iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers
History
Jan Engelhardt 203f45003a crypto: n2 - cure use after free 
queue_cache_init is first called for the Control Word Queue
(n2_crypto_probe). At that time, queue_cache[0] is NULL and a new
kmem_cache will be allocated. If the subsequent n2_register_algs call
fails, the kmem_cache will be released in queue_cache_destroy, but
queue_cache_init[0] is not set back to NULL.

So when the Module Arithmetic Unit gets probed next (n2_mau_probe),
queue_cache_init will not allocate a kmem_cache again, but leave it
as its bogus value, causing a BUG() to trigger when queue_cache[0] is
eventually passed to kmem_cache_zalloc:

	n2_crypto: Found N2CP at /virtual-devices@100/n2cp@7
	n2_crypto: Registered NCS HVAPI version 2.0
	called queue_cache_init
	n2_crypto: md5 alg registration failed
	n2cp f028687c: /virtual-devices@100/n2cp@7: Unable to register algorithms.
	called queue_cache_destroy
	n2cp: probe of f028687c failed with error -22
	n2_crypto: Found NCP at /virtual-devices@100/ncp@6
	n2_crypto: Registered NCS HVAPI version 2.0
	called queue_cache_init
	kernel BUG at mm/slab.c:2993!
	Call Trace:
	 [0000000000604488] kmem_cache_alloc+0x1a8/0x1e0
                  (inlined) kmem_cache_zalloc
                  (inlined) new_queue
                  (inlined) spu_queue_setup
                  (inlined) handle_exec_unit
	 [0000000010c61eb4] spu_mdesc_scan+0x1f4/0x460 [n2_crypto]
	 [0000000010c62b80] n2_mau_probe+0x100/0x220 [n2_crypto]
	 [000000000084b174] platform_drv_probe+0x34/0xc0

