linux_dsm_epyc7002/drivers
Dan Carpenter d218c7a028 media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()
[ Upstream commit ba11bbf303fafb33989e95473e409f6ab412b18d ]

The "s3a_buf" is freed along with all the other items on the
"asd->s3a_stats" list.  It leads to a double free and a use after free.

Link: https://lore.kernel.org/linux-media/X9dSO3RGf7r0pq2k@mwanda
Fixes: ad85094b29 ("Revert "media: staging: atomisp: Remove driver"")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-05-14 09:50:23 +02:00
..
accessibility speakup: fix uninitialized flush_lock 2020-12-30 11:53:44 +01:00
acpi ACPI: CPPC: Replace cppc_attr with kobj_attribute 2021-05-14 09:50:16 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 11:38:02 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:54:09 +01:00
ata ata: ahci: Disable SXS for Hisilicon Kunpeng920 2021-05-11 14:47:26 +02:00
atm atm: idt77252: fix null-ptr-dereference 2021-03-30 14:31:50 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 11:38:00 +01:00
base node: fix device cleanups in error handling code 2021-05-14 09:50:19 +02:00
bcma
block xen-blkback: fix compatibility bug with single page rings 2021-05-14 09:50:21 +02:00
bluetooth Bluetooth: btqca: Add valid le states quirk 2021-03-11 14:17:22 +01:00
bus bus: qcom: Put child node before return 2021-05-14 09:50:13 +02:00
cdrom
char ttyprintk: Add TTY hangup callback. 2021-05-14 09:50:21 +02:00
clk media: aspeed: fix clock handling logic 2021-05-14 09:50:23 +02:00
clocksource clocksource/drivers/ingenic_ost: Fix return value check in ingenic_ost_probe() 2021-05-14 09:50:16 +02:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-03-25 09:04:16 +01:00
cpufreq cpufreq: armada-37xx: Fix determining base CPU frequency 2021-05-14 09:50:17 +02:00
cpuidle cpuidle: Fix ARM_QCOM_SPM_CPUIDLE configuration 2021-05-14 09:50:16 +02:00
crypto crypto: chelsio - Read rxchannel-id from firmware 2021-05-14 09:50:19 +02:00
dax device-dax: Fix default return code of range_parse() 2021-03-04 11:38:15 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:50:15 +02:00
dio
dma dmaengine: tegra20: Fix runtime PM imbalance on error 2021-04-28 13:40:01 +02:00
dma-buf dmabuf: fix use-after-free of dmabuf's file->f_inode 2021-01-12 20:18:24 +01:00
edac EDAC/amd64: Do not load on family 0x15, model 0x13 2021-03-07 12:34:08 +01:00
eisa
extcon extcon: arizona: Fix various races on driver unbind 2021-05-11 14:47:24 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 15:00:11 +02:00
firmware firmware: qcom-scm: Fix QCOM_SCM configuration 2021-05-14 09:50:19 +02:00
fpga fpga: fpga-mgr: xilinx-spi: fix error messages on -EPROBE_DEFER 2021-05-14 09:50:06 +02:00
fsi fsi: Aspeed: Add mutex to protect HW access 2020-12-30 11:53:46 +01:00
gnss
gpio gpio: omap: Save and restore sysconfig 2021-04-28 13:39:59 +02:00
gpu drm/probe-helper: Check epoch counter in output_poll_execute() 2021-05-14 09:50:23 +02:00
greybus
hid HID: wacom: Assign boolean values to a bool variable 2021-04-28 13:40:01 +02:00
hsi HSI: Fix PM usage counter unbalance in ssi_hw_init 2021-03-04 11:37:52 +01:00
hv Drivers: hv: vmbus: Increase wait time for VMbus unload 2021-05-14 09:50:21 +02:00
hwmon hwmon: (pmbus/pxe1610) don't bail out when not all pages are active 2021-05-14 09:50:20 +02:00
hwspinlock
hwtracing intel_th: pci: Add Alder Lake-M support 2021-05-11 14:47:35 +02:00
i2c i2c: designware: Adjust bus_freq_hz when refuse high speed mode set 2021-04-14 08:42:11 +02:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:50:05 +02:00
ide ide/falconide: Fix module unload 2021-03-04 11:38:21 +01:00
idle
iio iio: adc: Kconfig: make AD9467 depend on ADI_AXI_ADC symbol 2021-05-14 09:50:15 +02:00
infiniband RDMA/addr: Be strict with gid size 2021-04-14 08:42:12 +02:00
input Input: ili210x - add missing negation for touch indication on ili210x 2021-05-11 14:47:34 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:43:19 +02:00
iommu iommu/amd: Fix performance counter initialization 2021-03-17 17:06:24 +01:00
ipack
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:50:15 +02:00
isdn mISDN: fix crash in fritzpci 2021-04-10 13:36:08 +02:00
leds leds: trigger: fix potential deadlock with libata 2021-02-03 23:28:41 +01:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:55:22 +01:00
macintosh macintosh/adb-iop: Use big-endian autopoll mask 2021-03-04 11:37:42 +01:00
mailbox mailbox: sprd: correct definition of SPRD_OUTBOX_FIFO_FULL 2021-03-04 11:38:15 +01:00
