shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-08 03:40:35 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
a69af5baed80d918bcc10f7b0a86069558ae642e
linux/drivers
History
Alexander Sverdlin cfaf010cf3 mtd: spi-nor: Don't copy self-pointing struct around 
commit 69a8eed58c upstream.

spi_nor_parse_sfdp() modifies the passed structure so that it points to
itself (params.erase_map.regions to params.erase_map.uniform_region). This
makes it impossible to copy the local struct anywhere else.

Therefore only use memcpy() in backup-restore scenario. The bug may show up
like below:

BUG: unable to handle page fault for address: ffffc90000b377f8
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 4 PID: 3500 Comm: flashcp Tainted: G           O      5.4.53-... #1
...
RIP: 0010:spi_nor_erase+0x8e/0x5c0
Code: 64 24 18 89 db 4d 8b b5 d0 04 00 00 4c 89 64 24 18 4c 89 64 24 20 eb 12 a8 10 0f 85 59 02 00 00 49 83 c6 10 0f 84 4f 02 00 00 <49> 8b 06 48 89 c2 48 83 e2 c0 48 89 d1 49 03 4e 08 48 39 cb 73 d8
RSP: 0018:ffffc9000217fc48 EFLAGS: 00010206
RAX: 0000000000740000 RBX: 0000000000000000 RCX: 0000000000740000
RDX: ffff8884550c9980 RSI: ffff88844f9c0bc0 RDI: ffff88844ede7bb8
RBP: 0000000000740000 R08: ffffffff815bfbe0 R09: ffff88844f9c0bc0
R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000217fc60
R13: ffff88844ede7818 R14: ffffc90000b377f8 R15: 0000000000000000
FS:  00007f4699780500(0000) GS:ffff88846ff00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90000b377f8 CR3: 00000004538ee000 CR4: 0000000000340fe0
Call Trace:
 part_erase+0x27/0x50
 mtdchar_ioctl+0x831/0xba0
 ? filemap_map_pages+0x186/0x3d0
 ? do_filp_open+0xad/0x110
 ? _copy_to_user+0x22/0x30
 ? cp_new_stat+0x150/0x180
 mtdchar_unlocked_ioctl+0x2a/0x40
 do_vfs_ioctl+0xa0/0x630
 ? __do_sys_newfstat+0x3c/0x60
 ksys_ioctl+0x70/0x80
 __x64_sys_ioctl+0x16/0x20
 do_syscall_64+0x6a/0x200
 ? prepare_exit_to_usermode+0x50/0xd0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f46996b6817

Cc: stable@vger.kernel.org
Fixes: c46872170a ("mtd: spi-nor: Move erase_map to 'struct spi_nor_flash_parameter'")
Co-developed-by: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>
Signed-off-by: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nokia.com>
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Tested-by: Baurzhan Ismagulov <ibr@radix50.net>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20201005084803.23460-1-alexander.sverdlin@nokia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-11-10 12:37:28 +01:00
..
accessibility
acpi
ACPI: EC: PM: Drop ec_no_wakeup check from acpi_ec_dispatch_gpe()
2020-11-05 11:43:25 +01:00
amba
android
binder: Remove bogus warning on failed same-process transaction
2020-10-29 09:57:37 +01:00
ata
ata: sata_nv: Fix retrieving of active qcs
2020-11-05 11:43:12 +01:00
atm
atm: eni: fix the missed pci_disable_device() for eni_init_one()
2020-10-01 13:18:17 +02:00
auxdisplay
base
device property: Don't clear secondary pointer for shared primary firmware node
2020-11-05 11:43:37 +01:00
bcma
block
nbd: make the config put is called before the notifying the waiter
2020-11-05 11:43:22 +01:00
bluetooth
Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb
2020-10-29 09:58:08 +01:00
bus
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
2020-11-05 11:43:19 +01:00
cdrom
char
ipmi_si: Fix wrong return value in try_smi_init()
2020-10-29 09:57:44 +01:00
clk
clk: ti: clockdomain: fix static checker warning
2020-11-05 11:43:20 +01:00
clocksource
clocksource/drivers/timer-gx6605s: Fixup counter reload
2020-10-07 08:01:25 +02:00
connector
counter
counter: 104-quad-8: Add lock guards - generic interface
