linux_dsm_epyc7002/drivers/misc
Jorgen Hansen 11924ba5e6 VMCI: Resource wildcard match fixed
When adding a VMCI resource, the check for an existing entry
would ignore that the new entry could be a wildcard. This could
result in multiple resource entries that would match a given
handle. One disastrous outcome of this is that the
refcounting used to ensure that delayed callbacks for VMCI
datagrams have run before the datagram is destroyed can be
wrong, since the refcount could be increased on the duplicate
entry. This in turn leads to a use after free bug. This issue
was discovered by Hangbin Liu using KASAN and syzkaller.

Fixes: bc63dedb7d ("VMCI: resource object implementation")
Reported-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Adit Ranadive <aditr@vmware.com>
Reviewed-by: Vishnu Dasa <vdasa@vmware.com>
Signed-off-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-10-02 15:36:10 -07:00
..
altera-stapl treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
c2port kmemcheck: remove annotations 2017-11-15 18:21:04 -08:00
cardreader misc: rtsx: make several functions static 2018-07-03 13:01:48 +02:00
cb710 cb710: Convert to new IDA API 2018-08-21 23:54:18 -04:00
cxl misc: Convert to using %pOFn instead of device_node.name 2018-09-14 15:25:57 +02:00
echo misc: echo: Remove unnecessary parentheses and simplify check for zero 2018-09-25 20:21:02 +02:00
eeprom eeprom: at25: use devm_nvmem_register() 2018-09-28 15:14:53 +02:00
genwqe misc: genwqe: remove duplicated include file 2018-09-25 20:21:02 +02:00
ibmasm ibmasm: don't write out of bounds in read handler 2018-07-07 09:59:35 +02:00
lis3lv02d vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
lkdtm misc: lkdtm: fixed static variable initialization 2018-09-12 09:46:46 +02:00
mei misc: remove redundant include moduleparam.h 2018-09-25 20:21:02 +02:00
mic misc: mic: scif: Remove unused variable 2018-09-25 20:21:02 +02:00
ocxl Merge branch 'akpm' (patches from Andrew) 2018-08-17 16:49:31 -07:00
sgi-gru misc: sgi-gru: fix fall-through annotations 2018-09-20 15:13:52 +02:00
sgi-xp misc: sgi-xp: remove meaningless null check before kfree 2018-09-14 15:36:20 +02:00
ti-st misc: ti-st: Fix memory leak in the error path of probe() 2018-08-02 10:35:04 +02:00
vmw_vmci VMCI: Resource wildcard match fixed 2018-10-02 15:36:10 -07:00
ad525x_dpot-i2c.c drivers: misc: ad525x_dpot: Update MODULE AUTHOR email address 2018-09-14 15:36:20 +02:00
ad525x_dpot-spi.c drivers: misc: ad525x_dpot: Update MODULE AUTHOR email address 2018-09-14 15:36:20 +02:00
ad525x_dpot.c drivers: misc: ad525x_dpot: Update MODULE AUTHOR email address 2018-09-14 15:36:20 +02:00
ad525x_dpot.h misc: ad525x_dpot: Unnecessary space before function pointer arguments 2017-12-18 15:59:17 +01:00
apds990x.c misc: apds990x: remove unused array ir_currents 2018-09-12 09:46:46 +02:00
apds9802als.c misc: apds9802als: constify i2c_device_id 2017-08-28 16:55:49 +02:00
aspeed-lpc-ctrl.c misc: aspeed-lpc-ctrl: Enable FWH and A2H bridge cycles 2018-03-15 18:20:51 +01:00
aspeed-lpc-snoop.c drivers/misc: Aspeed LPC snoop output using misc chardev 2018-07-16 13:30:47 +02:00
atmel_tclib.c misc: atmel_tclib: get and use slow clock 2015-10-06 12:33:14 +02:00
atmel-ssc.c misc: atmel-ssc: register as sound DAI if #sound-dai-cells is present 2016-12-15 12:13:31 +00:00
bh1770glc.c misc: bh1770glc: remove unused array prox_curr_ma 2018-09-12 09:46:46 +02:00
cs5535-mfgpt.c
ds1682.c misc: ds1682: Ignore update-in-progress ETC reads 2018-01-09 17:03:57 +01:00
dummy-irq.c Annotate hardware config module parameters in drivers/misc/ 2017-04-20 12:02:32 +01:00
enclosure.c misc: enclosure: Remove unnecessary error check 2017-12-07 18:45:31 +01:00
fsa9480.c misc: fsa9480: Add blank line after declarations. 2018-01-09 17:03:57 +01:00
hmc6352.c misc: hmc6352: fix potential Spectre v1 2018-09-12 09:31:00 +02:00
hpilo.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hpilo.h misc: hpilo: Use SPDX-License-Identifier 2017-12-07 18:45:31 +01:00
ibmvmc.c misc: ibmvsm: Fix wrong assignment of return code 2018-09-12 09:31:00 +02:00
ibmvmc.h misc: IBM Virtual Management Channel Driver (VMC) 2018-05-14 16:35:42 +02:00
ics932s401.c misc: ics932s401: open brace should be on the previous line 2017-12-18 16:00:57 +01:00
ioc4.c misc: ioc4: constify pci_device_id. 2017-08-28 16:55:48 +02:00
isl29003.c misc: isl29003: Missing a blank line after declarations 2017-12-07 18:45:31 +01:00
isl29020.c misc: isl29020: constify i2c_device_id 2017-08-28 16:55:49 +02:00
Kconfig misc: IBM Virtual Management Channel Driver (VMC) 2018-05-14 16:35:42 +02:00
kgdbts.c misc: kgdbts: Fix restrict error 2018-09-25 20:21:02 +02:00
lattice-ecp3-config.c spi: Drop owner assignment from spi_drivers 2015-10-28 10:30:17 +09:00
Makefile misc: IBM Virtual Management Channel Driver (VMC) 2018-05-14 16:35:42 +02:00
pch_phub.c MISC: add const to bin_attribute structures 2017-08-28 16:55:48 +02:00
pci_endpoint_test.c pci_endpoint_test: Add 2 ioctl commands 2018-07-19 11:46:57 +01:00
phantom.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pti.c drivers/misc/intel/pti: Rename the header file to free up the namespace 2017-12-17 12:52:34 +01:00
qcom-coincell.c ARM: qcom: silence an uninitialized variable warning 2016-05-01 14:20:04 -07:00
spear13xx_pcie_gadget.c spear13xx_pcie_gadget: use per-attribute show and store methods 2015-10-13 22:17:40 -07:00
sram-exec.c misc: sram-exec: Use aligned fncpy instead of memcpy 2017-05-18 17:37:52 +02:00
sram.c misc: sram: remove redundant null pointer check before of_node_put 2018-09-25 20:20:59 +02:00
sram.h misc: sram: Integrate protect-exec reserved sram area type 2017-01-25 11:48:03 +01:00
tifm_7xx1.c misc: tifm: Remove VLA 2018-04-23 13:31:27 +02:00
tifm_core.c
tsl2550.c tsl2550: fix lux1_input error in low light 2018-07-07 17:44:52 +02:00
vexpress-syscfg.c misc: vexpress/syscfg: Use devm_ioremap_resource() to map memory 2018-07-16 13:32:08 +02:00
vmw_balloon.c vmw_balloon: add reset stat 2018-09-25 20:11:43 +02:00