mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-12-30 14:45:47 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
fa2dfd0ec22e0069c84dfae162972cbbc7c75488
linux/drivers
History
Zhengjun Xing fa2dfd0ec2 xhci: Fix NULL pointer in xhci debugfs 
Commit dde634057d ("xhci: Fix use-after-free in xhci debugfs") causes a
null pointer dereference while fixing xhci-debugfs usage of ring pointers
that were freed during hibernate.

The fix passed addresses to ring pointers instead, but forgot to do this
change for the xhci_ring_trb_show function.

The address of the ring pointer passed to xhci-debugfs was of a temporary
ring pointer "new_ring" instead of the actual ring "ring" pointer. The
temporary new_ring pointer will be set to NULL later causing the NULL
pointer dereference.

This issue was seen when reading xhci related files in debugfs:

cat /sys/kernel/debug/usb/xhci/*/devices/*/ep*/trbs

[  184.604861] BUG: unable to handle kernel NULL pointer dereference at (null)
[  184.613776] IP: xhci_ring_trb_show+0x3a/0x890
[  184.618733] PGD 264193067 P4D 264193067 PUD 263238067 PMD 0
[  184.625184] Oops: 0000 [#1] SMP
[  184.726410] RIP: 0010:xhci_ring_trb_show+0x3a/0x890
[  184.731944] RSP: 0018:ffffba8243c0fd90 EFLAGS: 00010246
[  184.737880] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000295d6
[  184.746020] RDX: 00000000000295d5 RSI: 0000000000000001 RDI: ffff971a6418d400
[  184.754121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  184.762222] R10: ffff971a64c98a80 R11: ffff971a62a00e40 R12: ffff971a62a85500
[  184.770325] R13: 0000000000020000 R14: ffff971a6418d400 R15: ffff971a6418d400
[  184.778448] FS:  00007fe725a79700(0000) GS:ffff971a6ec00000(0000) knlGS:0000000000000000
[  184.787644] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  184.794168] CR2: 0000000000000000 CR3: 000000025f365005 CR4: 00000000003606f0
[  184.802318] Call Trace:
[  184.805094]  ? seq_read+0x281/0x3b0
[  184.809068]  seq_read+0xeb/0x3b0
[  184.812735]  full_proxy_read+0x4d/0x70
[  184.817007]  __vfs_read+0x23/0x120
[  184.820870]  vfs_read+0x91/0x130
[  184.824538]  SyS_read+0x42/0x90
[  184.828106]  entry_SYSCALL_64_fastpath+0x1a/0x7d

