brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 23:36:23 +09:00
Code Issues Projects Releases Wiki Activity
80b9d3becd
linux-brain/drivers
History
Zheyu Ma 31ef30f8f8 mmc: via-sdmmc: add a check against NULL pointer dereference 
[ Upstream commit 45c8ddd06c4b729c56a6083ab311bfbd9643f4a6 ]

Before referencing 'host->data', the driver needs to check whether it is
null pointer, otherwise it will cause a null pointer reference.

This log reveals it:

[   29.355199] BUG: kernel NULL pointer dereference, address:
0000000000000014
[   29.357323] #PF: supervisor write access in kernel mode
[   29.357706] #PF: error_code(0x0002) - not-present page
[   29.358088] PGD 0 P4D 0
[   29.358280] Oops: 0002 [#1] PREEMPT SMP PTI
[   29.358595] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 5.12.4-
g70e7f0549188-dirty #102
[   29.359164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[   29.359978] RIP: 0010:via_sdc_isr+0x21f/0x410
[   29.360314] Code: ff ff e8 84 aa d0 fd 66 45 89 7e 28 66 41 f7 c4 00
10 75 56 e8 72 aa d0 fd 66 41 f7 c4 00 c0 74 10 e8 65 aa d0 fd 48 8b 43
18 <c7> 40 14 ac ff ff ff e8 55 aa d0 fd 48 89 df e8 ad fb ff ff e9 77
[   29.361661] RSP: 0018:ffffc90000118e98 EFLAGS: 00010046
[   29.362042] RAX: 0000000000000000 RBX: ffff888107d77880
RCX: 0000000000000000
[   29.362564] RDX: 0000000000000000 RSI: ffffffff835d20bb
RDI: 00000000ffffffff
[   29.363085] RBP: ffffc90000118ed8 R08: 0000000000000001
R09: 0000000000000001
[   29.363604] R10: 0000000000000000 R11: 0000000000000001
R12: 0000000000008600
[   29.364128] R13: ffff888107d779c8 R14: ffffc90009c00200
R15: 0000000000008000
[   29.364651] FS:  0000000000000000(0000) GS:ffff88817bc80000(0000)
knlGS:0000000000000000
[   29.365235] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   29.365655] CR2: 0000000000000014 CR3: 0000000005a2e000
CR4: 00000000000006e0
[   29.366170] DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
[   29.366683] DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400
[   29.367197] Call Trace:
[   29.367381]  <IRQ>
[   29.367537]  __handle_irq_event_percpu+0x53/0x3e0
[   29.367916]  handle_irq_event_percpu+0x35/0x90
[   29.368247]  handle_irq_event+0x39/0x60
[   29.368632]  handle_fasteoi_irq+0xc2/0x1d0
[   29.368950]  __common_interrupt+0x7f/0x150
[   29.369254]  common_interrupt+0xb4/0xd0
[   29.369547]  </IRQ>
[   29.369708]  asm_common_interrupt+0x1e/0x40
[   29.370016] RIP: 0010:native_safe_halt+0x17/0x20
[   29.370360] Code: 07 0f 00 2d db 80 43 00 f4 5d c3 0f 1f 84 00 00 00
00 00 8b 05 c2 37 e5 01 55 48 89 e5 85 c0 7e 07 0f 00 2d bb 80 43 00 fb
f4 <5d> c3 cc cc cc cc cc cc cc 55 48 89 e5 e8 67 53 ff ff 8b 0d f9 91
[   29.371696] RSP: 0018:ffffc9000008fe90 EFLAGS: 00000246
[   29.372079] RAX: 0000000000000000 RBX: 0000000000000002
RCX: 0000000000000000
[   29.372595] RDX: 0000000000000000 RSI: ffffffff854f67a4
RDI: ffffffff85403406
[   29.373122] RBP: ffffc9000008fe90 R08: 0000000000000001
R09: 0000000000000001
[   29.373646] R10: 0000000000000000 R11: 0000000000000001
R12: ffffffff86009188
[   29.374160] R13: 0000000000000000 R14: 0000000000000000
R15: ffff888100258000
[   29.374690]  default_idle+0x9/0x10
[   29.374944]  arch_cpu_idle+0xa/0x10
[   29.375198]  default_idle_call+0x6e/0x250
[   29.375491]  do_idle+0x1f0/0x2d0
[   29.375740]  cpu_startup_entry+0x18/0x20
[   29.376034]  start_secondary+0x11f/0x160
[   29.376328]  secondary_startup_64_no_verify+0xb0/0xbb
[   29.376705] Modules linked in:
