iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Jia-Ju Bai fe8905d841 net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() 
[ Upstream commit b7ac893652cafadcf669f78452329727e4e255cc ]

The kernel may sleep while holding a spinlock.
The function call path (from bottom to top) in Linux 4.19 is:

net/nfc/nci/uart.c, 349:
	nci_skb_alloc in nci_uart_default_recv_buf
net/nfc/nci/uart.c, 255:
	(FUNC_PTR)nci_uart_default_recv_buf in nci_uart_tty_receive
net/nfc/nci/uart.c, 254:
	spin_lock in nci_uart_tty_receive

nci_skb_alloc(GFP_KERNEL) can sleep at runtime.
(FUNC_PTR) means a function pointer is called.

To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC for
nci_skb_alloc().

This bug is found by a static analysis tool STCheck written by myself.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-04 13:34:20 +01:00
..
6lowpan
6lowpan: iphc: reset mac_header after decompress to fix panic
2018-10-10 08:52:04 +02:00
9p
9p/virtio: Add cleanup path in p9_virtio_init
2019-08-04 09:34:51 +02:00
802
8021q
vlan: disable SIOCSHWTSTAMP in container
2019-05-16 19:45:17 +02:00
appletalk
appletalk: Set error code if register_snap_client failed
2019-12-21 10:35:03 +01:00
atm
net: atm: Fix potential Spectre v1 vulnerabilities
2019-04-27 09:33:59 +02:00
ax25
ax25: enforce CAP_NET_RAW for raw sockets
2019-10-05 12:27:43 +02:00
batman-adv
batman-adv: fix for leaked TVLV handler.
2019-08-04 09:34:39 +02:00
bluetooth
Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
2020-01-04 13:34:13 +01:00
bridge
net: bridge: deny dev_set_mac_address() when unregistering
2019-12-21 10:35:38 +01:00
caif
net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
2018-09-05 09:18:34 +02:00
can
can: purge socket error queue on sock destruct
2019-07-10 09:56:33 +02:00
ceph
libceph: handle an empty authorize reply
2019-03-23 08:44:18 +01:00
core
inet: protect against too small mtu values.
2019-12-21 10:35:40 +01:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:48:58 +02:00
dccp
inet: stop leaking jiffies on the wire
2019-11-10 11:21:13 +01:00
decnet
decnet: fix DN_IFREQ_SIZE
2019-12-05 15:27:07 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:25:54 +02:00
dsa
net: dsa: slave: Don't propagate flag changes on down slave interfaces
2019-02-20 10:13:15 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 16:39:27 +01:00
hsr
net/hsr: fix possible crash in add_timer()
2019-03-23 08:44:31 +01:00
ieee802154
ieee802154: enforce CAP_NET_RAW for raw sockets
2019-10-05 12:27:43 +02:00
ipv4
inet: protect against too small mtu values.
2019-12-21 10:35:40 +01:00
ipv6
ipv6: drop incoming packets having a v4mapped source address
2019-10-07 21:01:04 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 14:30:13 +02:00
irda
irda: Only insert new objects into the global database via setsockopt
2018-09-15 09:40:40 +02:00
iucv
af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers
2018-11-10 07:41:35 -08:00
key
xfrm: clean up xfrm protocol checks
2019-09-16 08:13:35 +02:00
l2tp
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
2019-08-11 12:20:46 +02:00
l3mdev
net: Add netif_is_l3_slave
2015-10-07 04:27:43 -07:00
lapb
lapb: fixed leak of control-blocks.
2019-06-22 08:18:25 +02:00
llc
llc: avoid blocking in llc_sap_close()
2019-11-25 15:53:57 +01:00
mac80211
mac80211: minstrel: fix CCK rate group streams value
2019-11-25 15:54:51 +01:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 20:04:32 +02:00
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-03-11 16:19:47 +01:00
netfilter
ipvs: move old_secure_tcp into struct netns_ipvs
2019-11-12 19:13:26 +01:00
netlabel
netlabel: check for IPV4MASK in addrinfo_get
2018-10-20 09:52:36 +02:00
netlink
netlink: Don't shift on 64 for ngroups
2018-08-09 12:19:28 +02:00
netrom
netrom: hold sock when setting skb->destructor
2019-08-04 09:34:54 +02:00
nfc
net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive()
2020-01-04 13:34:20 +01:00
openvswitch
openvswitch: remove another BUG_ON()
2019-12-05 15:27:15 +01:00
packet
af_packet: set defaule value for tmo
2020-01-04 13:34:20 +01:00
phonet
phonet: fix building with clang
2019-03-23 08:44:34 +01:00
rds
net/rds: Fix error handling in rds_ib_add_one()
2019-10-07 21:01:06 +02:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-16 10:06:51 +02:00
rose
net: rose: fix a possible stack overflow
2019-04-03 06:23:25 +02:00
rxrpc
rxrpc: check return value of skb_to_sgvec always
2018-04-13 19:50:23 +02:00
sched
net: sched: fix tc -s class show no bstats on class with nolock subqueues
2019-12-05 15:27:16 +01:00
sctp
inet: stop leaking jiffies on the wire
2019-11-10 11:21:13 +01:00
sunrpc
sunrpc: fix crash when cache_head become valid before update
2019-12-21 10:35:38 +01:00
switchdev
switchdev: pass pointer to fib_info instead of copy
2016-06-24 10:18:16 -07:00
tipc
tipc: fix ordering of tipc module init and exit routine
2019-12-21 10:35:39 +01:00
unix
net: fix warning in af_unix
2019-11-28 18:25:43 +01:00
vmw_vsock
VSOCK: bind to random port for VMADDR_PORT_ANY
2019-12-05 15:26:49 +01:00
wimax
wireless
nl80211: Fix a GET_KEY reply attribute
2019-11-25 15:54:30 +01:00
x25
net/x25: fix null_x25_address handling
2019-12-21 10:34:41 +01:00
xfrm
xfrm: clean up xfrm protocol checks
2019-09-16 08:13:35 +02:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-13 10:05:28 +01:00
Kconfig
Make DST_CACHE a silent config option
2018-02-25 11:03:37 +01:00
Makefile
net: Introduce L3 Master device abstraction
2015-09-29 20:40:32 -07:00
socket.c
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
2019-03-23 08:44:21 +01:00
sysctl_net.c
net: Use ns_capable_noaudit() when determining net sysctl permissions
2016-09-15 08:27:50 +02:00