Fixes: dde634057d ("xhci: Fix use-after-free in xhci debugfs")
Cc: <stable@vger.kernel.org> # v4.15
Signed-off-by: Zhengjun Xing <zhengjun.xing@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-15 18:36:19 +01:00
..
accessibility
acpi
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
amba
android
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
ata
Merge tag 'pci-v4.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2018-02-06 09:59:40 -08:00
atm
atm: he: use 64-bit arithmetic instead of 32-bit
2018-02-08 15:05:16 -05:00
auxdisplay
base
Merge tag 'pm-part2-4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2018-02-09 09:40:33 -08:00
bcma
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-01-19 22:59:33 -05:00
block
Merge tag 'ceph-for-4.16-rc1' of git://github.com/ceph/ceph-client
2018-02-08 11:38:59 -08:00
bluetooth
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
bus
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2018-02-01 16:35:31 -08:00
cdrom
char
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
clk
Merge tag 'mips_4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips
2018-02-07 11:22:44 -08:00
clocksource
connector
cpufreq
arm: imx: Add MODULE_ALIAS for cpufreq
2018-02-08 10:21:39 +01:00
cpuidle
Merge tag 'powerpc-4.16-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2018-02-02 10:01:04 -08:00
crypto
Merge tag 'kvm-4.16-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm
2018-02-10 13:16:35 -08:00
dax
Merge branch 'for-4.16/dax' into libnvdimm-for-next
2018-02-03 00:26:10 -07:00
dca
devfreq
dio
dma
Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
2018-02-02 09:50:51 -08:00
dma-buf
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
edac
eisa
EISA: Delete error message for a failed memory allocation in eisa_probe()
2018-01-23 09:04:10 +01:00
extcon
firewire
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
firmware
Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
2018-02-08 10:44:25 -08:00
fmc
fpga
fsi
gpio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
gpu
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
hid
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
hsi
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
hv
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
hwmon
hwmon: (dell-smm) Disable fan support for Dell Vostro 3360
2018-01-27 09:34:22 -08:00
hwspinlock
hwtracing
Merge tag 'char-misc-4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2018-02-01 10:31:17 -08:00
i2c
Merge branch 'i2c/for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2018-02-04 10:57:43 -08:00
ide
Merge tag 'pci-v4.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2018-02-06 09:59:40 -08:00
idle
iio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
infiniband
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
input
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
iommu
Merge tag 'iommu-updates-v4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
2018-02-08 12:03:54 -08:00
ipack
irqchip
Merge tag 'pci-v4.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2018-02-06 09:59:40 -08:00
isdn
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
leds
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
lightnvm
macintosh
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
mailbox
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
mcb
md
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
media
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
memory
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2018-02-01 16:35:31 -08:00
memstick
message
scsi: mptsas: remove duplicated assignment to pointer head
2018-01-17 01:19:38 -05:00
mfd
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
misc
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
mmc
Merge tag 'kbuild-v4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2018-02-09 19:32:41 -08:00
mtd
Merge tag 'dma-mapping-4.16' of git://git.infradead.org/users/hch/dma-mapping
2018-01-31 11:32:27 -08:00
mux
Merge tag 'char-misc-4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2018-02-01 10:31:17 -08:00
net
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
nfc
ntb
NTB: ntb_perf: fix cast to restricted __le32
2018-01-28 22:17:24 -05:00
nubus
nubus: Add support for the driver model
2018-01-16 16:47:29 +01:00
nvdimm
Merge branch 'for-4.16/nfit' into libnvdimm-for-next
2018-02-03 00:26:26 -07:00
nvme
Merge tag 'for-linus-20180204' of git://git.kernel.dk/linux-block
2018-02-04 11:16:35 -08:00
nvmem
of
Merge tag 'pci-v4.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2018-02-06 09:59:40 -08:00
opp
oprofile
parisc
parport
pci
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
pcmcia
Merge branch 'pcmcia' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia
2018-02-08 11:48:49 -08:00
perf
bitmap: replace bitmap_{from,to}_u32array
2018-02-06 18:32:44 -08:00
phy
Merge tag 'usb-4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
2018-02-01 09:40:49 -08:00
pinctrl
Merge tag 'pinctrl-v4.16-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
2018-02-02 14:22:53 -08:00
platform
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
pnp
power
Merge tag 'for-v4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
2018-01-31 12:55:31 -08:00
powercap
powercap: intel_rapl: Fix trailing semicolon
2018-01-17 12:56:24 +01:00
pps
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
ps3
ptp
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
pwm
rapidio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
ras
mm/memory_failure: Remove unused trapno from memory_failure
2018-01-23 12:17:42 -06:00
regulator
regulator: Fix suspend to idle
2018-01-30 12:25:59 +00:00
remoteproc
Merge tag 'rproc-v4.16' of git://github.com/andersson/remoteproc
2018-02-05 10:07:40 -08:00
reset
rpmsg
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
rtc
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
s390
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
sbus
Merge tag 'pci-v4.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2018-02-06 09:59:40 -08:00
scsi
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
sfi
sh
cpufreq: Add and use cpufreq_for_each_{valid_,}entry_idx()
2018-02-08 10:21:39 +01:00
siox
slimbus
sn
soc
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2018-02-01 16:35:31 -08:00
soundwire
soundwire: Fix a signedness bug
2018-01-22 16:45:26 +01:00
spi
Merge remote-tracking branch 'spi/topic/xilinx' into spi-next
2018-01-26 17:57:34 +00:00
spmi
ssb
Merge git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git
2018-02-01 10:37:39 +02:00
staging
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
target
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
2018-02-09 14:49:46 -08:00
tc
tee
Merge tag 'tee-drv-dynamic-shm+fixes-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee into next/drivers
2018-01-11 18:05:06 -08:00
thermal
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
2018-02-06 15:04:58 -08:00
thunderbolt
tty
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
uio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
usb
xhci: Fix NULL pointer in xhci debugfs
2018-02-15 18:36:19 +01:00
uwb
vfio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
vhost
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
video
Merge tag 'kbuild-v4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2018-02-09 19:32:41 -08:00
virt
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
virtio
virtio_pci: don't kfree device on register failure
2018-02-01 16:26:45 +02:00
visorbus
vlynq
vme
w1
Merge tag 'docs-4.16' of git://git.lwn.net/linux
2018-01-31 19:25:25 -08:00
watchdog
Merge tag 'linux-watchdog-4.16-rc1' of git://www.linux-watchdog.org/linux-watchdog
2018-02-07 11:54:34 -08:00
xen
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
zorro
Kconfig
Merge tag 'char-misc-4.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2018-02-01 10:31:17 -08:00
Makefile
Merge tag 'pci-v4.16-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2018-02-06 09:59:40 -08:00