[   29.376939] Dumping ftrace buffer:
[   29.377187]    (ftrace buffer empty)
[   29.377460] CR2: 0000000000000014
[   29.377712] ---[ end trace 51a473dffb618c47 ]---
[   29.378056] RIP: 0010:via_sdc_isr+0x21f/0x410
[   29.378380] Code: ff ff e8 84 aa d0 fd 66 45 89 7e 28 66 41 f7 c4 00
10 75 56 e8 72 aa d0 fd 66 41 f7 c4 00 c0 74 10 e8 65 aa d0 fd 48 8b 43
18 <c7> 40 14 ac ff ff ff e8 55 aa d0 fd 48 89 df e8 ad fb ff ff e9 77
[   29.379714] RSP: 0018:ffffc90000118e98 EFLAGS: 00010046
[   29.380098] RAX: 0000000000000000 RBX: ffff888107d77880
RCX: 0000000000000000
[   29.380614] RDX: 0000000000000000 RSI: ffffffff835d20bb
RDI: 00000000ffffffff
[   29.381134] RBP: ffffc90000118ed8 R08: 0000000000000001
R09: 0000000000000001
[   29.381653] R10: 0000000000000000 R11: 0000000000000001
R12: 0000000000008600
[   29.382176] R13: ffff888107d779c8 R14: ffffc90009c00200
R15: 0000000000008000
[   29.382697] FS:  0000000000000000(0000) GS:ffff88817bc80000(0000)
knlGS:0000000000000000
[   29.383277] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   29.383697] CR2: 0000000000000014 CR3: 0000000005a2e000
CR4: 00000000000006e0
[   29.384223] DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
[   29.384736] DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400
[   29.385260] Kernel panic - not syncing: Fatal exception in interrupt
[   29.385882] Dumping ftrace buffer:
[   29.386135]    (ftrace buffer empty)
[   29.386401] Kernel Offset: disabled
[   29.386656] Rebooting in 1 seconds..

Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Link: https://lore.kernel.org/r/1622727200-15808-1-git-send-email-zheyuma97@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-07-14 16:53:13 +02:00
..
accessibility
acpi ACPICA: Clean up context mutex during object deletion 2021-06-10 13:37:04 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 10:26:32 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:51:35 +01:00
ata ata: libahci_platform: fix IRQ check 2021-05-14 09:44:24 +02:00
atm atm: idt77252: fix null-ptr-dereference 2021-03-30 14:35:21 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 10:26:30 +01:00
base PM: runtime: Fix unpaired parent child_count for force_resume 2021-05-19 10:08:20 +02:00
bcma
block nbd: Fix NULL pointer in flush_workqueue 2021-05-19 10:08:30 +02:00
bluetooth Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl 2021-03-07 12:20:44 +01:00
bus bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act 2021-06-10 13:37:08 +02:00
cdrom cdrom: gdrom: initialize global variable at init time 2021-05-26 12:05:19 +02:00
char hwrng: exynos - Fix runtime PM imbalance on error 2021-07-14 16:53:11 +02:00
clk clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 2021-06-23 14:41:31 +02:00
clocksource clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined 2021-03-04 10:26:29 +01:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-04-14 08:24:09 +02:00
cpufreq cpufreq: armada-37xx: Fix determining base CPU frequency 2021-05-14 09:44:21 +02:00
cpuidle
crypto crypto: qat - remove unused macro in FW loader 2021-07-14 16:53:12 +02:00
dax device-dax/core: Fix memory leak when rmmod dax.ko 2020-12-30 11:51:46 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:44:20 +02:00
dio
dma dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma 2021-06-30 08:47:46 -04:00
dma-buf dmabuf: fix use-after-free of dmabuf's file->f_inode 2021-01-12 20:16:23 +01:00
edac EDAC/amd64: Fix PCI component registration 2020-12-30 11:51:36 +01:00
