brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/drivers
History
Johan Hovold f3cae04bd4 media: rtl28xxu: fix zero-length control request 
commit 76f22c93b209c811bd489950f17f8839adb31901 upstream.

The direction of the pipe argument must match the request-type direction
bit or control requests may fail depending on the host-controller-driver
implementation.

Control transfers without a data stage are treated as OUT requests by
the USB stack and should be using usb_sndctrlpipe(). Failing to do so
will now trigger a warning.

The driver uses a zero-length i2c-read request for type detection so
update the control-request code to use usb_sndctrlpipe() in this case.

Note that actually trying to read the i2c register in question does not
work as the register might not exist (e.g. depending on the demodulator)
as reported by Eero Lehtinen <debiangamer2@gmail.com>.

Reported-by: syzbot+faf11bbadc5a372564da@syzkaller.appspotmail.com
Reported-by: Eero Lehtinen <debiangamer2@gmail.com>
Tested-by: Eero Lehtinen <debiangamer2@gmail.com>
Fixes: d0f232e823 ("[media] rtl28xxu: add heuristic to detect chip type")
Cc: stable@vger.kernel.org      # 4.0
Cc: Antti Palosaari <crope@iki.fi>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-08-12 13:21:01 +02:00
..
accessibility
acpi Revert "ACPICA: Fix memory leak caused by _CID repair function" 2021-08-12 13:20:54 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 10:26:32 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:51:35 +01:00
ata ata: ahci_sunxi: Disable DIPM 2021-07-19 08:53:15 +02:00
atm atm: nicstar: register the interrupt handler in the right place 2021-07-19 08:53:12 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 10:26:30 +01:00
base firmware_loader: fix use-after-free in firmware_fallback_sysfs 2021-08-12 13:20:59 +02:00
bcma
block rbd: always kick acquire on "acquired" and "released" notifications 2021-07-28 13:31:01 +02:00
bluetooth Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. 2021-07-19 08:53:13 +02:00
bus bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act 2021-06-10 13:37:08 +02:00
cdrom cdrom: gdrom: initialize global variable at init time 2021-05-26 12:05:19 +02:00
char tpm_ftpm_tee: Free and unregister TEE shared memory during kexec 2021-08-12 13:21:01 +02:00
clk clk: fix leak on devm_clk_bulk_get_all() unwind 2021-08-12 13:21:00 +02:00
clocksource clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround 2021-07-19 08:53:15 +02:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-04-14 08:24:09 +02:00
cpufreq cpufreq: Make cpufreq_online() call driver->offline() on errors 2021-07-14 16:53:25 +02:00
cpuidle
crypto crypto: ccp - Annotate SEV Firmware file names 2021-07-19 08:53:14 +02:00
dax device-dax/core: Fix memory leak when rmmod dax.ko 2020-12-30 11:51:46 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:44:20 +02:00
dio
dma dmaengine: imx-dma: configure the generic DMA type to make it work 2021-08-12 13:20:56 +02:00
dma-buf dma-buf/sync_file: Don't leak fences on merge failure 2021-07-25 14:35:15 +02:00
edac EDAC/Intel: Do not load EDAC driver when running as a guest 2021-07-14 16:53:18 +02:00
eisa
extcon extcon: intel-mrfld: Sync hardware and software state on init 2021-07-19 08:53:16 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 14:47:43 +02:00
firmware firmware: arm_scmi: Add delayed response status check 2021-08-08 09:04:08 +02:00
fpga fpga: stratix10-soc: Add missing fpga_mgr_free() call 2021-07-19 08:53:15 +02:00
fsi fsi/sbefifo: Fix reset timeout 2021-07-14 16:53:42 +02:00
gnss
gpio gpio: tqmx86: really make IRQ optional 2021-08-12 13:20:57 +02:00
gpu drm: Return -ENOTTY for non-drm ioctls 2021-07-28 13:31:01 +02:00
greybus
hid HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT 2021-08-04 12:27:38 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:44:25 +02:00
hv hv_utils: Fix passing zero to 'PTR_ERR' warning 2021-07-14 16:53:16 +02:00
hwmon hwmon: (max31790) Fix fan speed reporting for fan7..12 2021-07-14 16:53:23 +02:00
hwspinlock
hwtracing intel_th: Wait until port is in reset before programming it 2021-07-20 16:10:46 +02:00
i2c i2c: core: Disable client irq on reboot/shutdown 2021-07-20 16:10:46 +02:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:44:15 +02:00
ide scsi: ide: Do not set the RQF_PREEMPT flag for sense requests 2021-01-12 20:16:09 +01:00
idle
iio iio: accel: bma180: Fix BMA25x bandwidth register values 2021-07-28 13:31:02 +02:00
infiniband RDMA/cma: Fix rdma_resolve_route() memory leak 2021-07-19 08:53:13 +02:00
input Input: hideep - fix the uninitialized use in hideep_nvm_unlock() 2021-07-20 16:10:45 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:46:37 +02:00
iommu iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation 2021-07-20 16:10:44 +02:00
ipack ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe 2021-07-19 08:53:17 +02:00
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:44:20 +02:00
isdn mISDN: fix possible use-after-free in HFC_cleanup() 2021-07-19 08:53:08 +02:00
