Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/drivers
History
Jan Engelhardt 0bd853d980 crypto: n2 - cure use after free 
commit 203f45003a3d03eea8fa28d74cfc74c354416fdb upstream.

queue_cache_init is first called for the Control Word Queue
(n2_crypto_probe). At that time, queue_cache[0] is NULL and a new
kmem_cache will be allocated. If the subsequent n2_register_algs call
fails, the kmem_cache will be released in queue_cache_destroy, but
queue_cache_init[0] is not set back to NULL.

So when the Module Arithmetic Unit gets probed next (n2_mau_probe),
queue_cache_init will not allocate a kmem_cache again, but leave it
as its bogus value, causing a BUG() to trigger when queue_cache[0] is
eventually passed to kmem_cache_zalloc:

	n2_crypto: Found N2CP at /virtual-devices@100/n2cp@7
	n2_crypto: Registered NCS HVAPI version 2.0
	called queue_cache_init
	n2_crypto: md5 alg registration failed
	n2cp f028687c: /virtual-devices@100/n2cp@7: Unable to register algorithms.
	called queue_cache_destroy
	n2cp: probe of f028687c failed with error -22
	n2_crypto: Found NCP at /virtual-devices@100/ncp@6
	n2_crypto: Registered NCS HVAPI version 2.0
	called queue_cache_init
	kernel BUG at mm/slab.c:2993!
	Call Trace:
	 [0000000000604488] kmem_cache_alloc+0x1a8/0x1e0
                  (inlined) kmem_cache_zalloc
                  (inlined) new_queue
                  (inlined) spu_queue_setup
                  (inlined) handle_exec_unit
	 [0000000010c61eb4] spu_mdesc_scan+0x1f4/0x460 [n2_crypto]
	 [0000000010c62b80] n2_mau_probe+0x100/0x220 [n2_crypto]
	 [000000000084b174] platform_drv_probe+0x34/0xc0

Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 		2019-07-27 21:46:21 +02:00
..
accessibility
acpi ACPI: APEI / ERST: Fix missing error handling in erst_reader() 2019-07-27 21:46:19 +02:00
amba
android ANDROID: binder: add hwbinder,vndbinder to BINDER_DEVICES. 2018-02-06 13:12:16 +01:00
ata libata: array underflow in ata_find_dev() 2019-07-27 21:44:15 +02:00
atm
auxdisplay
base PM / Domains: Fix unsafe iteration over modified list of device links 2019-07-27 21:44:14 +02:00
battery Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
battery_v2 Import latest Samsung release 2017-04-18 03:43:52 +02:00
bcma
bif
block loop: fix concurrent lo_open/lo_release 2018-08-20 11:56:48 +02:00
bluetooth Merge tag 'LA.BR.1.3.6-05410-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2018-02-06 13:11:45 +01:00
bus
cdrom BACKPORT: block: add blk_rq_set_block_pc() 2017-04-22 23:03:01 +02:00
char drivers: char: mem: Fix wraparound check to allow mappings up to the end 2019-07-27 21:44:47 +02:00
clk clk: qcom: Remove unnecessary WARN 2019-07-27 21:45:56 +02:00
clocksource Merge tag 'LA.BR.1.3.6-05410-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2018-02-06 13:11:45 +01:00
connector
coresight coresight: tmc: Fix use after free issue with tmc read 2017-07-30 10:34:00 -07:00
cpufreq cpufreq: s3c2416: double free on driver init error path 2019-07-27 21:44:36 +02:00
cpuidle cpuidle: Remove unnecessary WARN for calculate_residency 2019-07-27 21:45:56 +02:00
crypto crypto: n2 - cure use after free 2019-07-27 21:46:21 +02:00
dca
debug Import latest Samsung release 2017-04-18 03:43:52 +02:00
debug_32 Import latest Samsung release 2017-04-18 03:43:52 +02:00
devfreq devfreq_devbw: Assign labels to devbw nodes. 2017-04-18 12:24:57 +02:00
dio
dma Merge remote-tracking branch 'f2fs/linux-3.10.y' into HEAD 2017-04-18 17:02:28 +02:00
edac This is the 3.10.102 stable release 2017-04-18 17:22:08 +02:00
eisa
esoc
extcon Import latest Samsung release 2017-04-18 03:43:52 +02:00
fingerprint drivers: fingerprint: Kill FEATURE_SPI_WAKELOCK 2017-04-19 17:02:36 +02:00
firewire This is the 3.10.95 stable release 2017-04-18 17:14:54 +02:00
firmware Import T813XXU2BQD1 kernel source changes 2017-04-22 16:30:03 +02:00
gpio gpio: Handle EPROBE_DEFER while probing 2019-07-27 21:45:55 +02:00
gpu drm: Reject page_flip for !DRIVER_MODESET 2019-07-27 21:42:22 +02:00
hid HID: i2c-hid: allocate hid buffers for real worst case 2019-07-27 21:45:51 +02:00
hsi
hv
hwmon This is the 3.10.102 stable release 2017-04-18 17:22:08 +02:00
hwspinlock
i2c i2c-msm-v2: Handle defer while probing 2019-07-27 21:45:58 +02:00
ide
idle
iio iio: adis_lib: Initialize trigger before requesting interrupt 2019-07-27 21:46:10 +02:00
infiniband
input input: synaptics_dsx: remove unused synaptics touch screen driver files 2019-07-27 21:46:00 +02:00
iommu iommu/amd: Finish TLB flush in amd_iommu_unmap() 2019-07-27 21:44:19 +02:00
ipack
irqchip Import latest Samsung release 2017-04-18 03:43:52 +02:00
isdn
leds Merge tag 'LA.BR.1.3.6-03510-8976.0' into HEAD 2017-04-18 12:11:50 +02:00
lguest Import latest Samsung release 2017-04-18 03:43:52 +02:00
macintosh
mailbox
md dm: fix various targets to dm_register_target after module __init resources created 2019-07-27 21:46:15 +02:00
media ir-core: fix gcc-7 warning on bool arithmetic 2019-07-27 21:44:38 +02:00
memory
memstick
message
mfd mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode 2019-07-27 21:44:34 +02:00
misc qseecom: Fix typo in format specifier 2019-07-27 21:44:44 +02:00
mmc mmc: mxs-mmc: Fix additional cycles after transmission stop 2019-07-27 21:43:00 +02:00
motor Import latest Samsung release 2017-04-18 03:43:52 +02:00
mtd This is the 3.10.102 stable release 2017-04-18 17:22:08 +02:00
muic Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
net tun: call dev_get_valid_name() before register_netdevice() 2019-07-27 21:45:50 +02:00
nfc Import latest Samsung release 2017-04-18 03:43:52 +02:00
ntb
nubus
of of: fdt: add missing allocation-failure check 2019-07-27 21:44:47 +02:00
oprofile
parisc
parport
pci PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() 2019-07-27 21:46:19 +02:00
pcmcia
phy
pinctrl pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE 2019-07-27 21:43:46 +02:00
platform Merge tag 'LA.BR.1.3.6-05410-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2018-02-06 13:11:45 +01:00
pnp
power angler: remove 'reboot edl' interface for security 2018-05-26 00:39:32 +02:00
pps
ps3
ptp
pwm
rapidio
regulator Merge remote-tracking branch 'f2fs/linux-3.10.y' into HEAD 2017-04-18 17:02:28 +02:00
remoteproc
reset
rpmsg
rtc rtc: set the alarm to the next expiring timer 2019-07-27 21:46:00 +02:00
s390 scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response 2019-07-27 21:44:18 +02:00
sbus
scsi scsi: use dma_get_cache_alignment() as minimum DMA alignment 2019-07-27 21:46:11 +02:00
sensorhub Import T713XXU2BQD3 kernel source changes 2017-07-01 12:51:07 +02:00
sensors Import latest Samsung release 2017-04-18 03:43:52 +02:00
sfi
sh
slimbus slim-msm: Synchronize SSR callbacks 2017-05-05 19:20:28 +00:00
sn
soc ASoC: apr: Add validity check to APR port 2018-08-20 12:08:44 +02:00
soundwire
spi This is the 3.10.97 stable release 2017-04-18 17:17:20 +02:00
spmi Merge tag 'LA.BR.1.3.6-03510-8976.0' into HEAD 2017-04-18 12:11:50 +02:00
ssb
ssbi
staging Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
switch
target target: Avoid mappedlun symlink creation during lun shutdown 2019-07-27 21:44:16 +02:00
tc
thermal msm_thermal: Handle defer while probing 2019-07-27 21:45:58 +02:00
tty n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) 2019-07-27 21:46:21 +02:00
uio uio: fix dmem_region_start computation 2019-07-27 21:42:50 +02:00
usb xhci: Don't add a virt_dev to the devs array before it's fully allocated 2019-07-27 21:46:15 +02:00
uwb
vfio
vhost Merge remote-tracking branch 'f2fs/linux-3.10.y' into HEAD 2017-04-18 17:02:28 +02:00
video video: msm: samsung: Fix mode_max permissions 2019-07-27 21:45:54 +02:00
virt
virtio
vlynq
vme
w1
watchdog
xen This is the 3.10.96 stable release 2017-04-18 17:16:02 +02:00
zorro
Kconfig msm: gud: Remove gud driver 2017-09-08 18:49:12 +00:00
Makefile msm: gud: Remove gud driver 2017-09-08 18:49:12 +00:00