2020-05-02 08:48:44 +02:00
cpufreq
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
2020-11-05 11:43:25 +01:00
cpuidle
cpuidle: Fixup IRQ state
2020-09-09 19:12:21 +02:00
crypto
chelsio/chtls: fix always leaking ctrl_skb
2020-11-10 12:37:25 +01:00
dax
dax: Fix alloc_dax_region() compile warning
2020-10-01 13:17:15 +02:00
dca
devfreq
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
2020-10-01 13:17:14 +02:00
dio
dma
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
2020-11-05 11:43:29 +01:00
dma-buf
dmabuf: fix NULL pointer dereference in dma_buf_release()
2020-10-01 13:18:24 +02:00
edac
EDAC/ti: Fix handling of platform_get_irq() error
2020-10-29 09:57:29 +01:00
eisa
extcon
extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips
2020-11-05 11:43:24 +01:00
firewire
firmware
firmware: arm_scmi: Add missing Rx size re-initialisation
2020-11-05 11:43:12 +01:00
fpga
fpga: dfl: fix bug in port reset handshake
2020-07-29 10:18:31 +02:00
fsi
gnss
gnss: sirf: fix error return code in sirf_probe()
2020-06-22 09:31:20 +02:00
gpio
gpio: aspeed: fix ast2600 bank properties
2020-10-07 08:01:29 +02:00
gpu
drm/i915: Drop runtime-pm assert from vgpu io accessors
2020-11-10 12:37:23 +01:00
greybus
hid
HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
2020-11-05 11:43:29 +01:00
hsi
hv
Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload
2020-09-23 12:40:40 +02:00
hwmon
hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
2020-10-29 09:57:32 +01:00
hwspinlock
hwtracing
coresight: Make sysfs functional on topologies with per core sink
2020-11-05 11:43:18 +01:00
i2c
i2c: imx: Fix external abort on interrupt in exit paths
2020-11-05 11:43:33 +01:00
i3c
i3c: master: Fix error return in cdns_i3c_master_probe()
2020-10-29 09:57:51 +01:00
ide
idle
iio
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
2020-11-05 11:43:30 +01:00
infiniband
RDMA/qedr: Fix memory leak in iWARP CM
2020-11-05 11:43:12 +01:00
input
hil/parisc: Disable HIL driver when it gets stuck
2020-11-05 11:43:36 +01:00
interconnect
iommu
iommu/vt-d: Fix lockdep splat in iommu_flush_dev_iotlb()
2020-10-14 10:33:02 +02:00
ipack
ipack: tpci200: fix error return code in tpci200_register()
2020-05-27 17:46:47 +02:00
irqchip
irqchip/stm32-exti: Avoid losing interrupts due to clearing pending bits by mistake
2020-09-03 11:27:06 +02:00
isdn
leds
leds: bcm6328, bcm6358: use devres LED registering function
2020-11-05 11:43:24 +01:00
lightnvm
lightnvm: fix out-of-bounds write to array devices->info[]
2020-10-29 09:58:00 +01:00
macintosh
macintosh/via-macii: Access autopoll_devs when inside lock
2020-08-19 08:16:15 +02:00
mailbox
mailbox: avoid timer start from callback
2020-10-29 09:57:53 +01:00
mcb
md
md/raid5: fix oops during stripe resizing
2020-11-05 11:43:22 +01:00
media
media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect
2020-11-05 11:43:24 +01:00
memory
memory: emif: Remove bogus debugfs error handling
2020-11-05 11:43:21 +01:00
memstick
memstick: Skip allocating card when removing host
2020-10-07 08:01:25 +02:00
message
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
2020-11-05 11:43:25 +01:00
mfd
mfd: sm501: Fix leaks in probe()
2020-10-29 09:57:43 +01:00
misc
misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp()
2020-11-01 12:01:06 +01:00
mmc
mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true
2020-11-05 11:43:36 +01:00
mtd
mtd: spi-nor: Don't copy self-pointing struct around
2020-11-10 12:37:28 +01:00
mux
net
sfp: Fix error handing in sfp_probe()
2020-11-10 12:37:26 +01:00
nfc
NFC: st95hf: Fix memleak in st95hf_in_send_cmd
2020-09-17 13:47:45 +02:00
