brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/drivers
History
Mathias Nyman eb78fa5a38 thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 
commit b106776080a1cf953a1b2fd50cb2a995db4732be upstream.

Up to 64 bytes of data can be read from NVM in one go. Read address
must be dword aligned. Data is read into a local buffer.

If caller asks to read data starting at an unaligned address then full
dword is anyway read from NVM into a local buffer. Data is then copied
from the local buffer starting at the unaligned offset to the caller
buffer.

In cases where asked data length + unaligned offset is over 64 bytes
we need to make sure we don't read past the 64 bytes in the local
buffer when copying to caller buffer, and make sure that we don't
skip copying unaligned offset bytes from local buffer anymore after
the first round of 64 byte NVM data read.

Fixes: 3e13676862 ("thunderbolt: Add support for DMA configuration based mailbox")
Cc: stable@vger.kernel.org
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-06-03 08:59:03 +02:00
..
accessibility
acpi ACPI: scan: Fix a memory leak in an error handling path 2021-05-19 10:08:30 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 10:26:32 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:51:35 +01:00
ata ata: libahci_platform: fix IRQ check 2021-05-14 09:44:24 +02:00
atm atm: idt77252: fix null-ptr-dereference 2021-03-30 14:35:21 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 10:26:30 +01:00
base PM: runtime: Fix unpaired parent child_count for force_resume 2021-05-19 10:08:20 +02:00
bcma
block nbd: Fix NULL pointer in flush_workqueue 2021-05-19 10:08:30 +02:00
bluetooth Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl 2021-03-07 12:20:44 +01:00
bus bus: qcom: Put child node before return 2021-05-14 09:44:19 +02:00
cdrom cdrom: gdrom: initialize global variable at init time 2021-05-26 12:05:19 +02:00
char tpm, tpm_tis: Reserve locality in tpm_tis_resume() 2021-05-19 10:08:20 +02:00
clk clk: exynos7: Mark aclk_fsys1_200 as critical 2021-05-19 10:08:33 +02:00
clocksource clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined 2021-03-04 10:26:29 +01:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-04-14 08:24:09 +02:00
cpufreq cpufreq: armada-37xx: Fix determining base CPU frequency 2021-05-14 09:44:21 +02:00
cpuidle cpuidle: Fixup IRQ state 2020-09-09 19:12:21 +02:00
crypto crypto: qat - Fix a double free in adf_create_ring 2021-05-14 09:44:20 +02:00
dax device-dax/core: Fix memory leak when rmmod dax.ko 2020-12-30 11:51:46 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:44:20 +02:00
dio
dma dmaengine: dw-edma: Fix crash on loading/unloading driver 2021-05-22 11:38:28 +02:00
dma-buf dmabuf: fix use-after-free of dmabuf's file->f_inode 2021-01-12 20:16:23 +01:00
edac EDAC/amd64: Fix PCI component registration 2020-12-30 11:51:36 +01:00
eisa
extcon extcon: arizona: Fix various races on driver unbind 2021-05-11 14:04:09 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 14:47:43 +02:00
firmware firmware: arm_scpi: Prevent the ternary sign expansion bug 2021-05-26 12:05:14 +02:00
fpga
fsi
gnss
gpio gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 2021-05-22 11:38:29 +02:00
gpu drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate 2021-06-03 08:59:03 +02:00
greybus
hid HID: plantronics: Workaround for double volume key presses 2021-05-14 09:44:26 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:44:25 +02:00
hv Drivers: hv: vmbus: Increase wait time for VMbus unload 2021-05-14 09:44:22 +02:00
hwmon Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" 2021-05-26 12:05:18 +02:00
hwspinlock
hwtracing intel_th: pci: Add Alder Lake-M support 2021-05-11 14:04:15 +02:00
i2c i2c: bail out early when RDWR parameters are wrong 2021-05-19 10:08:21 +02:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:44:15 +02:00
ide scsi: ide: Do not set the RQF_PREEMPT flag for sense requests 2021-01-12 20:16:09 +01:00
idle
iio iio: tsl2583: Fix division by a zero lux_val 2021-05-19 10:08:31 +02:00
infiniband RDMA/uverbs: Fix a NULL vs IS_ERR() bug 2021-05-26 12:05:15 +02:00
input Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state 2021-05-22 11:38:28 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:46:37 +02:00
iommu iommu/vt-d: Fix sysfs leak in alloc_iommu() 2021-06-03 08:59:00 +02:00
ipack
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:44:20 +02:00
isdn isdn: capi: fix mismatched prototypes 2021-05-22 11:38:27 +02:00
leds leds: lp5523: check return value of lp5xx_read and jump to cleanup code 2021-05-26 12:05:20 +02:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:47:53 +01:00
macintosh
mailbox mailbox: avoid timer start from callback 2020-10-29 09:57:53 +01:00
mcb
