shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-31 10:13:04 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4
linux/drivers
History
Chun-Yi Lee 7dd09fa80b aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts 
[ Upstream commit f98364e926626c678fb4b9004b75cacf92ff0662 ]

This patch is against CVE-2023-6270. The description of cve is:

  A flaw was found in the ATA over Ethernet (AoE) driver in the Linux
  kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on
  `struct net_device`, and a use-after-free can be triggered by racing
  between the free on the struct and the access through the `skbtxq`
  global queue. This could lead to a denial of service condition or
  potential code execution.

In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial
code is finished. But the net_device ifp will still be used in
later tx()->dev_queue_xmit() in kthread. Which means that the
dev_put(ifp) should NOT be called in the success path of skb
initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into
use-after-free because the net_device is freed.

This patch removed the dev_put(ifp) in the success path in
aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().

Link: https://nvd.nist.gov/vuln/detail/CVE-2023-6270
Fixes: 7562f876cd ("[NET]: Rework dev_base via list_head (v3)")
Signed-off-by: Chun-Yi Lee <jlee@suse.com>
Link: https://lore.kernel.org/r/20240305082048.25526-1-jlee@suse.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-03-26 18:21:15 -04:00
..
accessibility
tty: fix possible null-ptr-defer in spk_ttyio_release
2023-01-24 07:22:46 +01:00
acpi
ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
2024-03-01 13:21:56 +01:00
amba
amba: bus: fix refcount leak
2023-09-19 12:22:47 +02:00
android
binder: signal epoll threads of self-work
2024-02-23 08:55:06 +01:00
ata
ata: ahci_ceva: fix error handling for Xilinx GT PHY support
2024-03-01 13:21:58 +01:00
atm
atm: idt77252: fix a memleak in open_card_ubr0
2024-02-23 08:54:57 +01:00
auxdisplay
auxdisplay: hd44780: Fix potential memory leak in hd44780_remove()
2023-03-11 13:57:22 +01:00
base
regmap: Add bulk read/write callbacks into regmap_config
2024-03-15 10:48:23 -04:00
bcma
block
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
2024-03-26 18:21:15 -04:00
bluetooth
Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
2024-02-23 08:54:45 +01:00
bus
bus: moxtet: Add spi device table
2024-02-23 08:55:10 +01:00
cdrom
char
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
2024-02-23 08:54:24 +01:00
clk
clk: imx8mp: add clkout1/2 support
2024-03-01 13:21:53 +01:00
clocksource
clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
2023-11-28 16:56:15 +00:00
comedi
comedi: adv_pci1760: Fix PWM instruction handling
2023-01-24 07:22:45 +01:00
connector
counter
counter: microchip-tcb-capture: Fix the use of internal GCLK logic
2023-10-19 23:05:37 +02:00
cpufreq
cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back
2024-03-06 14:38:45 +00:00
cpuidle
powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT
2023-09-19 12:22:42 +02:00
crypto
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
2024-02-23 08:55:08 +01:00
cxl
cxl/mem: Fix shutdown order
2023-11-20 11:08:27 +01:00
dax
dax/kmem: Pass valid argument to memory_group_register_static
2023-07-23 13:47:17 +02:00
dca
devfreq
PM / devfreq: Synchronize devfreq_monitor_[start/stop]
2024-02-23 08:54:38 +01:00
dio
drivers: dio: fix possible memory leak in dio_init()
2022-12-31 13:14:27 +01:00
dma
dmaengine: fsl-qdma: init irq after reg initialization
2024-03-06 14:38:48 +00:00
dma-buf
dma-buf: add dma_fence_timestamp helper
2024-02-23 08:55:10 +01:00
edac
EDAC/thunderx: Fix possible out-of-bounds string access
2024-01-25 14:52:32 -08:00
eisa
extcon
extcon: usbc-tusb320: Convert to i2c's .probe_new()
2023-07-23 13:47:31 +02:00
firewire
firewire: core: use long bus reset on gap count error
2024-03-26 18:21:13 -04:00