ntb
NTB: hw: amd: fix an issue about leak system resources
2020-10-29 09:58:00 +01:00
nubus
nvdimm
libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr
2020-08-21 13:05:35 +02:00
nvme
nvme-rdma: fix crash when connect rejected
2020-11-05 11:43:22 +01:00
nvmem
nvmem: core: fix possibly memleak when use nvmem_cell_info_to_nvmem_cell()
2020-10-29 09:57:42 +01:00
of
of: of_mdio: Correct loop scanning logic
2020-07-22 09:32:55 +02:00
opp
opp: Prevent memory leak in dev_pm_opp_attach_genpd()
2020-10-29 09:58:06 +01:00
oprofile
parisc
parisc: mask out enable and reserved bits from sba imask
2020-08-19 08:16:26 +02:00
parport
pci
PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI
2020-11-05 11:43:25 +01:00
pcmcia
perf
drivers/perf: thunderx2_pmu: Fix memory resource error handling
2020-10-29 09:57:30 +01:00
phy
phy: marvell: comphy: Convert internal SMCC firmware return codes to errno
2020-11-01 12:01:07 +01:00
pinctrl
pinctrl: mcp23s08: Fix mcp23x17 precious range
2020-10-29 09:57:39 +01:00
platform
platform/x86: mlx-platform: Remove PSU EEPROM configuration
2020-10-29 09:57:44 +01:00
pnp
power
power: supply: test_power: add missing newlines when printing parameters by sysfs
2020-11-05 11:43:19 +01:00
powercap
pps
ps3
ptp
pwm
pwm: img: Fix null pointer access in probe
2020-10-29 09:57:54 +01:00
rapidio
rapidio: fix the missed put_device() for rio_mport_add_riodev
2020-10-29 09:57:53 +01:00
ras
regulator
regulator: resolve supply after creating regulator
2020-10-29 09:57:34 +01:00
remoteproc
remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load
2020-08-21 13:05:29 +02:00
reset
rpmsg
rpmsg: glink: Use complete_all for open states
2020-11-05 11:43:20 +01:00
rtc
rtc: rx8010: don't modify the global rtc ops
2020-11-05 11:43:33 +01:00
s390
s390/qeth: don't let HW override the configured port role
2020-10-29 09:58:10 +01:00
sbus
scsi
scsi: qla2xxx: Fix crash on session cleanup with unload
2020-11-05 11:43:26 +01:00
sfi
sh
siox
slimbus
slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback
2020-10-29 09:57:42 +01:00
soc
soc: fsl: qbman: Fix return value on success
2020-10-29 09:57:59 +01:00
soundwire
soundwire: bus: disable pm_runtime in sdw_slave_delete
2020-10-01 13:17:36 +02:00
spi
spi: sprd: Release DMA channel also on probe deferral
2020-11-05 11:43:23 +01:00
spmi
ssb
staging
staging: octeon: Drop on uncorrectable alignment or FCS error
2020-11-05 11:43:38 +01:00
target
scsi: target: tcmu: Fix warning: 'page' may be used uninitialized
2020-10-29 09:57:44 +01:00
tc
tee
thermal
thermal: rcar_thermal: Handle probe error gracefully
2020-10-01 13:17:44 +02:00
thunderbolt
tty
tty: make FONTX ioctl use the tty pointer they were actually passed
2020-11-05 11:43:36 +01:00
uio
uio: free uio id after uio file node is freed
2020-11-05 11:43:18 +01:00
usb
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
2020-11-05 11:43:29 +01:00
vfio
vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages
2020-10-29 09:57:56 +01:00
vhost
vringh: fix __vringh_iov() when riov and wiov are different
2020-11-05 11:43:35 +01:00
video
video: fbdev: pvr2fb: initialize variables
2020-11-05 11:43:15 +01:00
virt
drivers/virt/fsl_hypervisor: Fix error handling path
2020-10-29 09:57:38 +01:00
virtio
virtio_ring: Avoid loop when vq is broken in virtqueue_poll
2020-08-26 10:40:57 +02:00
visorbus
vlynq
vme
w1
w1: mxc_w1: Fix timeout resolution problem leading to bus error
2020-11-05 11:43:25 +01:00
watchdog
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
2020-11-05 11:43:20 +01:00
xen
xen/events: block rogue events for some time
2020-11-05 11:43:12 +01:00
zorro
Kconfig
Makefile