linux_dsm_epyc7002/drivers
yuuzheng c4186c00ad scsi: pm80xx: Fix pm8001_mpi_get_nvmd_resp() race condition
[ Upstream commit 1f889b58716a5f5e3e4fe0e6742c1a4472f29ac1 ]

A use-after-free or null-pointer error occurs when the 251-byte response
data is copied from IOMB buffer to response message buffer in function
pm8001_mpi_get_nvmd_resp().

After sending the command get_nvmd_data(), the caller begins to sleep by
calling wait_for_complete() and waits for the wake-up from calling
complete() in pm8001_mpi_get_nvmd_resp(). Due to unexpected events (e.g.,
interrupt), if response buffer gets freed before memcpy(), a use-after-free
error will occur. To fix this, the complete() should be called after
memcpy().

Link: https://lore.kernel.org/r/20201102165528.26510-5-Viswas.G@microchip.com.com
Acked-by: Jack Wang <jinpu.wang@cloud.ionos.com>
Signed-off-by: yuuzheng <yuuzheng@google.com>
Signed-off-by: Viswas G <Viswas.G@microchip.com>
Signed-off-by: Ruksar Devadi <Ruksar.devadi@microchip.com>
Signed-off-by: Radha Ramachandran <radha@google.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-03-25 09:04:11 +01:00
..
accessibility speakup: fix uninitialized flush_lock 2020-12-30 11:53:44 +01:00
acpi ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 2021-03-11 14:17:25 +01:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 11:38:02 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:54:09 +01:00
ata ata: ahci_brcm: Add back regulators management 2021-03-04 11:37:45 +01:00
atm atm: idt77252: call pci_disable_device() on error path 2021-01-12 20:18:09 +01:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 11:38:00 +01:00
base Revert "PM: runtime: Update device status before letting suppliers suspend" 2021-03-25 09:04:05 +01:00
bcma
block zram: fix return value on writeback_store 2021-03-17 17:06:34 +01:00
bluetooth Bluetooth: btqca: Add valid le states quirk 2021-03-11 14:17:22 +01:00
bus bus: ti-sysc: Implement GPMC debug quirk to drop platform data 2021-03-11 14:17:23 +01:00
cdrom
char tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() 2021-03-09 11:11:10 +01:00
clk clk: qcom: gpucc-msm8998: Add resets, cxc, fix flags on gpu_gx_gdsc 2021-03-17 17:06:26 +01:00
clocksource clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined 2021-03-04 11:37:57 +01:00
connector
counter counter: stm32-timer-cnt: Report count function when SLAVE_MODE_DISABLED 2021-03-25 09:04:09 +01:00
cpufreq cpufreq: qcom-hw: Fix return value check in qcom_cpufreq_hw_cpu_init() 2021-03-17 17:06:33 +01:00
cpuidle cpuidle: tegra: Annotate tegra_pm_set_cpu_in_lp2() with RCU_NONIDLE 2020-11-16 13:24:32 +01:00
crypto crypto: sun4i-ss - initialize need_fallback 2021-03-04 11:38:32 +01:00
dax device-dax: Fix default return code of range_parse() 2021-03-04 11:38:15 +01:00
dca
devfreq
dio
dma dmaengine: idxd: set DMA channel to be private 2021-03-04 11:37:57 +01:00
dma-buf dmabuf: fix use-after-free of dmabuf's file->f_inode 2021-01-12 20:18:24 +01:00
edac EDAC/amd64: Do not load on family 0x15, model 0x13 2021-03-07 12:34:08 +01:00
eisa
extcon extcon: max77693: Fix modalias string 2020-12-30 11:53:49 +01:00
firewire
firmware efi: stub: omit SetVirtualAddressMap() if marked unsupported in RT_PROP table 2021-03-17 17:06:35 +01:00
