shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-01 02:33:01 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
49bb04fd1f886ec5083c14f366a107bc320e06fa
linux/drivers
History
Dmitry Torokhov 49bb04fd1f vt: keyboard: avoid signed integer overflow in k_ascii 
commit b86dab0540 upstream.

When k_ascii is invoked several times in a row there is a potential for
signed integer overflow:

UBSAN: Undefined behaviour in drivers/tty/vt/keyboard.c:888:19 signed integer overflow:
10 * 1111111111 cannot be represented in type 'int'
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.11 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xce/0x128 lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x30 lib/ubsan.c:154
 handle_overflow+0xdc/0xf0 lib/ubsan.c:184
 __ubsan_handle_mul_overflow+0x2a/0x40 lib/ubsan.c:205
 k_ascii+0xbf/0xd0 drivers/tty/vt/keyboard.c:888
 kbd_keycode drivers/tty/vt/keyboard.c:1477 [inline]
 kbd_event+0x888/0x3be0 drivers/tty/vt/keyboard.c:1495

While it can be worked around by using check_mul_overflow()/
check_add_overflow(), it is better to introduce a separate flag to
signal that number pad is being used to compose a symbol, and
change type of the accumulator from signed to unsigned, thus
avoiding undefined behavior when it overflows.

Reported-by: Kyungtae Kim <kt0755@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200525232740.GA262061@dtor-ws
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-05-15 17:31:30 +09:00
..
accessibility
acpi
Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
2023-05-15 17:26:56 +09:00
amba
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
2018-05-01 15:13:08 -07:00
amlogic
tee: disable by default
2023-05-12 16:27:16 +09:00
android
Android Binder: Sync code with branch upstream-linux-4.9.y
2023-05-15 17:13:36 +09:00
ata
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
2023-05-15 17:15:00 +09:00
atm
atm: eni: fix uninitialized variable warning
2023-05-15 16:54:12 +09:00
auxdisplay
auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
2018-02-13 12:35:55 +01:00
base
component: Silence bind error on -EPROBE_DEFER
2023-05-15 17:28:39 +09:00
bcma
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
2023-05-15 16:46:34 +09:00
block
virtio-blk: fix hw_queue stopped on arbitrary error
2023-05-15 17:09:22 +09:00
bluetooth
Bluetooth: btusb: fix PM leak in error case of setup
2023-05-15 16:30:44 +09:00
bus
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
2023-05-15 17:13:43 +09:00
cdrom
cdrom: respect device capabilities during opening action
2023-05-15 16:21:24 +09:00
char
tpm/tpm_tis: Free IRQ if probing fails
2023-05-15 17:23:32 +09:00
clk
clk: tegra: Fix Tegra PMC clock out parents
2023-05-15 17:16:04 +09:00
clocksource
clocksource/drivers/exynos_mct: Fix error path in timer resources initialization
2023-05-15 16:44:14 +09:00
connector
cpufreq
cpufreq: powernv: Fix use-after-free
2023-05-15 17:14:58 +09:00
cpuidle
cpuidle: Do not unset the driver if it is there already
2023-05-15 16:16:30 +09:00
crypto
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
2023-05-15 17:22:28 +09:00
dax
device-dax: implement ->split() to catch invalid munmap attempts
2018-02-28 10:18:33 +01:00
dca
devfreq
PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
2023-05-15 16:58:51 +09:00
dio
dma
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
2023-05-15 17:29:17 +09:00
dma-buf
dma-buf: Fix memory leak in sync_file_merge()
2023-05-15 16:17:55 +09:00
edac
EDAC/ghes: Fix grain calculation
2023-05-15 16:19:29 +09:00
eisa
extcon
extcon: sm5502: Reset registers during initialization
2023-05-15 16:18:43 +09:00
firewire
net: add annotations on hh->hh_len lockless accesses
2023-05-15 16:31:00 +09:00
firmware
efi: Add a sanity check to efivar_store_raw()
2023-05-15 17:09:42 +09:00
fmc
fpga
gpio
gpio: tegra: mask GPIO IRQs during IRQ shutdown
2023-05-15 17:29:54 +09:00
gpu
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
2023-05-15 17:27:40 +09:00
hardkernel
ODROID-G12: Make hid-multitouch and dwav-usb-mt driver as mouldes.
