shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-08 22:23:19 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
59153e6589366f09eb42b92c8bc8c2fce72fe8fe
linux/drivers
History
Michal Kazior 59153e6589 ath10k: fix null deref on wmi-tlv when trying spectral scan 
commit 18ae68fff3 upstream.

WMI ops wrappers did not properly check for null
function pointers for spectral scan. This caused
null dereference crash with WMI-TLV based firmware
which doesn't implement spectral scan.

The crash could be triggered with:

  ip link set dev wlan0 up
  echo background > /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan_ctl

The crash looked like this:

  [  168.031989] BUG: unable to handle kernel NULL pointer dereference at           (null)
  [  168.037406] IP: [<          (null)>]           (null)
  [  168.040395] PGD cdd4067 PUD fa0f067 PMD 0
  [  168.043303] Oops: 0010 [#1] SMP
  [  168.045377] Modules linked in: ath10k_pci(O) ath10k_core(O) ath mac80211 cfg80211 [last unloaded: cfg80211]
  [  168.051560] CPU: 1 PID: 1380 Comm: bash Tainted: G        W  O    4.8.0 #78
  [  168.054336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
  [  168.059183] task: ffff88000c460c00 task.stack: ffff88000d4bc000
  [  168.061736] RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
  ...
  [  168.100620] Call Trace:
  [  168.101910]  [<ffffffffa03b9566>] ? ath10k_spectral_scan_config+0x96/0x200 [ath10k_core]
  [  168.104871]  [<ffffffff811386e2>] ? filemap_fault+0xb2/0x4a0
  [  168.106696]  [<ffffffffa03b97e6>] write_file_spec_scan_ctl+0x116/0x280 [ath10k_core]
  [  168.109618]  [<ffffffff812da3a1>] full_proxy_write+0x51/0x80
  [  168.111443]  [<ffffffff811957b8>] __vfs_write+0x28/0x120
  [  168.113090]  [<ffffffff812f1a2d>] ? security_file_permission+0x3d/0xc0
  [  168.114932]  [<ffffffff8109b912>] ? percpu_down_read+0x12/0x60
  [  168.116680]  [<ffffffff811965f8>] vfs_write+0xb8/0x1a0
  [  168.118293]  [<ffffffff81197966>] SyS_write+0x46/0xa0
  [  168.119912]  [<ffffffff818f2972>] entry_SYSCALL_64_fastpath+0x1a/0xa4
  [  168.121737] Code:  Bad RIP value.
  [  168.123318] RIP  [<          (null)>]           (null)

