shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-29 13:57:44 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
fa616c09626198ecea736fff251b72f8116c19f4
linux/drivers
History
Johan Korsnes 75c3955b16 HID: core: fix off-by-one memset in hid_report_raw_event() 
commit 5ebdffd250 upstream.

In case a report is greater than HID_MAX_BUFFER_SIZE, it is truncated,
but the report-number byte is not correctly handled. This results in a
off-by-one in the following memset, causing a kernel Oops and ensuing
system crash.

Note: With commit 8ec321e96e ("HID: Fix slab-out-of-bounds read in
hid_field_extract") I no longer hit the kernel Oops as we instead fail
"controlled" at probe if there is a report too long in the HID
report-descriptor. hid_report_raw_event() is an exported symbol, so
presumabely we cannot always rely on this being the case.

Fixes: 966922f26c ("HID: fix a crash in hid_report_raw_event()
                     function.")
Signed-off-by: Johan Korsnes <jkorsnes@cisco.com>
Cc: Armando Visconti <armando.visconti@st.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-03-05 16:42:18 +01:00
..
accessibility
acpi
ACPI: watchdog: Fix gas->access_width usage
2020-03-05 16:42:17 +01:00
amba
android
binder: Handle start==NULL in binder_update_page_range()
2019-12-13 08:52:52 +01:00
ata
ata: ahci: Add shutdown to freeze hardware resources of ahci
2020-02-28 16:39:00 +01:00
atm
fore200e: Fix incorrect checks of NULL pointer dereference
2020-02-24 08:34:42 +01:00
auxdisplay
auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach
2019-09-06 10:21:56 +02:00
base
driver core: platform: fix u32 greater or equal to zero comparison
2020-02-24 08:34:50 +01:00
bcma
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
2020-01-27 14:51:09 +01:00
block
floppy: check FDC index for errors before assigning it
2020-02-28 16:38:45 +01:00
bluetooth
Bluetooth: btusb: fix PM leak in error case of setup
2020-01-09 10:19:04 +01:00
bus
bus: ti-sysc: Fix sysc_unprepare() when no clocks have been allocated
2020-01-27 14:50:36 +01:00
cdrom
cdrom: respect device capabilities during opening action
2020-01-04 19:13:12 +01:00
char
ipmi:ssif: Handle a possible NULL pointer reference
2020-03-05 16:42:12 +01:00
clk
clk: uniphier: Add SCSSI clock gate for each channel
2020-02-24 08:34:45 +01:00
clocksource
clocksource/drivers/bcm2835_timer: Fix memory leak of timer
2020-02-24 08:34:37 +01:00
connector
connector: fix unsafe usage of ->real_parent
2019-03-19 13:12:38 +01:00
cpufreq
cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
2020-01-27 14:50:53 +01:00
cpuidle
cpuidle: Do not unset the driver if it is there already
2019-12-17 20:35:00 +01:00
crypto
crypto: chtls - Fixed memory leak
2020-02-24 08:34:44 +01:00
dax
mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses
2019-05-22 07:37:40 +02:00
dca
devfreq
PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
2020-02-24 08:34:44 +01:00
dio
dma
Revert "dmaengine: imx-sdma: Fix memory leak"
2020-02-28 16:38:58 +01:00
dma-buf
dma-buf: Fix memory leak in sync_file_merge()
2019-12-21 10:57:38 +01:00
edac
EDAC/mc: Fix edac_mc_find() in case no device is found
2020-01-27 14:50:48 +01:00
eisa
extcon
extcon: sm5502: Reset registers during initialization
2019-12-31 16:35:11 +01:00
firewire
net: add annotations on hh->hh_len lockless accesses
2020-01-09 10:19:09 +01:00
firmware
firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices
2020-01-27 14:51:19 +01:00
fmc
fpga
fpga: altera-ps-spi: Fix getting of optional confd gpio
2019-09-21 07:16:53 +02:00
fsi
fsi: sbefifo: Don't fail operations when in SBE IPL state
2020-01-27 14:51:00 +01:00
gnss
gnss: sirf: fix premature wakeup interrupt enable
