iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
af692e117c
linux/drivers/staging
History
Gao Xiang af692e117c staging: erofs: compressed_pages should not be accessed again after freed 
This patch resolves the following page use-after-free issue,
z_erofs_vle_unzip:
    ...
    for (i = 0; i < nr_pages; ++i) {
        ...
        z_erofs_onlinepage_endio(page);  (1)
    }

    for (i = 0; i < clusterpages; ++i) {
        page = compressed_pages[i];

        if (page->mapping == mngda)      (2)
            continue;
        /* recycle all individual staging pages */
        (void)z_erofs_gather_if_stagingpage(page_pool, page); (3)
        WRITE_ONCE(compressed_pages[i], NULL);
    }
    ...

After (1) is executed, page is freed and could be then reused, if
compressed_pages is scanned after that, it could fall info (2) or
(3) by mistake and that could finally be in a mess.

This patch aims to solve the above issue only with little changes
as much as possible in order to make the fix backport easier.

Fixes: 3883a79abd ("staging: erofs: introduce VLE decompression support")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-02-27 15:41:57 +01:00
..
android staging: android: ashmem: Avoid range_alloc() allocation with ashmem_mutex held. 2019-02-26 11:50:17 +01:00
axis-fifo staging: axis-fifo: Split line to stay in 80 characters. 2018-11-20 10:59:30 +01:00
board
clocking-wizard staging: clocking-wizard: match parenthesis indentation 2018-10-09 14:57:33 +02:00
comedi staging: comedi: ni_tio: Allocate shadow regs for each counter chip 2019-02-26 11:50:17 +01:00
emxx_udc Staging: emxx_udc: Switch to the gpio descriptor interface 2019-01-15 16:25:58 +01:00
erofs staging: erofs: compressed_pages should not be accessed again after freed 2019-02-27 15:41:57 +01:00
fbtft Staging: fbtft: Fix line over 80 characters 2019-02-26 11:40:07 +01:00
fsl-dpaa2 staging: fsl-dpaa2: ethsw: Add missing netdevice check 2019-02-26 11:52:46 +01:00
fwserial Staging: fwserial: Add blank line after declarations 2019-02-26 11:40:08 +01:00
gasket staging: gasket: interrupt: remove unused including <linux/version.h> 2019-01-22 11:32:36 +01:00
gdm724x
goldfish staging: goldfish: remove GPL boiler plate text 2019-01-15 16:08:04 +01:00
greybus Staging: greybus: Alignment should match open parenthesis 2019-02-26 11:46:51 +01:00
gs_fpgaboot staging: gs_fpgaboot: cleanup alignment issue - style 2019-01-15 16:08:05 +01:00
iio staging: iio: frequency: ad9833: Load clock using clock framework 2019-02-02 17:06:49 +00:00
ks7010 Staging: ks7010: Match alignments with open parenthesis 2019-02-26 11:46:51 +01:00
media staging: prefix header search paths with $(srctree)/ 2019-02-04 12:30:27 +01:00
most staging: most: cdev: add missing check for cdev_add failure 2019-02-04 12:36:14 +01:00
mt7621-dma Staging: mt761-dma: Alignment should match open parenthesis 2019-02-26 11:40:07 +01:00
mt7621-dts staging: mt7621-dts: add general pcie reset line to pcie bindings 2019-02-19 11:13:08 +01:00
mt7621-eth staging: mt7621-eth/ethtool.c: Correction of SPDX license identifier 2019-02-04 12:34:03 +01:00
mt7621-mmc staging: mt7621-mmc: Prefer using BIT macro 2019-02-19 11:18:00 +01:00
mt7621-pci staging: mt7621-pci: reverse condition to check for enabled port 2019-02-19 11:14:14 +01:00
mt7621-pci-phy staging: mt7621-pci-phy: use 'module_init' instead of 'arch_initcall' 2019-02-19 11:12:08 +01:00
mt7621-pinctrl staging: mt7621-pinctrl: Test devm_kzalloc for failure while improving the code 2019-01-30 15:38:50 +01:00
mt7621-spi staging: mt7621-spi: Clean up comparison to NULL 2019-02-04 12:34:37 +01:00
netlogic staging: netlogic: Remove boilerplate license text 2019-02-26 11:40:07 +01:00
nvec
octeon staging: octeon: fix broken phylib usage 2019-01-30 15:31:24 +01:00
octeon-usb staging: octeon-usb: fix misspelled "re-enable" 2019-02-21 10:58:11 +01:00
olpc_dcon staging: olpc_dcon: olpc_dcon_xo_1.c: Switch to the gpio descriptor interface 2018-11-08 03:59:47 -08:00
pi433 staging: pi433: add missing call to cdev_del() 2018-12-05 09:39:45 +01:00
ralink-gdma staging: Move ralink-gdma to its own directory 2019-01-15 16:28:02 +01:00
rtl8188eu staging: rtl8188eu: cleanup comparsions to NULL in rtl8188eu_xmit.c 2019-02-26 11:52:46 +01:00
rtl8192e Staging: rtl8192e: Replace license text with SPDX identifier 2019-02-21 10:58:11 +01:00
rtl8192u staging: rtl8192u: remove redundant nul check on pointer dev 2019-02-07 13:33:54 +01:00
rtl8712 staging: rtl8712: drop pointless static qualifier in r8712_efuse_pg_packet_write() 2019-01-22 11:32:36 +01:00
rtl8723bs Staging: rtl8723bs: remove some dead code 2019-02-07 13:33:54 +01:00
rtlwifi staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx 2019-02-21 10:58:11 +01:00
rts5208 Staging: rts5208: Fix error handling on rtsx_send_cmd 2019-01-07 11:28:15 +01:00
sm750fb staging: sm750fb: Rename setDisplayControl to set_display_control - style 2019-02-07 13:33:54 +01:00
speakup staging: speakup: Note that simple_strtoul can't simply be replaced by kstrtoul 2019-02-26 11:50:17 +01:00
unisys staging: visornic: use skb_put_zero() instead of open-coded version 2019-02-19 15:35:25 +01:00
vboxvideo Staging/IIO driver patches for 4.21-rc1 2018-12-28 20:39:58 -08:00
vc04_services staging: prefix header search paths with $(srctree)/ 2019-02-04 12:30:27 +01:00
vme
vt6655 Staging: vt6655: Alignment should match open parenthesis 2019-02-26 11:46:51 +01:00
vt6656 staging: vt6656: key: Mark expected switch fall-throughs 2019-02-19 11:14:14 +01:00
wilc1000 staging: wilc1000: fix incorrent type assignment 2019-02-26 11:50:16 +01:00
wlan-ng staging: wlan-ng: formatting change in cfg80211.c 2019-02-08 10:31:14 +01:00
Kconfig staging: xgifb: delete the driver 2019-01-22 11:32:35 +01:00
Makefile staging: xgifb: delete the driver 2019-01-22 11:32:35 +01:00