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-08-06 18:59:42 -07:00
..
accessibility
acpi
acpi/nfit: Fix memory corruption/Unregister mce decoder on failure
2017-07-27 15:08:07 -07:00
amba
android
ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct
2016-10-24 19:37:48 +02:00
ata
ahci: Acer SA5-271 SSD Not Detected Fix
2017-06-14 15:06:00 +02:00
atm
atm: fix improper return value
2016-12-05 14:53:46 -05:00
auxdisplay
auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches
2017-03-30 09:41:27 +02:00
base
PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present
2017-07-27 15:08:08 -07:00
bcma
bcma: use (get|put)_device when probing/removing device driver
2017-03-12 06:41:52 +01:00
block
xen/blkback: don't free be structure too early
2017-07-05 14:40:20 +02:00
bluetooth
Bluetooth: hci_intel: add missing tty-device sanity check
2017-05-20 14:28:41 +02:00
bus
bus: vexpress-config: fix device reference leak
2017-01-19 20:18:07 +01:00
cdrom
char
ipmi:ssif: Add missing unlock in error branch
2017-07-27 15:08:02 -07:00
clk
clk: scpi: don't add cpufreq device if the scpi dvfs node is disabled
2017-07-05 14:40:30 +02:00
clocksource
clocksource/drivers/arm_arch_timer: Don't assume clock runs in suspend
2017-04-12 12:41:16 +02:00
connector
cpufreq
cpufreq: s3c2416: double free on driver init error path
2017-07-05 14:40:30 +02:00
cpuidle
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2016-10-15 09:26:12 -07:00
crypto
crypto: caam - fix signals handling
2017-07-21 07:42:23 +02:00
dax
device-dax: fix cdev leak
2017-05-20 14:28:41 +02:00
dca
devfreq
PM / devfreq: Fix wrong trans_stat of passive devfreq device
2017-03-12 06:41:44 +01:00
dio
dma
dmaengine: bcm2835: Fix cyclic DMA period splitting
2017-06-29 13:00:31 +02:00
dma-buf
dma-buf: add support for compat ioctl
2017-04-18 07:11:50 +02:00
edac
Merge tag 'edac_for_4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp
2016-10-04 12:06:26 -07:00
eisa
extcon
extcon: return error code on failure
2017-01-19 20:18:03 +01:00
firewire
firewire: net: fix fragmented datagram_size off-by-one
2016-11-03 14:46:39 +01:00
firmware
efi/libstub: Skip GOP with PIXEL_BLT_ONLY format
2017-04-21 09:31:20 +02:00
fmc
fpga
gpio
gpiolib: fix filtering out unwanted events
2017-07-05 14:40:18 +02:00
gpu
drm: rcar-du: Simplify and fix probe error handling
2017-08-06 18:59:41 -07:00
hid
HID: i2c-hid: Add sleep between POWER ON and RESET
2017-07-05 14:40:24 +02:00
hsi
hv
Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
2017-03-30 09:41:27 +02:00
hwmon
hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628
2017-05-14 14:00:13 +02:00
hwspinlock
hwtracing
intel_th: Don't leak module refcount on failure to activate
2017-03-30 09:41:27 +02:00
i2c
i2c: brcmstb: Fix START and STOP conditions
2017-07-05 14:40:30 +02:00
ide
idle
x86/intel_idle: Add CPU model 0x4a (Atom Z34xx series)
2017-04-12 12:41:17 +02:00
iio
iio: imu: inv_mpu6050: add accel lpf setting for chip >= MPU6500
2017-06-24 07:11:17 +02:00
infiniband
mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms[] array
2017-07-27 15:08:07 -07:00
input
Input: i8042 - fix crash at boot time
2017-07-27 15:08:05 -07:00
iommu
iommu/amd: Fix interrupt remapping when disable guest_mode
2017-07-05 14:40:30 +02:00
ipack
ipack: print a hex number after a 0x prefix
2016-10-27 18:43:43 -07:00
irqchip
irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
2017-07-21 07:42:20 +02:00
isdn
isdn/i4l: fix buffer overflow
2017-08-06 18:59:42 -07:00
leds
leds: ktd2692: avoid harmless maybe-uninitialized warning
2017-05-14 14:00:15 +02:00
lguest
lightnvm
Merge branch 'for-4.9/block' of git://git.kernel.dk/linux-block
2016-10-07 14:42:05 -07:00
macintosh
powerpc: Remove all usages of NO_IRQ
2016-09-20 20:57:12 +10:00
mailbox
mailbox: PCC: Fix lockdep warning when request PCC channel
2016-11-14 22:07:38 +01:00
mcb
mcb: Add a dma_device to mcb_device
2016-09-27 12:33:47 +02:00
md
md/raid5: add thread_group worker async_tx_issue_pending_all
2017-08-06 18:59:40 -07:00
media
cx88: Fix regression in initial video standard setting
2017-07-27 15:08:01 -07:00
memory
memory/atmel-ebi: Fix ns <-> cycles conversions
2017-03-15 10:02:45 +08:00
memstick
memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
2016-10-17 15:43:05 +02:00
message
mfd
mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
2017-06-24 07:11:14 +02:00
misc
scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails.
2017-07-27 15:07:59 -07:00
mmc
mmc: sdhci-iproc: suppress spurious interrupt with Multiblock read