2022-03-15 09:20:56 +09:00
hid
HID: i2c-hid: add Schneider SCL142ALM to descriptor override
2023-05-15 17:31:08 +09:00
hsi
HSI: ssi_protocol: double free in ssip_pn_xmit()
2018-03-24 11:00:12 +01:00
hv
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
2023-05-15 10:45:29 +09:00
hwmon
hwmon: (jc42) Fix name to have no illegal characters
2023-05-15 17:24:21 +09:00
hwspinlock
hwtracing
intel_th: Fix user-visible error codes
2023-05-15 17:11:00 +09:00
i2c
i2c: dev: Fix the race between the release of i2c_dev and cdev
2023-05-15 17:28:45 +09:00
ide
ide: serverworks: potential overflow in svwks_set_pio_mode()
2023-05-15 16:59:25 +09:00
idle
x86/cpu: Sanitize FAM6_ATOM naming
2023-05-15 12:46:28 +09:00
iio
iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
2023-05-15 17:29:31 +09:00
infiniband
IB/qib: Call kobject_put() when kobject_init_and_add() fails
2023-05-15 17:30:07 +09:00
input
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
2023-05-15 17:30:05 +09:00
iommu
iommu: Fix reference count leak in iommu_group_alloc.
2023-05-15 17:30:21 +09:00
ipack
irqchip
irqchip/versatile-fpga: Apply clear-mask earlier
2023-05-15 17:14:23 +09:00
isdn
staging: gigaset: add endpoint-type sanity check
2023-05-15 16:15:52 +09:00
leds
leds: leds-lp5562 allow firmware files up to the maximum length
2023-05-15 14:32:51 +09:00
lguest
lightnvm
macintosh
macintosh/windfarm_smu_sat: Fix debug output
2023-05-15 15:17:44 +09:00
mailbox
mailbox: handle failed named mailbox channel request
2023-05-15 14:08:07 +09:00
mcb
MCB: add support for SC31 to mcb-lpc
2017-09-09 17:39:41 +02:00
md
dm verity fec: fix hash block number in verity_fec_decode
2023-05-15 17:24:43 +09:00
media
media: ti-vpe: cal: fix disable_irqs to only the intended target
2023-05-15 17:14:17 +09:00
memory
memory: tegra: Fix integer overflow on tick value calculation
2023-05-15 12:52:51 +09:00
memstick
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
2023-05-15 14:51:01 +09:00
message
scsi: mptfusion: Fix double fetch bug in ioctl
2023-05-15 16:35:04 +09:00
mfd
mfd: dln2: Fix sanity checking for endpoints
2023-05-15 17:15:11 +09:00
misc
mei: release me_cl object reference
2023-05-15 17:29:32 +09:00
mmc
mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
2023-05-15 17:10:56 +09:00
mtd
mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
2023-05-15 17:24:06 +09:00
net
net: usb: qmi_wwan: add Telit LE910C1-EUX composition
2023-05-15 17:31:21 +09:00
nfc
NFC: st21nfca: add missed kfree_skb() in an error path
2023-05-15 17:31:22 +09:00
ntb
ntb: intel: fix return value for ndev_vec_mask()
2023-05-15 15:18:34 +09:00
nubus
nvdimm
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
2023-05-15 17:29:23 +09:00
nvme
nvme: retain split access workaround for capability reads
2023-05-15 16:46:52 +09:00
nvmem
nvmem: core: return error code instead of NULL from nvmem_device_get
2023-05-15 15:08:54 +09:00
of
of: unittest: kmemleak in of_unittest_platform_populate()
2023-05-15 17:16:01 +09:00
oprofile
parisc
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
2023-05-15 14:34:33 +09:00
parport
parport: load lowlevel driver if ports not found
2023-05-15 16:19:36 +09:00
pci
PCI/ASPM: Allow re-enabling Clock PM
2023-05-15 17:22:47 +09:00
pcmcia
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
2023-05-15 09:18:55 +09:00
perf
drivers/perf: arm_pmu: Fix failure path in PM notifier
2023-05-15 14:09:37 +09:00
phy
phy: phy-twl4030-usb: fix denied runtime access
2023-05-15 15:10:20 +09:00
pinctrl