2019-03-10 07:17:21 +01:00
gpio
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap()
2020-02-24 08:34:36 +01:00
gpu
drm/msm: Set dma maximum segment size for mdss
2020-03-05 16:42:12 +01:00
hid
HID: core: fix off-by-one memset in hid_report_raw_event()
2020-03-05 16:42:18 +01:00
hsi
hv
hv_balloon: Balloon up according to request page number
2020-02-11 04:34:01 -08:00
hwmon
hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
2020-02-19 19:51:59 +01:00
hwspinlock
hwtracing
coresight: tmc-etf: Do not call smp_processor_id from preemptible
2020-01-29 16:43:23 +01:00
i2c
i2c: stm32f7: report dma error during probe
2020-01-27 14:51:21 +01:00
ide
ide: serverworks: potential overflow in svwks_set_pio_mode()
2020-02-24 08:34:49 +01:00
idle
x86/cpu: Sanitize FAM6_ATOM naming
2019-05-14 19:17:53 +02:00
iio
iio: st_gyro: Correct data for LSM9DS0 gyro
2020-02-01 09:37:04 +00:00
infiniband
scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
2020-02-28 16:38:58 +01:00
input
Input: edt-ft5x06 - work around first register access error
2020-02-24 08:34:46 +01:00
iommu
iommu/qcom: Fix bogus detach logic
2020-02-28 16:38:43 +01:00
ipack
irqchip
irqchip/gic-v3-its: Fix misuse of GENMASK macro
2020-03-05 16:42:12 +01:00
isdn
staging: gigaset: add endpoint-type sanity check
2019-12-17 20:34:33 +01:00
leds
leds: pca963x: Fix open-drain initialization
2020-02-24 08:34:35 +01:00
lightnvm
lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
2020-01-27 14:50:45 +01:00
macintosh
macintosh/windfarm_smu_sat: Fix debug output
2019-12-01 09:16:37 +01:00
mailbox
mailbox: qcom-apcs: fix max_register value
2020-01-27 14:51:14 +01:00
mcb
md
bcache: explicity type cast in bset_bkey_last()
2020-02-24 08:34:53 +01:00
media
media: cx23885: Add support for AVerMedia CE310B
2020-02-24 08:34:41 +01:00
memory
memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20
2020-01-27 14:50:13 +01:00
memstick
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
2019-10-29 09:20:07 +01:00
message
scsi: mptfusion: Fix double fetch bug in ioctl
2020-01-23 08:21:28 +01:00
mfd
mfd: rn5t618: Mark ADC control register volatile
2020-02-11 04:34:14 -08:00
misc
mei: me: add comet point (lake) H device ids
2020-02-01 09:37:04 +00:00
mmc
mmc: sdhci-of-at91: fix memleak on clk_get failure
2020-02-11 04:34:00 -08:00
mtd
mtd: sharpslpart: Fix unsigned comparison to zero
2020-02-14 16:33:27 -05:00
mux
mux: adgs1408: use the correct MODULE_LICENSE
2018-10-12 17:36:39 +02:00
net
qede: Fix race between rdma destroy workqueue and link change event
2020-03-05 16:42:17 +01:00
nfc
nfc: pn544: Fix occasional HW initialization failure
2020-03-05 16:42:16 +01:00
ntb
ntb_hw_switchtec: potential shift wrapping bug in switchtec_ntb_init_sndev()
2020-01-27 14:50:55 +01:00
nubus
nvdimm
libnvdimm/btt: fix variable 'rc' set but not used
2020-01-04 19:13:00 +01:00
nvme
nvme-multipath: Fix memory leak with ana_log_buf
2020-02-28 16:38:49 +01:00
nvmem
nvmem: imx-ocotp: Change TIMING calculation to u-boot algorithm
2020-01-27 14:50:58 +01:00
of
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
2020-02-11 04:34:03 -08:00
opp
OPP: Fix missing debugfs supply directory for OPPs
2020-01-27 14:50:04 +01:00
oprofile
parisc
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
2019-10-05 13:10:04 +02:00
parport
parport: load lowlevel driver if ports not found
2019-12-31 16:36:01 +01:00
pci
PCI: Increase D3 delay for AMD Ryzen5/7 XHCI controllers
2020-02-24 08:34:41 +01:00
pcmcia
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
2018-11-13 11:08:17 -08:00
perf
drivers/perf: arm_pmu: Fix failure path in PM notifier
2019-08-06 19:06:55 +02:00
phy