firmware
efi/capsule-loader: fix incorrect allocation size
2024-03-06 14:38:48 +00:00
fpga
fpga: bridge: fix kernel-doc parameter description
2023-05-11 23:00:31 +09:00
fsi
fsi: aspeed: Reset master errors after CFAM reset
2023-09-19 12:22:46 +02:00
gnss
gpio
gpio: fix resource unwinding order in error path
2024-03-06 14:38:50 +00:00
gpu
drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series
2024-03-26 18:21:13 -04:00
greybus
hid
HID: multitouch: Add required quirk for Synaptics 0xcddc device
2024-03-26 18:21:12 -04:00
hsi
HSI: omap_ssi_core: Fix error handling in ssi_init()
2022-12-31 13:14:32 +01:00
hv
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
2023-06-28 10:29:42 +02:00
hwmon
hwmon: (coretemp) Enlarge per package core count limit
2024-03-01 13:21:47 +01:00
hwspinlock
hwspinlock: qcom: correct MMIO max register for newer SoCs
2022-11-16 09:58:13 +01:00
hwtracing
coresight: etm4x: Fix width of CCITMIN field
2024-01-25 14:52:32 -08:00
i2c
i2c: imx: when being a target, mark the last read as processed
2024-03-01 13:22:00 +01:00
i3c
i3c: master: cdns: Update maximum prescaler value for i2c clock
2024-02-23 08:54:50 +01:00
idle
intel_idle: Disable IBRS during long idle
2022-07-23 12:54:04 +02:00
iio
iio: accel: bma400: Fix a compilation problem
2024-02-23 08:55:07 +01:00
infiniband
RDMA/mlx5: Relax DEVX access upon modify commands
2024-03-26 18:21:12 -04:00
input
Input: gpio_keys_polled - suppress deferred probe error for gpio
2024-03-26 18:21:13 -04:00
interconnect
Revert "interconnect: Teach lockdep about icc_bw_lock order"
2024-03-06 14:38:50 +00:00
iommu
iommu/dma: Trace bounce buffer usage when mapping buffers
2024-01-25 14:52:49 -08:00
ipack
irqchip
irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
2024-02-23 08:55:09 +01:00
isdn
mISDN: Update parameter type of dsp_cmx_send()
2023-08-16 18:22:01 +02:00
leds
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
2024-02-23 08:54:49 +01:00
macintosh
macintosh: via-pmu-led: requires ATA to be set
2023-05-11 23:00:34 +09:00
mailbox
mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt
2024-02-23 08:54:50 +01:00
mcb
mcb: fix error handling for different scenarios when parsing
2023-11-28 16:56:31 +00:00
md
md: Don't clear MD_CLOSING when the raid is about to stop
2024-03-26 18:21:15 -04:00
media
media: Revert "media: rkisp1: Drop IRQF_SHARED"
2024-02-23 08:55:16 +01:00
memory
memory: brcmstb_dpfe: fix testing array offset after use
2023-07-23 13:47:03 +02:00
memstick
memstick r592: make memstick_debug_get_tpc_name() static
2023-07-23 13:46:52 +02:00
message
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
2023-05-24 17:36:45 +01:00
mfd
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
2024-02-23 08:54:50 +01:00
misc
misc: fastrpc: Mark all sessions as invalid in cb_remove
2024-02-23 08:55:06 +01:00
mmc
mmc: mmci: stm32: fix DMA API overlapping mappings warning
2024-03-15 10:48:13 -04:00
most
mtd
mtd: spinand: gigadevice: Fix the get ecc status issue
2024-03-06 14:38:45 +00:00
mux
net
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
2024-03-15 10:48:21 -04:00
nfc
nfcsim.c: Fix error checking for debugfs_create_dir
2023-06-28 10:29:51 +02:00
ntb
ntb: Fix calculation ntb_transport_tx_free_entry()
2023-09-19 12:22:51 +02:00
nubus
nubus: Partially revert proc_create_single_data() conversion
2023-07-05 18:25:05 +01:00
nvdimm
nd_btt: Make BTT lanes preemptible
2023-11-20 11:08:22 +01:00
nvme
nvmet-fc: take ref count on tgtport before delete assoc
2024-03-01 13:21:46 +01:00
nvmem
nvmem: imx: correct nregs for i.MX6UL
2023-11-08 17:26:41 +01:00
of
of: property: fix typo in io-channels
2024-02-23 08:55:10 +01:00
opp
OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd()
2023-09-19 12:22:31 +02:00
parisc
parisc: iosapic.c: Fix sparse warnings
2023-10-06 13:18:15 +02:00
parport
parport: parport_serial: Add Brainboxes device IDs and geometry
2024-01-25 14:52:31 -08:00