2017-06-07 12:07:47 +02:00
mtd
mtd: nand: brcmnand: Check flash #WP pin status before nand erase/program
2017-07-05 14:40:31 +02:00
net
ath10k: fix null deref on wmi-tlv when trying spectral scan
2017-08-06 18:59:42 -07:00
nfc
nfc: fdp: fix NULL pointer dereference
2017-08-06 18:59:42 -07:00
ntb
ntb_transport: Pick an unused queue
2017-02-23 17:44:36 +01:00
nubus
nvdimm
libnvdimm: fix badblock range handling of ARS range
2017-07-27 15:08:02 -07:00
nvme
nvme-rdma: remove race conditions from IB signalling
2017-07-27 15:08:03 -07:00
nvmem
nvmem: core: fix leaks on registration errors
2017-07-21 07:42:22 +02:00
of
of: device: Export of_device_{get_modalias, uvent_modalias} to modules
2017-07-27 15:08:08 -07:00
oprofile
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-10 20:16:43 -07:00
parisc
parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
2017-07-21 07:42:20 +02:00
parport
parisc, parport_gsc: Fixes for printk continuation lines
2017-06-17 06:41:54 +02:00
pci
PCI/PM: Restore the status of PCI devices across hibernation
2017-07-27 15:08:00 -07:00
pcmcia
pcmcia: fix return value of soc_pcmcia_regulator_set
2016-11-11 08:45:08 -08:00
perf
perf: xgene: Remove bogus IS_ERR() check
2016-10-17 15:50:07 +01:00
phy
phy: qcom-usb-hs: Add depends on EXTCON
2017-05-14 14:00:19 +02:00
pinctrl
pinctrl: sh-pfc: Update info pointer after SoC-specific init
2017-07-12 15:01:05 +02:00
platform
platform/x86: ideapad-laptop: handle ACPI event 1
2017-07-05 14:40:23 +02:00
pnp
power
power: supply: bq24190_charger: Handle fault before status on interrupt
2017-05-14 14:00:15 +02:00
powercap
powercap/intel_rapl: fix and tidy up error handling
2017-01-19 20:18:07 +01:00
pps
pps: kc: fix non-tickless system config dependency
2016-10-11 15:06:32 -07:00
ps3
powerpc: Remove all usages of NO_IRQ
2016-09-20 20:57:12 +10:00
ptp
drivers/ptp: Fix kernel memory disclosure
2016-10-13 10:20:06 -04:00
pwm
pwm: rockchip: State of PWM clock should synchronize with PWM enabled state
2017-04-21 09:31:22 +02:00
rapidio
mm: replace get_user_pages() write/force parameters with gup_flags
2016-10-19 08:11:43 -07:00
ras
regulator
regulator: tps65086: Fix DT node referencing in of_parse_cb
2017-07-05 14:40:29 +02:00
remoteproc
remoteproc: qcom: mdt_loader: Don't overwrite firmware object
2017-03-12 06:41:50 +01:00
reset
reset: uniphier: rename MIO reset to SD reset for Pro5, PXs2, LD20 SoCs
2016-10-22 18:31:42 +09:00
rpmsg
rpmsg: virtio_rpmsg_bus: fix channel creation
2017-01-26 08:24:44 +01:00
rtc
rtc: tegra: Implement clock handling
2017-04-21 09:31:24 +02:00
s390
s390/qeth: add missing hash table initializations
2017-06-07 12:07:43 +02:00
sbus
scsi
scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
2017-07-27 15:07:59 -07:00
sfi
sh
sn
soc
soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe()
2017-01-26 08:24:45 +01:00
spi
spi: fix device-node leaks
2017-07-05 14:40:28 +02:00
spmi
spmi: Include OF based modalias in device uevent
2017-07-27 15:08:08 -07:00
ssb
ssb: Fix error routine when fallback SPROM fails
2017-01-09 08:32:16 +01:00
staging
Staging: comedi: comedi_fops: Avoid orphaned proc entry
2017-08-06 18:59:41 -07:00
target
target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
2017-07-27 15:08:06 -07:00
tc
thermal
thermal: cpu_cooling: Avoid accessing potentially freed structures
2017-07-27 15:07:55 -07:00
thunderbolt
tty
vt: fix unchecked __put_user() in tioclinux ioctls
2017-07-21 07:42:22 +02:00
uio
usb
usb: renesas_usbhs: gadget: disable all eps when the driver stops
2017-07-27 15:08:01 -07:00
uwb
uwb: fix device quirk on big-endian hosts
2017-05-25 15:44:46 +02:00
vfio
vfio: New external user group/file match
2017-07-27 15:08:03 -07:00
vhost
vhost/vsock: handle vhost_vq_init_access() error
2017-06-17 06:41:57 +02:00
video
xen, fbfront: fix connecting to backend
2017-04-21 09:31:21 +02:00
virt
mm: replace get_user_pages() write/force parameters with gup_flags
2016-10-19 08:11:43 -07:00
virtio
virtio_balloon: init 1st buffer in stats vq
2017-03-31 10:31:45 +02:00
vlynq
vme
VME: restore bus_remove function causing incomplete module unload
2017-03-12 06:41:50 +01:00
w1
w1: ds2490: USB transfer buffers need to be DMAable
2017-03-12 06:41:48 +01:00
watchdog
watchdog: bcm281xx: Fix use of uninitialized spinlock.
2017-07-05 14:40:28 +02:00
xen
xen/scsiback: Fix a TMR related use-after-free
2017-07-27 15:07:59 -07:00
zorro
Kconfig
Makefile
usb: Make sure usb/phy/of gets built-in
2017-05-20 14:28:35 +02:00