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
2023-05-15 17:27:42 +09:00
platform
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
2023-05-15 17:29:22 +09:00
pnp
power
power: supply: bq27xxx_battery: Silence deferred-probe error
2023-05-15 17:16:03 +09:00
powercap
x86/cpu: Sanitize FAM6_ATOM naming
2023-05-15 12:46:28 +09:00
pps
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
2023-05-15 14:08:51 +09:00
ps3
ptp
ptp: free ptp device pin descriptors properly
2023-05-15 17:27:25 +09:00
pwm
pwm: bcm2835: Dynamically allocate base
2023-05-15 17:22:46 +09:00
rapidio
rapidio: fix an error in get_user_pages_fast() error handling
2023-05-15 17:29:33 +09:00
ras
regulator
regulator: rk808: Lower log level on optional GPIOs being not available
2023-05-15 16:58:29 +09:00
remoteproc
remoteproc: Fix wrong rvring index computation
2023-05-15 17:23:50 +09:00
reset
reset: Fix potential use-after-free in __of_reset_control_get()
2023-05-15 15:12:21 +09:00
rpmsg
rpmsg: smd: fix memory leak on channel create
2023-05-15 09:23:11 +09:00
rtc
rtc: pm8xxx: Fix issue in RTC write path
2023-05-15 17:15:54 +09:00
s390
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
2023-05-15 17:30:49 +09:00
sbus
drivers/sbus/char: add of_node_put()
2023-05-15 10:37:00 +09:00
scsi
scsi: ufs: Release clock if DMA map fails
2023-05-15 17:31:16 +09:00
sfi
sh
sn
soc
soc: qcom: smem: Use le32_to_cpu for comparison
2023-05-15 17:15:58 +09:00
spi
spi: dw: use "smp_mb()" to avoid sending spi data error
2023-05-15 17:30:55 +09:00
spmi
spmi: Include OF based modalias in device uevent
2017-07-27 15:08:08 -07:00
ssb
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
2023-05-15 12:59:29 +09:00
staging
iio: sca3000: Remove an erroneous 'get_device()'
2023-05-15 17:29:34 +09:00
target
scsi: target: fix PR IN / READ FULL STATUS for FC
2023-05-15 17:24:14 +09:00
tc
TC: Set DMA masks for devices
2023-05-15 09:23:01 +09:00
tee
Amlogic: sync the code from mainline. [1/1]
2020-02-04 13:48:58 +09:00
thermal
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
2023-05-15 16:45:24 +09:00
thunderbolt
thunderbolt: Use 32-bit writes when writing ring producer/consumer
2023-05-15 14:55:28 +09:00
tty
vt: keyboard: avoid signed integer overflow in k_ascii
2023-05-15 17:31:30 +09:00
uio
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
2023-05-15 16:58:17 +09:00
usb
usb: musb: Fix runtime PM imbalance on error
2023-05-15 17:31:29 +09:00
uwb
uwb: hwa-rc: fix memory leak at probe
2023-05-15 08:28:33 +09:00
vfio
vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
2023-05-15 17:24:45 +09:00
vhost
vhost: vsock: kick send_pkt worker once device is started
2023-05-15 17:25:24 +09:00
video
fbdev: potential information leak in do_fb_ioctl()
2023-05-15 17:16:20 +09:00
virt
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
2023-05-15 12:50:46 +09:00
virtio
virtio-balloon: fix managed page counts when migrating pages between zones
2023-05-15 16:16:07 +09:00
vlynq
vme
vme: bridges: reduce stack usage
2023-05-15 16:59:11 +09:00
w1
w1: fix the resume command API
2023-05-15 13:00:07 +09:00
watchdog
watchdog: Fix the race between the release of watchdog_core_data and cdev
2023-05-15 17:28:52 +09:00
xen
xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
2023-05-15 17:24:18 +09:00
zorro
zorro: Set up z->dev.dma_mask for the DMA API
2018-05-30 07:50:44 +02:00
Kconfig
ODROID: sysfs: Add poweroff_trigger sysfs node.
2019-12-11 18:21:09 +09:00
Makefile
ODROID: sysfs: Add poweroff_trigger sysfs node.
2019-12-11 18:21:09 +09:00