Cc: <stable@vger.kernel.org>
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-12-22 19:02:44 +11:00
..
accessibility
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
acpi
ACPI / CPPC: Fix KASAN global out of bounds warning
2017-12-05 23:25:49 +01:00
amba
A couple of dma-mapping updates:
2017-11-14 16:54:12 -08:00
android
ANDROID: binder: fix transaction leak.
2017-11-28 16:54:45 +01:00
ata
Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
2017-11-15 14:11:41 -08:00
atm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-29 13:10:25 -08:00
auxdisplay
auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM
2017-11-27 12:36:45 -08:00
base
Power management fix for v4.15-rc3
2017-12-08 09:58:10 -08:00
bcma
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2017-11-15 11:56:19 -08:00
block
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
2017-12-01 08:05:45 -05:00
bluetooth
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
bus
bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left.
2017-12-04 17:15:20 +00:00
cdrom
Merge branch 'for-4.15/block' of git://git.kernel.dk/linux-block
2017-11-14 15:32:19 -08:00
char
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-26 14:11:54 -08:00
clk
We have two changes to the core framework this time around. The first being a
2017-11-17 20:04:24 -08:00
clocksource
- final batch of "non trivial" timer conversions (multi-tree dependencies,
2017-11-23 16:29:05 +01:00
connector
cpufreq
cpufreq: mediatek: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
2017-11-22 00:00:14 +01:00
cpuidle
powerpc updates for 4.15
2017-11-16 12:47:46 -08:00
crypto
crypto: n2 - cure use after free
2017-12-22 19:02:44 +11:00
dax
device-dax: implement ->split() to catch invalid munmap attempts
2017-11-29 18:40:42 -08:00
dca
devfreq
Merge branches 'pm-devfreq' and 'pm-tools'
2017-11-13 01:41:39 +01:00
dio
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dma
dmaengine updates for 4.15-rc1
2017-11-14 16:49:31 -08:00
dma-buf
Tracing updates for 4.15:
2017-11-17 14:58:01 -08:00
edac
Modules updates for v4.15
2017-11-15 13:46:33 -08:00
eisa
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
extcon
USB/PHY patches for 4.15-rc1
2017-11-13 21:14:07 -08:00
firewire
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-13 17:56:58 -08:00
firmware
ARM: SoC fixes for 4.15-rc
2017-12-10 08:26:59 -08:00
fmc
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fpga
Char/Misc patches for 4.15-rc1
2017-11-16 09:10:59 -08:00
fsi
gpio
gpio: pca953x: fix vendor prefix for PCA9654
2017-12-02 22:41:43 +01:00
gpu
Merge tag 'drm-misc-fixes-2017-12-07' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
2017-12-08 08:17:53 +10:00
hid
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
hsi
HSI changes for the v4.15 series
2017-11-15 13:35:43 -08:00
hv
Drivers: hv: vmbus: Fix a rescind issue
2017-11-28 16:56:26 +01:00
hwmon
hwmon: (jc42) optionally try to disable the SMBUS timeout
2017-11-30 13:12:44 -08:00
hwspinlock
hwspinlock update for v4.15
2017-11-17 20:16:20 -08:00
hwtracing
Char/Misc patches for 4.15-rc1
2017-11-16 09:10:59 -08:00
i2c
i2c: i2c-boardinfo: fix memory leaks on devinfo
2017-11-27 19:14:29 +01:00
ide
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide
2017-11-19 08:04:41 -10:00
idle
Merge branch 'pm-cpuidle'
2017-11-13 01:34:14 +01:00
iio
iio: health: max30102: Temperature should be in milli Celsius
2017-12-02 11:15:14 +00:00
infiniband
Here is the first rc pull request for RDMA. This includes an important core
2017-12-05 10:10:15 -08:00
input
treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts
2017-11-21 16:35:54 -08:00
iommu
IOMMU fixes for Linux v4.15-rc3
2017-12-06 10:53:02 -08:00
ipack
irqchip
Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-26 14:39:20 -08:00
isdn
treewide: setup_timer() -> timer_setup() (2 field)
2017-11-21 15:57:09 -08:00
leds
LED updates for 4.15rc1
2017-11-14 18:09:31 -08:00
lightnvm
lightnvm: Convert timers to use timer_setup()
2017-11-21 15:46:44 -08:00
macintosh
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-13 17:56:58 -08:00
mailbox
Change to POLL api and fixes for FlexRM and OMAP driver
2017-11-15 13:39:18 -08:00
mcb
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
md
md/raid1/10: add missed blk plug
2017-12-01 12:19:48 -08:00
media
media fixes for v4.15-rc3
2017-12-08 13:18:47 -08:00
memory
ARM: SoC driver updates for v4.15
2017-11-16 16:05:01 -08:00
memstick
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
message
Modules updates for v4.15
2017-11-15 13:46:33 -08:00
mfd
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
misc
Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2017-12-03 10:48:24 -05:00
mmc
MMC core:
2017-12-01 08:14:22 -05:00
mtd
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
mux
net
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-12-08 13:32:44 -08:00
nfc
treewide: setup_timer() -> timer_setup() (2 field)
2017-11-21 15:57:09 -08:00
ntb
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
nubus
m68k updates for 4.15
2017-11-13 12:10:24 -08:00
nvdimm
libnvdimm for 4.15
2017-11-17 09:51:57 -08:00
nvme
nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
2017-11-28 08:49:26 -08:00
nvmem
Char/Misc patches for 4.15-rc1
2017-11-16 09:10:59 -08:00
of
of: overlay: Make node skipping in init_overlay_changeset() clearer
2017-12-08 09:32:18 -06:00
opp
oprofile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
parisc
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
parport
Char/Misc patches for 4.15-rc1
2017-11-16 09:10:59 -08:00
pci
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-26 14:11:54 -08:00
pcmcia
drivers/pcmcia/sa1111_badge4.c: avoid unused function warning
2017-11-17 16:10:04 -08:00
perf
arm64 updates for 4.15
2017-11-15 10:56:56 -08:00
phy
USB/PHY patches for 4.15-rc1
2017-11-13 21:14:07 -08:00
pinctrl
pinctrl: sunxi: Disable strict mode for H5 driver
2017-11-30 16:50:43 +01:00
platform
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-25 08:37:16 -10:00
pnp
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
power
power supply and reset changes for the v4.15 series
2017-11-15 13:37:15 -08:00
powercap
pps
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
ps3
ptp
xen: features and fixes for v4.15-rc1
2017-11-16 13:06:27 -08:00
pwm
pwm: Changes for v4.15-rc1
2017-11-22 21:09:18 -10:00
rapidio
Merge branch 'akpm' (patches from Andrew)
2017-11-17 16:56:17 -08:00
ras
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-13 17:56:58 -08:00
regulator
- New Drivers
2017-11-16 09:15:57 -08:00
remoteproc
remoteproc updates for v4.15
2017-11-17 20:14:10 -08:00
reset
ARM: SoC driver updates for v4.15
2017-11-16 16:05:01 -08:00
rpmsg
rpmsg updates for v4.15
2017-11-17 20:12:08 -08:00
rtc
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-25 08:37:16 -10:00
s390
s390: add a few more SPDX identifiers
2017-12-05 07:51:09 +01:00
sbus
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
2017-11-17 20:21:44 -08:00
scsi
SCSI fixes on 20171205
2017-12-05 10:31:32 -08:00
sfi
sh
A couple of dma-mapping updates:
2017-11-14 16:54:12 -08:00
sn
soc
meson-gx-socinfo: Fix package id parsing
2017-11-30 15:29:44 -08:00
spi
Merge remote-tracking branches 'spi/topic/sh-msiof', 'spi/topic/slave', 'spi/topic/spreadtrum' and 'spi/topic/tegra114' into spi-next
2017-11-10 21:33:51 +00:00
spmi
ssb
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
staging
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-12-08 13:32:44 -08:00
target
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-11-25 08:37:16 -10:00
tc
tee
optee: fix invalid of_node_put() in optee_driver_init()
2017-11-29 10:24:57 +01:00
thermal
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
2017-11-17 14:31:27 -08:00
thunderbolt
Char/Misc patches for 4.15-rc1
2017-11-16 09:10:59 -08:00
tty
serdev: ttyport: fix tty locking in close
2017-11-28 16:00:50 +01:00
uio
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
usb
usb: xhci: fix panic in xhci_free_virt_devices_depth_first
2017-12-01 15:24:59 +00:00
uwb
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
vfio
VFIO Updates for Linux v4.15
2017-11-14 16:47:47 -08:00
vhost
vhost: fix skb leak in handle_rx()
2017-12-02 21:31:03 -05:00
video
fbdev changes for v4.15:
2017-11-20 21:50:24 -10:00
virt
virtio
virtio_mmio: add cleanup for virtio_mmio_remove
2017-12-07 18:30:50 +02:00
vlynq
vme
Char/Misc patches for 4.15-rc1
2017-11-16 09:10:59 -08:00
w1
Char/Misc patches for 4.15-rc1
2017-11-16 09:10:59 -08:00
watchdog
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
xen
xen: fixes for 4.15-rc3
2017-12-08 12:53:43 -08:00
zorro
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
Kconfig
Merge branches 'pm-cpufreq-sched' and 'pm-opp'
2017-11-13 01:40:52 +01:00
Makefile
usb: build drivers/usb/common/ when USB_SUPPORT is set
2017-11-28 15:17:49 +01:00