pci
PCI/MSI: Prevent MSI hardware interrupt number truncation
2024-03-01 13:21:48 +01:00
pcmcia
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
2023-11-20 11:08:27 +01:00
perf
perf: hisi: Fix use-after-free when register pmu fails
2023-11-20 11:08:21 +01:00
phy
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
2024-02-23 08:54:56 +01:00
pinctrl
pinctrl: lochnagar: Don't build on MIPS
2024-01-25 14:52:27 -08:00
platform
platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names
2024-03-01 13:21:48 +01:00
pnp
PNP: ACPI: fix fortify warning
2024-02-23 08:54:38 +01:00
power
power: supply: bq27xxx-i2c: Do not free non existing IRQ
2024-03-06 14:38:48 +00:00
powercap
powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
2023-07-23 13:46:46 +02:00
pps
pps: clients: gpio: Propagate return value from pps_gpio_probe
2022-04-08 14:23:44 +02:00
ps3
ptp
ptp: annotate data-race around q->head and q->tail
2023-11-28 16:56:23 +00:00
pwm
pwm: jz4740: Don't use dev_err_probe() in .request()
2024-01-25 14:52:48 -08:00
rapidio
rapidio: devices: fix missing put_device in mport_cdev_open
2022-12-31 13:14:05 +01:00
ras
regulator
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
2024-03-01 13:21:45 +01:00
remoteproc
remoteproc: stm32_rproc: Add mutex protection for workqueue
2023-05-24 17:36:44 +01:00
reset
reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
2024-01-25 14:52:30 -08:00
rpmsg
rpmsg: virtio: Free driver_override when rpmsg_remove()
2024-02-23 08:54:24 +01:00
rtc
rtc: test: Fix invalid format specifier.
2024-03-26 18:21:15 -04:00
s390
s390/dasd: fix double module refcount decrement
2024-03-26 18:21:14 -04:00
sbus
scsi
scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
2024-03-26 18:21:13 -04:00
sh
genirq: Add and use an irq_data_update_affinity helper
2023-03-11 13:57:31 +01:00
siox
siox: fix possible memory leak in siox_device_add()
2022-11-26 09:24:36 +01:00
slimbus
slimbus: stream: correct presence rate frequencies
2022-11-26 09:24:44 +01:00
soc
pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
2024-03-06 14:38:49 +00:00
soundwire
soundwire: stream: fix NULL pointer dereference for multi_link
2023-12-20 15:17:41 +01:00
spi
spi: sh-msiof: avoid integer overflow in constants
2024-03-01 13:21:45 +01:00
spmi
spmi: Add a check for remove callback when removing a SPMI driver
2023-05-11 23:00:34 +09:00
ssb
staging
staging: fbtft: core: set smem_len before fb_deferred_io_init call
2024-02-23 08:55:15 +01:00
target
scsi: target: core: Add TMF to tmr_list handling
2024-03-01 13:21:43 +01:00
tc
tee
tee: optee: Fix supplicant based device enumeration
2023-12-13 18:36:38 +01:00
thermal
thermal: core: prevent potential string overflow
2023-11-20 11:08:15 +01:00
thunderbolt
thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding
2023-10-19 23:05:36 +02:00
tty
serial: max310x: fix IO data corruption in batched operations
2024-03-15 10:48:24 -04:00
uio
uio: Fix use-after-free in uio_open
2024-01-25 14:52:31 -08:00
usb
xhci: handle isoc Babble and Buffer Overrun events properly
2024-03-15 10:48:20 -04:00
vdpa
vdpa/mlx5: Don't clear mr struct on destroy MR
2024-03-01 13:21:51 +01:00
vfio
vfio/type1: fix cap_migration information leak
2023-09-19 12:22:41 +02:00
vhost
vhost: use kzalloc() instead of kmalloc() followed by memset()
2024-02-23 08:55:00 +01:00
video
fbcon: always restore the old font data in fbcon_do_set_font()
2024-03-06 14:38:48 +00:00
virt
vboxguest: Do not use devm for irq
2022-08-25 11:40:33 +02:00
virtio
virtio-mmio: fix memory leak of vm_dev
2023-11-08 17:26:36 +01:00
visorbus
vlynq
vme
vme: Fix error not catched in fake_init()
2022-12-31 13:14:30 +01:00
w1
w1: fix loop in w1_fini()
2023-07-23 13:47:20 +02:00
watchdog
watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
2024-02-23 08:54:49 +01:00
xen
xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
2024-02-23 08:54:50 +01:00
zorro
Kconfig
Makefile