mcb
md md: Fix missing unused status line of /proc/mdstat 2021-05-14 09:49:59 +02:00
media media: m88rs6000t: avoid potential out-of-bounds reads on arrays 2021-05-14 09:50:23 +02:00
memory memory: samsung: exynos5422-dmc: handle clk_set_parent() failure 2021-05-14 09:50:19 +02:00
memstick memstick: r592: Fix error return in r592_probe() 2020-12-30 11:53:34 +01:00
message
mfd mfd: arizona: Fix rumtime PM imbalance on error 2021-05-11 14:47:31 +02:00
misc misc: vmw_vmci: explicitly initialize vmci_datagram payload 2021-05-14 09:49:59 +02:00
mmc mmc: sdhci-brcmstb: Remove CQE quirk 2021-05-11 14:47:26 +02:00
most
mtd mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init 2021-05-14 09:50:15 +02:00
mux
net Revert "drivers/net/wan/hdlc_fr: Fix a double free in pvc_xmit" 2021-05-14 09:50:05 +02:00
nfc nfc: s3fwrn5: Release the nfc firmware 2020-12-30 11:53:53 +01:00
ntb
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 13:00:55 +02:00
nvme nvmet: return proper error code from discovery ctrl 2021-05-11 14:47:26 +02:00
nvmem drivers: nvmem: Fix voltage settings for QTI qfprom-efuse 2021-05-14 09:50:14 +02:00
of of: property: fw_devlink: do not link ".*,nr-gpios" 2021-04-14 08:41:58 +02:00
opp opp: Correct debug message in _opp_add_static_v2() 2021-03-04 11:37:27 +01:00
oprofile
parisc
parport
pci PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c 2021-05-14 09:49:58 +02:00
pcmcia
perf perf/arm_pmu_platform: Fix error handling 2021-05-11 14:47:19 +02:00
phy phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally 2021-05-14 09:50:13 +02:00
pinctrl pinctrl: core: Show pin numbers for the controllers with base = 0 2021-04-28 13:39:59 +02:00
platform platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table 2021-05-14 09:50:20 +02:00
pnp
power power: supply: cpcap-battery: fix invalid usage of list cursor 2021-05-11 14:47:32 +02:00
powercap
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:53:53 +01:00
ptp ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation 2021-04-10 13:36:09 +02:00
pwm pwm: iqs620a: Fix overflow and optimize calculations 2021-03-04 11:38:17 +01:00
rapidio
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:42:12 +02:00
regulator regulator: bd9576: Fix return from bd957x_probe() 2021-05-14 09:50:10 +02:00
remoteproc remoteproc: qcom: pil_info: avoid 64-bit division 2021-04-14 08:42:05 +02:00
reset
rpmsg
rtc rtc: zynqmp: depend on HAS_IOMEM 2021-03-04 11:38:03 +01:00
s390 s390/zcrypt: fix zcard and zqueue hot-unplug memleak 2021-05-11 14:47:11 +02:00
sbus
scsi scsi: libfc: Fix a format specifier 2021-05-11 14:47:31 +02:00
sfi
sh
siox
slimbus slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() 2020-12-30 11:53:47 +01:00
soc soc: aspeed: fix a ternary sign expansion bug 2021-05-14 09:50:21 +02:00
soundwire soundwire: stream: fix memory leak in stream config error path 2021-05-14 09:50:14 +02:00
spi spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails 2021-05-14 09:50:20 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 11:38:40 +01:00
ssb
staging media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() 2021-05-14 09:50:23 +02:00
target scsi: target: pscsi: Fix warning in pscsi_complete_cmd() 2021-05-11 14:47:23 +02:00
tc
tee tee: optee: do not check memref size on return from Secure World 2021-05-11 14:47:18 +02:00
thermal thermal/core/fair share: Lock the thermal zone while looping over instances 2021-05-11 14:47:41 +02:00
thunderbolt thunderbolt: Fix off by one in tb_port_find_retimer() 2021-04-14 08:42:03 +02:00
tty serial: omap: fix rs485 half-duplex filtering 2021-05-14 09:50:21 +02:00
uio
usb usb: dwc2: Fix hibernation between host and device modes. 2021-05-14 09:50:21 +02:00
vdpa vdpa/mlx5: Set err = -ENOMEM in case dma_map_sg_attrs fails 2021-04-28 13:39:59 +02:00
vfio vfio: Depend on MMU 2021-05-07 11:04:33 +02:00
vhost vhost-vdpa: fix vm_flags for virtqueue doorbell mapping 2021-05-11 14:47:12 +02:00
video backlight: qcom-wled: Fix FSC update issue for WLED5 2021-05-11 14:47:25 +02:00
virt nitro_enclaves: Fix stale file descriptors on failed usercopy 2021-05-11 14:47:11 +02:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:54:00 +01:00
visorbus
vlynq
vme
w1 w1: w1_therm: Fix conversion result for negative temperatures 2021-03-04 11:37:18 +01:00
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 11:38:36 +01:00
xen xen/events: fix setting irq affinity 2021-04-16 11:43:22 +02:00
zorro
Kconfig
Makefile