fpga fpga: Specify HAS_IOMEM dependency for FPGA_DFL 2020-12-01 18:46:24 +01:00
fsi fsi: Aspeed: Add mutex to protect HW access 2020-12-30 11:53:46 +01:00
gnss
gpio gpiolib: Assign fwnode to parent's if no primary one provided 2021-03-25 09:04:09 +01:00
gpu i915/perf: Start hrtimer only if sampling the OA buffer 2021-03-25 09:04:08 +01:00
greybus
hid HID: logitech-dj: add support for the new lightspeed connection iteration 2021-03-17 17:06:24 +01:00
hsi HSI: Fix PM usage counter unbalance in ssi_hw_init 2021-03-04 11:37:52 +01:00
hv Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() 2021-03-04 11:37:46 +01:00
hwmon hwmon: (dell-smm) Add XPS 15 L502X to fan control blacklist 2021-02-26 10:13:00 +01:00
hwspinlock
hwtracing coresight: etm4x: Handle accesses to TRCSTALLCTLR 2021-03-04 11:38:37 +01:00
i2c i2c: rcar: optimize cacheline to minimize HW race condition 2021-03-17 17:06:22 +01:00
i3c i3c master: fix missing destroy_workqueue() on error in i3c_master_register 2021-01-06 14:56:53 +01:00
ide ide/falconide: Fix module unload 2021-03-04 11:38:21 +01:00
idle intel_idle: Build fix 2020-12-03 10:00:23 +01:00
iio iio: adc: ti_am335x_adc: remove omitted iio_kfifo_free() 2021-01-27 11:55:12 +01:00
infiniband RDMA/rtrs: Fix KASAN: stack-out-of-bounds bug 2021-03-25 09:04:10 +01:00
input Input: applespi - don't wait for responses to commands indefinitely. 2021-03-17 17:06:24 +01:00
interconnect interconnect: imx8mq: Use icc_sync_state 2021-01-27 11:55:29 +01:00
iommu iommu/amd: Fix performance counter initialization 2021-03-17 17:06:24 +01:00
ipack
irqchip irqchip/loongson-pch-msi: Use bitmap_zalloc() to allocate bitmap 2021-03-04 11:38:42 +01:00
isdn misdn: dsp: select CONFIG_BITREVERSE 2021-01-19 18:27:26 +01:00
leds leds: trigger: fix potential deadlock with libata 2021-02-03 23:28:41 +01:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:55:22 +01:00
macintosh macintosh/adb-iop: Use big-endian autopoll mask 2021-03-04 11:37:42 +01:00
mailbox mailbox: sprd: correct definition of SPRD_OUTBOX_FIFO_FULL 2021-03-04 11:38:15 +01:00
mcb
md dm verity: fix FEC for RS roots unaligned to block size 2021-03-09 11:11:12 +01:00
media media: rc: compile rc-cec.c into rc-core 2021-03-17 17:06:20 +01:00
memory memory: ti-aemif: Drop child node when jumping out loop 2021-03-04 11:37:25 +01:00
memstick memstick: r592: Fix error return in r592_probe() 2020-12-30 11:53:34 +01:00
message
mfd mfd: gateworks-gsc: Fix interrupt type 2021-03-04 11:38:40 +01:00
misc misc: fastrpc: restrict user apps from sending kernel RPC messages 2021-03-17 17:06:31 +01:00
mmc mmc: cqhci: Fix random crash when remove mmc module/card 2021-03-17 17:06:28 +01:00
most
mtd mtd: spi-nor: hisi-sfc: Put child node np on error path 2021-03-04 11:38:37 +01:00
mux
net ibmvnic: serialize access to work queue on remove 2021-03-25 09:04:10 +01:00
nfc nfc: s3fwrn5: Release the nfc firmware 2020-12-30 11:53:53 +01:00
ntb
nubus
nvdimm libnvdimm/dimm: Avoid race between probe and available_slots_show() 2021-02-10 09:29:17 +01:00
nvme nvme-rdma: fix possible hang when failing to set io queues 2021-03-25 09:04:10 +01:00
nvmem nvmem: qcom-spmi-sdam: Fix uninitialized pdev pointer 2021-03-04 11:38:39 +01:00
of of: unittest: Fix build on architectures without CONFIG_OF_ADDRESS 2021-03-09 11:11:15 +01:00
