02:00
gnss
gpio gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP 2021-07-07 08:22:58 -04:00
gpu drm/amd/display: fix use_max_lb flag for 420 pixel formats 2021-07-19 08:53:08 +02:00
greybus
hid HID: wacom: Correct base usage for capacitive ExpressKey status bits 2021-07-14 16:53:19 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:44:25 +02:00
hv hv_utils: Fix passing zero to 'PTR_ERR' warning 2021-07-14 16:53:16 +02:00
hwmon hwmon: (max31790) Fix fan speed reporting for fan7..12 2021-07-14 16:53:23 +02:00
hwspinlock
hwtracing intel_th: pci: Add Alder Lake-M support 2021-05-11 14:04:15 +02:00
i2c i2c: robotfuzz-osif: fix control-request directions 2021-06-30 08:47:50 -04:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:44:15 +02:00
ide scsi: ide: Do not set the RQF_PREEMPT flag for sense requests 2021-01-12 20:16:09 +01:00
idle
iio iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() 2021-07-14 16:53:45 +02:00
infiniband RDMA/mlx5: Don't access NULL-cleared mpi pointer 2021-07-14 16:53:35 +02:00
input Input: hil_kbd - fix error return code in hil_dev_connect() 2021-07-14 16:53:40 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:46:37 +02:00
iommu iommu/dma: Fix compile warning in 32-bit builds 2021-07-14 16:53:48 +02:00
ipack
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:44:20 +02:00
isdn mISDN: fix possible use-after-free in HFC_cleanup() 2021-07-19 08:53:08 +02:00
leds leds: ktd2692: Fix an error handling path 2021-07-14 16:53:47 +02:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:47:53 +01:00
macintosh
mailbox
mcb
md dm verity: fix require_signatures module_param permissions 2021-06-16 11:59:37 +02:00
media media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx 2021-07-14 16:53:23 +02:00
memory memory: pl353: fix mask of ECC page_size config register 2021-05-14 09:44:19 +02:00
memstick memstick: rtsx_usb_ms: fix UAF 2021-07-14 16:53:13 +02:00
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-11-05 11:43:25 +01:00
mfd mfd: stm32-timers: Avoid clearing auto reload register 2021-05-14 09:44:25 +02:00
misc eeprom: idt_89hpesx: Restore printing the unsupported fwnode name 2021-07-14 16:53:43 +02:00
mmc mmc: vub3000: fix control-request direction 2021-07-14 16:53:48 +02:00
mtd mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() 2021-07-14 16:53:45 +02:00
mux
net net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() 2021-07-19 08:53:07 +02:00
nfc nfc: pn533: prevent potential memory corruption 2021-05-14 09:44:27 +02:00
ntb
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 12:56:16 +02:00
nvme nvmet-fc: do not check for invalid target port in nvmet_fc_handle_fcp_rqst() 2021-07-14 16:53:18 +02:00
nvmem nvmem: core: skip child nodes not matching binding 2021-03-04 10:26:37 +01:00
of of: Fix truncation of memory sizes on 32-bit platforms 2021-07-14 16:53:45 +02:00
opp opp: Reduce the size of critical section in _opp_table_kref_release() 2020-11-18 19:20:21 +01:00
oprofile
parisc
parport
pci PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() 2021-07-14 16:53:18 +02:00
pcmcia
perf drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe() 2021-07-14 16:53:14 +02:00
phy phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe() 2021-07-14 16:53:46 +02:00
pinctrl pinctrl: renesas: r8a77990: JTAG pins do not have pull-down capabilities 2021-07-14 16:53:26 +02:00
platform platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() 2021-07-14 16:53:18 +02:00
pnp
power power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() 2021-05-11 14:04:11 +02:00
powercap powercap: restrict energy meter to root access 2020-11-10 21:13:20 +01:00
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:51:26 +01:00
ptp ptp: improve max_adj check against unreasonable values 2021-06-23 14:41:26 +02:00
pwm pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() 2021-03-04 10:26:36 +01:00
rapidio rapidio: handle create_workqueue() failure 2021-05-26 12:05:17 +02:00
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:24:18 +02:00
regulator regulator: hi655x: Fix pass wrong pointer to config.driver_data 2021-07-14 16:53:23 +02:00
remoteproc remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() 2020-12-30 11:51:24 +01:00
reset
rpmsg rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() 2021-05-19 10:08:25 +02:00
rtc rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path 2021-07-14 16:53:05 +02:00
s390 s390/cio: dont call css_wait_for_slow_path() inside a lock 2021-07-14 16:53:05 +02:00
sbus
scsi scsi: core: Retry I/O for Notify (Enable Spinup) Required error 2021-07-14 16:53:48 +02:00
sfi
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI 2020-12-30 11:51:13 +01:00
soc soc: aspeed: fix a ternary sign expansion bug 2021-05-14 09:44:23 +02:00
soundwire soundwire: stream: Fix test for DP prepare complete 2021-07-14 16:53:45 +02:00
spi spi: spi-sun6i: Fix chipselect/clock bug 2021-07-14 16:53:24 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 10:26:49 +01:00
ssb ssb: Fix error return code in ssb_bus_scan() 2021-07-14 16:53:29 +02:00
staging staging: mt7621-dts: fix pci address for PCI memory range 2021-07-14 16:53:44 +02:00
target scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd() 2021-07-14 16:53:48 +02:00
tc
tee tee: optee: do not check memref size on return from Secure World 2021-05-11 14:04:06 +02:00
thermal thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID 2021-06-03 08:59:05 +02:00
thunderbolt thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 2021-06-03 08:59:03 +02:00
tty serial: mvebu-uart: correctly calculate minimal possible baudrate 2021-07-14 16:53:47 +02:00
uio uio_hv_generic: Fix a memory leak in error handling paths 2021-05-26 12:05:17 +02:00
usb usb: dwc2: Don't reset the core after setting turnaround time 2021-07-14 16:53:42 +02:00
vfio vfio/pci: Handle concurrent vma faults 2021-07-14 16:53:47 +02:00
vhost vhost: Fix vhost_vq_reset() 2021-04-07 14:47:39 +02:00
video backlight: lm3630a_bl: Put fwnode in error case during ->probe() 2021-07-14 16:53:40 +02:00
virt virt: vbox: Do not use wait_event_interruptible when called from kernel context 2021-03-04 10:26:10 +01:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:51:29 +01:00
visorbus visorbus: fix error return code in visorchipset_init() 2021-07-14 16:53:42 +02:00
vlynq
vme
w1 w1: mxc_w1: Fix timeout resolution problem leading to bus error 2020-11-05 11:43:25 +01:00
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 10:26:47 +01:00
xen xen/events: reset active flag for lateeoi events later 2021-07-11 12:52:08 +02:00
zorro
Kconfig
Makefile