leds leds: ktd2692: Fix an error handling path 2021-07-14 16:53:47 +02:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:47:53 +01:00
macintosh
mailbox
mcb
md dm writecache: return the exact table values that were set 2021-07-25 14:35:14 +02:00
media media: rtl28xxu: fix zero-length control request 2021-08-12 13:21:01 +02:00
memory memory: fsl_ifc: fix leak of private memory on probe failure 2021-07-20 16:10:52 +02:00
memstick memstick: rtsx_usb_ms: fix UAF 2021-07-14 16:53:13 +02:00
message
mfd mfd: cpcap: Fix cpcap dmamask not set warnings 2021-07-20 16:10:43 +02:00
misc misc: alcor_pci: fix inverted branch condition 2021-07-20 16:10:53 +02:00
mmc mmc: core: Allow UHS-I voltage switch for SDSC cards if supported 2021-07-19 08:53:15 +02:00
mtd mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() 2021-07-14 16:53:45 +02:00
mux
net net: vxge: fix use-after-free in vxge_device_unregister 2021-08-12 13:20:58 +02:00
nfc nfc: nfcsim: fix use after free during module unload 2021-08-04 12:27:38 +02:00
ntb
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 12:56:16 +02:00
nvme nvme: fix nvme_setup_command metadata trace event 2021-08-08 09:04:08 +02:00
nvmem nvmem: core: add a missing of_node_put 2021-07-19 08:53:16 +02:00
of of: Fix truncation of memory sizes on 32-bit platforms 2021-07-14 16:53:45 +02:00
opp opp: Reduce the size of critical section in _opp_table_kref_release() 2020-11-18 19:20:21 +01:00
oprofile
parisc
parport
pci PCI: mvebu: Setup BAR0 in order to fix MSI 2021-08-04 12:27:40 +02:00
pcmcia
perf drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe() 2021-07-14 16:53:14 +02:00
phy phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe() 2021-07-14 16:53:46 +02:00
pinctrl pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() 2021-07-19 08:53:18 +02:00
platform platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() 2021-07-14 16:53:18 +02:00
pnp
power power: supply: rt5033_battery: Fix device tree enumeration 2021-07-20 16:10:49 +02:00
powercap powercap: restrict energy meter to root access 2020-11-10 21:13:20 +01:00
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:51:26 +01:00
ptp ptp: improve max_adj check against unreasonable values 2021-06-23 14:41:26 +02:00
pwm pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped 2021-07-28 13:30:53 +02:00
rapidio rapidio: handle create_workqueue() failure 2021-05-26 12:05:17 +02:00
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:24:18 +02:00
regulator regulator: hi6421: Fix getting wrong drvdata 2021-07-28 13:30:55 +02:00
remoteproc remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() 2020-12-30 11:51:24 +01:00
reset reset: ti-syscon: fix to_ti_syscon_reset_data macro 2021-07-25 14:35:10 +02:00
rpmsg rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() 2021-05-19 10:08:25 +02:00
rtc rtc: max77686: Do not enforce (incorrect) interrupt trigger type 2021-07-25 14:35:12 +02:00
s390 s390/sclp_vt220: fix console name to match device 2021-07-20 16:10:43 +02:00
sbus
scsi scsi: sr: Return correct event when media event code is 3 2021-08-12 13:20:56 +02:00
sfi
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI 2020-12-30 11:51:13 +01:00
soc soc/tegra: fuse: Fix Tegra234-only builds 2021-07-25 14:35:12 +02:00
soundwire soundwire: stream: Fix test for DP prepare complete 2021-07-14 16:53:45 +02:00
spi spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation 2021-08-12 13:20:56 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 10:26:49 +01:00
ssb ssb: Fix error return code in ssb_bus_scan() 2021-07-14 16:53:29 +02:00
staging staging: rtl8712: get rid of flush_scheduled_work 2021-08-12 13:21:01 +02:00
target scsi: target: Fix protect handling in WRITE SAME(32) 2021-07-28 13:30:56 +02:00
tc
tee optee: Fix memory leak when failing to register shm pages 2021-08-12 13:21:01 +02:00
thermal thermal/core: Correct function name thermal_zone_device_unregister() 2021-07-25 14:35:12 +02:00
thunderbolt thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 2021-06-03 08:59:03 +02:00
tty serial: tty: uartlite: fix console setup 2021-07-20 16:10:43 +02:00
uio uio_hv_generic: Fix a memory leak in error handling paths 2021-05-26 12:05:17 +02:00
usb usb: otg-fsm: Fix hrtimer list corruption 2021-08-12 13:21:00 +02:00
vfio vfio/pci: Handle concurrent vma faults 2021-07-14 16:53:47 +02:00
vhost vhost: Fix vhost_vq_reset() 2021-04-07 14:47:39 +02:00
video backlight: lm3630a: Fix return code of .update_status() callback 2021-07-20 16:10:45 +02:00
virt virt: vbox: Do not use wait_event_interruptible when called from kernel context 2021-03-04 10:26:10 +01:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:51:29 +01:00
visorbus visorbus: fix error return code in visorchipset_init() 2021-07-14 16:53:42 +02:00
vlynq
vme
w1 w1: ds2438: fixing bug that would always get page0 2021-07-20 16:10:41 +02:00
watchdog Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" 2021-08-08 09:04:08 +02:00
xen xen/events: reset active flag for lateeoi events later 2021-07-11 12:52:08 +02:00
zorro
Kconfig
Makefile