opp opp: Correct debug message in _opp_add_static_v2() 2021-03-04 11:37:27 +01:00
oprofile
parisc
parport
pci s390/pci: fix leak of PCI device structure 2021-03-25 09:04:05 +01:00
pcmcia
perf perf/arm-cmn: Move IRQs when migrating context 2021-03-04 11:37:44 +01:00
phy phy: lantiq: rcu-usb2: wait after clock enable 2021-03-04 11:38:24 +01:00
pinctrl pinctrl: qcom: Don't clear pending interrupts when enabling 2021-01-27 11:55:27 +01:00
platform Platform: OLPC: Fix probe error handling 2021-03-17 17:06:23 +01:00
pnp
power power: supply: smb347-charger: Fix interrupt usage if interrupt is unavailable 2021-03-04 11:37:59 +01:00
powercap
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:53:53 +01:00
ptp phy: dp83640: select CONFIG_CRC32 2021-01-17 14:17:02 +01:00
pwm pwm: iqs620a: Fix overflow and optimize calculations 2021-03-04 11:38:17 +01:00
rapidio
ras
regulator regulator: bd718x7, bd71828, Fix dvs voltage levels 2021-03-04 11:38:07 +01:00
remoteproc remoteproc/mediatek: Fix kernel test robot warning 2021-03-07 12:34:15 +01:00
reset
rpmsg
rtc rtc: zynqmp: depend on HAS_IOMEM 2021-03-04 11:38:03 +01:00
s390 s390/dasd: fix hanging IO request during DASD driver unbind 2021-03-17 17:06:28 +01:00
sbus
scsi scsi: pm80xx: Fix pm8001_mpi_get_nvmd_resp() race condition 2021-03-25 09:04:11 +01:00
sfi
sh
siox
slimbus slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() 2020-12-30 11:53:47 +01:00
soc soc: samsung: exynos-asv: handle reading revision register error 2021-03-04 11:38:32 +01:00
soundwire soundwire: intel: fix possible crash when no device is detected 2021-03-04 11:38:22 +01:00
spi spi: cadence: set cqspi to the driver_data field of struct device 2021-03-25 09:04:04 +01:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 11:38:40 +01:00
ssb
staging staging: comedi: pcl818: Fix endian problem for AI command data 2021-03-17 17:06:33 +01:00
target scsi: target: core: Prevent underflow for service actions 2021-03-17 17:06:26 +01:00
tc
tee optee: simplify i2c access 2021-03-04 11:37:28 +01:00
thermal thermal: cpufreq_cooling: freq_qos_update_request() returns < 0 on error 2021-03-04 11:38:41 +01:00
thunderbolt thunderbolt: Fix possible NULL pointer dereference in tb_acpi_add_link() 2021-02-10 09:29:15 +01:00
tty serial: stm32: fix DMA initialization error handling 2021-03-25 09:04:10 +01:00
uio
usb usbip: fix vudc usbip_sockfd_store races leading to gpf 2021-03-17 17:06:31 +01:00
vdpa vdpa/mlx5: fix param validation in mlx5_vdpa_get_config() 2021-03-04 11:37:17 +01:00
vfio vfio: IOMMU_API should be selected 2021-03-25 09:04:08 +01:00
vhost vhost_vdpa: fix the missing irq_bypass_unregister_producer() invocation 2021-03-25 09:04:08 +01:00
video udlfb: Fix memory leak in dlfb_usb_probe 2021-03-07 12:34:04 +01:00
virt virt: vbox: Do not use wait_event_interruptible when called from kernel context 2021-03-04 11:37:18 +01:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:54:00 +01:00
visorbus
vlynq
vme
w1 w1: w1_therm: Fix conversion result for negative temperatures 2021-03-04 11:37:18 +01:00
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 11:38:36 +01:00
xen xen/events: avoid handling the same event on two cpus at the same time 2021-03-17 17:06:37 +01:00
zorro
Kconfig
Makefile vdpa: mlx5: fix vdpa/vhost dependencies 2020-12-02 04:09:56 -05:00