md dm snapshot: properly fix a crash when an origin has no snapshots 2021-06-03 08:59:02 +02:00
media Revert "media: rcar_drif: fix a memory disclosure" 2021-05-26 12:05:19 +02:00
memory memory: pl353: fix mask of ECC page_size config register 2021-05-14 09:44:19 +02:00
memstick memstick: r592: Fix error return in r592_probe() 2020-12-30 11:51:18 +01:00
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-11-05 11:43:25 +01:00
mfd mfd: stm32-timers: Avoid clearing auto reload register 2021-05-14 09:44:25 +02:00
misc kgdb: fix gcc-11 warnings harder 2021-06-03 08:59:03 +02:00
mmc mmc: sdhci-pci-gli: increase 1.8V regulator wait 2021-05-26 12:05:18 +02:00
mtd mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init 2021-05-14 09:44:20 +02:00
mux
net ath10k: Validate first subframe of A-MSDU before processing the list 2021-06-03 08:59:02 +02:00
nfc nfc: pn533: prevent potential memory corruption 2021-05-14 09:44:27 +02:00
ntb NTB: hw: amd: fix an issue about leak system resources 2020-10-29 09:58:00 +01:00
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 12:56:16 +02:00
nvme nvmet: use new ana_log_size instead the old one 2021-05-26 12:05:21 +02:00
nvmem nvmem: core: skip child nodes not matching binding 2021-03-04 10:26:37 +01:00
of Revert "fdt: Properly handle "no-map" field in the memory region" 2021-05-14 09:44:33 +02:00
opp opp: Reduce the size of critical section in _opp_table_kref_release() 2020-11-18 19:20:21 +01:00
oprofile
parisc
parport
pci ACPI / hotplug / PCI: Fix reference count leak in enable_slot() 2021-05-22 11:38:28 +02:00
pcmcia
perf perf/arm_pmu_platform: Fix error handling 2021-05-11 14:04:06 +02:00
phy phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally 2021-05-14 09:44:19 +02:00
pinctrl pinctrl: ingenic: Improve unreachable code generation 2021-05-22 11:38:27 +02:00
platform platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios 2021-05-26 12:05:15 +02:00
pnp
power power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() 2021-05-11 14:04:11 +02:00
powercap powercap: restrict energy meter to root access 2020-11-10 21:13:20 +01:00
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:51:26 +01:00
ptp
pwm pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() 2021-03-04 10:26:36 +01:00
rapidio rapidio: handle create_workqueue() failure 2021-05-26 12:05:17 +02:00
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:24:18 +02:00
regulator regulator: bd9571mwv: Fix AVS and DVFS voltage range 2021-04-14 08:24:13 +02:00
remoteproc remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() 2020-12-30 11:51:24 +01:00
reset
rpmsg rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() 2021-05-19 10:08:25 +02:00
rtc rtc: ds1307: Fix wday settings for rx8130 2021-05-19 10:08:26 +02:00
s390 s390/dasd: fix hanging IO request during DASD driver unbind 2021-03-17 17:03:48 +01:00
sbus
scsi scsi: ufs: handle cleanup correctly on devm_reset_control_get error 2021-05-26 12:05:20 +02:00
sfi
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI 2020-12-30 11:51:13 +01:00
soc soc: aspeed: fix a ternary sign expansion bug 2021-05-14 09:44:23 +02:00
soundwire soundwire: stream: fix memory leak in stream config error path 2021-05-14 09:44:19 +02:00
spi spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() 2021-05-14 09:44:21 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 10:26:49 +01:00
ssb
staging media: omap4iss: return error code when omap4iss_get() failed 2021-05-14 09:44:23 +02:00
target scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found 2021-05-22 11:38:29 +02:00
tc
tee tee: optee: do not check memref size on return from Secure World 2021-05-11 14:04:06 +02:00
thermal thermal/core/fair share: Lock the thermal zone while looping over instances 2021-05-19 10:08:32 +02:00
thunderbolt thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 2021-06-03 08:59:03 +02:00
tty serial: core: fix suspicious security_locked_down() call 2021-06-03 08:59:03 +02:00
uio uio_hv_generic: Fix a memory leak in error handling paths 2021-05-26 12:05:17 +02:00
usb misc/uss720: fix memory leak in uss720_probe 2021-06-03 08:59:03 +02:00
vfio vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer 2021-05-14 09:44:24 +02:00
vhost vhost: Fix vhost_vq_reset() 2021-04-07 14:47:39 +02:00
video video: hgafb: correctly handle card detect failure during probe 2021-05-26 12:05:21 +02:00
virt virt: vbox: Do not use wait_event_interruptible when called from kernel context 2021-03-04 10:26:10 +01:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:51:29 +01:00
visorbus
vlynq
vme
w1 w1: mxc_w1: Fix timeout resolution problem leading to bus error 2020-11-05 11:43:25 +01:00
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 10:26:47 +01:00
xen xen-pciback: reconfigure also from backend watch handler 2021-05-26 12:05:18 +02:00
zorro
Kconfig
Makefile