phy: qualcomm: Adjust indentation in read_poll_timeout
2020-02-11 04:34:12 -08:00
pinctrl
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
2020-02-24 08:34:44 +01:00
platform
platform/x86: intel_mid_powerbtn: Take a copy of ddata
2020-02-14 16:33:25 -05:00
pnp
power
power: supply: ltc2941-battery-gauge: fix use-after-free
2020-02-11 04:34:02 -08:00
powercap
x86/cpu: Sanitize FAM6_ATOM naming
2019-05-14 19:17:53 +02:00
pps
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
2019-08-04 09:30:56 +02:00
ps3
ptp
ptp: free ptp device pin descriptors properly
2020-01-23 08:21:35 +01:00
pwm
pwm: Remove set but not set variable 'pwm'
2020-02-24 08:34:49 +01:00
rapidio
drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
2020-01-27 14:50:31 +01:00
ras
RAS/CEC: Fix pfn insertion
2019-07-26 09:14:05 +02:00
regulator
regulator: rk808: Lower log level on optional GPIOs being not available
2020-02-24 08:34:40 +01:00
remoteproc
remoteproc: Initialize rproc_class before use
2020-02-24 08:34:50 +01:00
reset
reset: uniphier: Add SCSSI reset control for each channel
2020-02-24 08:34:44 +01:00
rpmsg
rpmsg: glink: Free pending deferred work on remove
2019-12-21 10:57:30 +01:00
rtc
rtc: cmos: Stop using shared IRQ
2020-02-14 16:33:24 -05:00
s390
s390/zcrypt: fix card and queue total counter wrap
2020-03-05 16:42:13 +01:00
sbus
drivers/sbus/char: add of_node_put()
2018-12-21 14:15:17 +01:00
scsi
scsi: iscsi: Don't destroy session if there are outstanding connections
2020-02-24 08:34:48 +01:00
sfi
sh
siox
slimbus
slimbus: ngd: Fix build error on x86
2019-12-13 08:51:54 +01:00
sn
soc
soc/tegra: fuse: Fix build with Tegra194 configuration
2020-03-05 16:42:13 +01:00
soundwire
soundwire: intel: fix PDI/stream mapping for Bulk
2019-12-31 16:35:55 +01:00
spi
spi: spi-mem: Fix inverted logic in op sanity check
2020-02-14 16:33:24 -05:00
spmi
ssb
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
2019-05-31 06:46:04 -07:00
staging
staging: greybus: use after free in gb_audio_manager_remove_all()
2020-02-28 16:38:59 +01:00
target
scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
2020-02-28 16:38:58 +01:00
tc
TC: Set DMA masks for devices
2018-11-13 11:08:51 -08:00
tee
tee: optee: Fix compilation issue with nommu
2020-02-05 14:43:50 +00:00
thermal
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
2020-01-27 14:50:48 +01:00
thunderbolt
thunderbolt: Prevent crash if non-active NVMem file is read
2020-02-28 16:38:44 +01:00
tty
sysrq: Remove duplicated sysrq message
2020-03-05 16:42:15 +01:00
uio
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
2020-02-24 08:34:37 +01:00
usb
usb: dwc2: Fix in ISOC request length checking
2020-02-28 16:38:59 +01:00
uwb
vfio
vfio/mdev: Fix aborting mdev child device removal if one fails
2020-01-27 14:50:46 +01:00
vhost
vhost/test: stop device before reset
2020-01-27 14:51:19 +01:00
video
pxa168fb: Fix the function used to release some memory in an error handling path
2020-02-24 08:34:36 +01:00
virt
virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
2019-11-06 13:06:04 +01:00
virtio
virtio_balloon: prevent pfn array overflow
2020-02-24 08:34:54 +01:00
visorbus
visorbus: fix uninitialized variable access
2020-02-24 08:34:47 +01:00
vlynq
vme
vme: bridges: reduce stack usage
2020-02-24 08:34:47 +01:00
w1
w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size).
2019-12-01 09:16:22 +01:00
watchdog
ACPI: watchdog: Fix gas->access_width usage
2020-03-05 16:42:17 +01:00
xen
xen: Enable interrupts when calling _cond_resched()
2020-02-28 16:39:00 +01:00
zorro
Kconfig
Makefile
Merge tag 'char-misc-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2018-08-18 11:04:51 -07:00