eisa
extcon extcon: arizona: Fix various races on driver unbind 2021-05-11 14:04:09 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 14:47:43 +02:00
firmware efi: cper: fix snprintf() use in cper_dimm_err_location() 2021-06-10 13:37:03 +02:00
fpga
fsi
gnss
gpio gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP 2021-07-07 08:22:58 -04:00
gpu drm/nouveau: fix dma_address check for CPU/GPU sync 2021-07-07 08:22:58 -04:00
greybus
hid HID: gt683r: add missing MODULE_DEVICE_TABLE 2021-06-18 09:58:58 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:44:25 +02:00
hv Drivers: hv: vmbus: Increase wait time for VMbus unload 2021-05-14 09:44:22 +02:00
hwmon hwmon: (scpi-hwmon) shows the negative temperature properly 2021-06-23 14:41:27 +02:00
hwspinlock
hwtracing intel_th: pci: Add Alder Lake-M support 2021-05-11 14:04:15 +02:00
i2c i2c: robotfuzz-osif: fix control-request directions 2021-06-30 08:47:50 -04:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:44:15 +02:00
ide scsi: ide: Do not set the RQF_PREEMPT flag for sense requests 2021-01-12 20:16:09 +01:00
idle
iio iio: ltr501: ltr501_read_ps(): add missing endianness conversion 2021-07-14 16:53:06 +02:00
infiniband RDMA/mlx5: Block FDB rules when not in switchdev mode 2021-07-07 08:22:58 -04:00
input Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl 2021-07-14 16:53:02 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:46:37 +02:00
iommu iommu/vt-d: Fix sysfs leak in alloc_iommu() 2021-06-03 08:59:00 +02:00
ipack
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:44:20 +02:00
isdn isdn: mISDN: netjet: Fix crash in nj_probe: 2021-06-16 11:59:34 +02:00
leds leds: lp5523: check return value of lp5xx_read and jump to cleanup code 2021-05-26 12:05:20 +02:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:47:53 +01:00
macintosh
mailbox mailbox: avoid timer start from callback 2020-10-29 09:57:53 +01:00
mcb
md dm verity: fix require_signatures module_param permissions 2021-06-16 11:59:37 +02:00
media media: dvd_usb: memory leak in cinergyt2_fe_attach 2021-07-14 16:53:13 +02:00
memory memory: pl353: fix mask of ECC page_size config register 2021-05-14 09:44:19 +02:00
memstick memstick: rtsx_usb_ms: fix UAF 2021-07-14 16:53:13 +02:00
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-11-05 11:43:25 +01:00
mfd mfd: stm32-timers: Avoid clearing auto reload register 2021-05-14 09:44:25 +02:00
misc platform/x86: hp_accel: Avoid invoking _INI to speed up resume 2021-06-03 08:59:08 +02:00
mmc mmc: via-sdmmc: add a check against NULL pointer dereference 2021-07-14 16:53:13 +02:00
mtd mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init 2021-05-14 09:44:20 +02:00
mux
net rsi: fix AP mode with WPA failure due to encrypted EAPOL 2021-07-14 16:53:07 +02:00
nfc nfc: pn533: prevent potential memory corruption 2021-05-14 09:44:27 +02:00
ntb NTB: hw: amd: fix an issue about leak system resources 2020-10-29 09:58:00 +01:00
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 12:56:16 +02:00
nvme nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() 2021-06-18 09:58:59 +02:00
nvmem nvmem: core: skip child nodes not matching binding 2021-03-04 10:26:37 +01:00
of Revert "fdt: Properly handle "no-map" field in the memory region" 2021-05-14 09:44:33 +02:00
opp opp: Reduce the size of critical section in _opp_table_kref_release() 2020-11-18 19:20:21 +01:00
oprofile
parisc
parport
pci Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" 2021-06-30 08:47:45 -04:00
pcmcia
perf perf/smmuv3: Don't trample existing events with global filter 2021-07-14 16:53:05 +02:00
phy phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally 2021-05-14 09:44:19 +02:00
pinctrl pinctrl: stm32: fix the reported number of GPIO lines per bank 2021-06-30 08:47:50 -04:00
platform platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet 2021-06-03 08:59:12 +02:00
pnp
power power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() 2021-05-11 14:04:11 +02:00
powercap powercap: restrict energy meter to root access 2020-11-10 21:13:20 +01:00
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:51:26 +01:00
ptp ptp: improve max_adj check against unreasonable values 2021-06-23 14:41:26 +02:00
pwm pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() 2021-03-04 10:26:36 +01:00
rapidio rapidio: handle create_workqueue() failure 2021-05-26 12:05:17 +02:00
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:24:18 +02:00
regulator regulator: uniphier: Add missing MODULE_DEVICE_TABLE 2021-07-14 16:53:10 +02:00
remoteproc remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() 2020-12-30 11:51:24 +01:00
reset
rpmsg rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() 2021-05-19 10:08:25 +02:00
rtc rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path 2021-07-14 16:53:05 +02:00
s390 s390/cio: dont call css_wait_for_slow_path() inside a lock 2021-07-14 16:53:05 +02:00
sbus
scsi scsi: sr: Return appropriate error code when disk is ejected 2021-07-07 08:22:58 -04:00
sfi
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI 2020-12-30 11:51:13 +01:00
soc soc: aspeed: fix a ternary sign expansion bug 2021-05-14 09:44:23 +02:00
soundwire soundwire: stream: fix memory leak in stream config error path 2021-05-14 09:44:19 +02:00
spi spi: omap-100k: Fix the length judgment problem 2021-07-14 16:53:10 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 10:26:49 +01:00
ssb ssb: sdio: Don't overwrite const buffer if block_write fails 2021-07-14 16:53:07 +02:00
staging media: imx: imx7_mipi_csis: Fix logging of only error event counters 2021-07-14 16:53:11 +02:00
target scsi: target: core: Fix warning on realtime kernels 2021-06-18 09:58:59 +02:00
tc
tee tee: optee: do not check memref size on return from Secure World 2021-05-11 14:04:06 +02:00
thermal thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID 2021-06-03 08:59:05 +02:00
thunderbolt thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 2021-06-03 08:59:03 +02:00
tty serial_cs: remove wrong GLOBETROTTER.cis entry 2021-07-14 16:53:07 +02:00
uio uio_hv_generic: Fix a memory leak in error handling paths 2021-05-26 12:05:17 +02:00
usb xhci: solve a double free problem while doing s4 2021-07-14 16:53:01 +02:00
vfio vfio/platform: fix module_put call in error flow 2021-06-10 13:37:03 +02:00
vhost vhost: Fix vhost_vq_reset() 2021-04-07 14:47:39 +02:00
video video: hgafb: correctly handle card detect failure during probe 2021-05-26 12:05:21 +02:00
virt virt: vbox: Do not use wait_event_interruptible when called from kernel context 2021-03-04 10:26:10 +01:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:51:29 +01:00
visorbus
vlynq
vme
w1 w1: mxc_w1: Fix timeout resolution problem leading to bus error 2020-11-05 11:43:25 +01:00
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 10:26:47 +01:00
xen xen/events: reset active flag for lateeoi events later 2021-07-11 12:52:08 +02:00
zorro
Kconfig
Makefile