Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers
History
WangYuli 021598cbdb HID: wacom: fix when get product name maybe null pointer 
commit 59548215b76be98cf3422eea9a67d6ea578aca3d upstream.

Due to incorrect dev->product reporting by certain devices, null
pointer dereferences occur when dev->product is empty, leading to
potential system crashes.

This issue was found on EXCELSIOR DL37-D05 device with
Loongson-LS3A6000-7A2000-DL37 motherboard.

Kernel logs:
[   56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci
[   56.671638] usb 4-3: string descriptor 0 read error: -22
[   56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07
[   56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0
[   56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80
[   56.697732] Oops[#1]:
[   56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G           OE      6.6.0-loong64-desktop #25.00.2000.015
[   56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024
[   56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0
[   56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000
[   56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000
[   56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005
[   56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000
[   56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028
[   56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000
[   56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000
[   56.697753]    ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom]
[   56.697802]   ERA: 90000000066e35c8 strstr+0x28/0x120
[   56.697806]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
[   56.697816]  PRMD: 0000000c (PPLV0 +PIE +PWE)
[   56.697821]  EUEN: 00000000 (-FPE -SXE -ASXE -BTE)
[   56.697827]  ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)
[   56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)
[   56.697835]  BADV: 0000000000000000
[   56.697836]  PRID: 0014d000 (Loongson-64bit, Loongson-3A6000)
[   56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit
[   56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3)
[   56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000
[   56.697896]         0000000000000000 00000011fffffffd 0000000000000000 0000000000000000
[   56.697901]         0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0
[   56.697906]         90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c
[   56.697911]         90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440
[   56.697916]         ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0
[   56.697921]         0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c
[   56.697926]         ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000
[   56.697931]         90000001000bb8d0 9000000006307564 9000000005e666e0 90000001752359b8
[   56.697936]         9000000008cbe400 900000000804d000 9000000005e666e0 0000000000000000
[   56.697941]         ...
[   56.697944] Call Trace:
[   56.697945] [<90000000066e35c8>] strstr+0x28/0x120
[   56.697950] [<ffff800004f98a80>] wacom_update_name+0xe0/0x300 [wacom]
[   56.698000] [<ffff800004f9ce58>] wacom_parse_and_register+0x338/0x900 [wacom]
[   56.698050] [<ffff800004f9d74c>] wacom_probe+0x32c/0x420 [wacom]
[   56.698099] [<9000000006307564>] hid_device_probe+0x144/0x260
[   56.698103] [<9000000005e65d68>] really_probe+0x208/0x540
[   56.698109] [<9000000005e661dc>] __driver_probe_device+0x13c/0x1e0
[   56.698112] [<9000000005e66620>] driver_probe_device+0x40/0x100
[   56.698116] [<9000000005e6680c>] __device_attach_driver+0x12c/0x180
[   56.698119] [<9000000005e62bc8>] bus_for_each_drv+0x88/0x160
[   56.698123] [<9000000005e66468>] __device_attach+0x108/0x260
[   56.698126] [<9000000005e63918>] device_reprobe+0x78/0x100
[   56.698129] [<9000000005e62a68>] bus_for_each_dev+0x88/0x160
[   56.698132] [<9000000006304e54>] __hid_bus_driver_added+0x34/0x80
[   56.698134] [<9000000005e62bc8>] bus_for_each_drv+0x88/0x160
[   56.698137] [<9000000006304df0>] __hid_register_driver+0x70/0xa0
[   56.698142] [<9000000004e10fe4>] do_one_initcall+0x104/0x320
[   56.698146] [<9000000004f38150>] do_init_module+0x90/0x2c0
[   56.698151] [<9000000004f3a3d8>] init_module_from_file+0xb8/0x120
[   56.698155] [<9000000004f3a590>] idempotent_init_module+0x150/0x3a0
[   56.698159] [<9000000004f3a890>] sys_finit_module+0xb0/0x140
[   56.698163] [<900000000671e4e8>] do_syscall+0x88/0xc0
[   56.698166] [<9000000004e12404>] handle_syscall+0xc4/0x160
[   56.698171] Code: 0011958f  00150224  5800cd85 <2a00022c> 00150004  4000c180  0015022c  03400000  03400000
[   56.698192] ---[ end trace 0000000000000000 ]---

Fixes: 09dc28acaec7 ("HID: wacom: Improve generic name generation")
Reported-by: Zhenxing Chen <chenzhenxing@uniontech.com>
Co-developed-by: Xu Rao <raoxu@uniontech.com>
Signed-off-by: Xu Rao <raoxu@uniontech.com>
Signed-off-by: WangYuli <wangyuli@uniontech.com>
Link: https://patch.msgid.link/B31757FE8E1544CF+20241125052616.18261-1-wangyuli@uniontech.com
Cc: stable@vger.kernel.org
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-12-17 13:24:28 +01:00
..
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-11-19 12:26:51 +01:00
acpi acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() 2024-12-17 13:23:59 +01:00
amba
android Revert "binder: fix UAF caused by offsets overwrite" 2024-11-24 00:23:38 +01:00
ata Revert "ata: libata-core: Fix null pointer dereference on error" 2024-11-24 00:23:50 +01:00
atm atm: idt77252: prevent use after free in dequeue_rx() 2024-11-23 23:20:43 +01:00
auxdisplay
base driver core: bus: Fix double free in driver API bus_register() 2024-12-17 13:24:18 +01:00
battery
bcma
block Revert "zram: Set default compressor to zstd" 2024-12-03 19:58:37 +01:00
bluetooth Revert "Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO" 2024-11-24 00:23:50 +01:00
bts
bus Revert "bus: integrator-lm: fix OF node leak in probe()" 2024-11-24 00:23:16 +01:00
cdrom
char Revert "tpm: Clean up TPM space after command failure" 2024-11-24 00:23:24 +01:00
clk clk: clk-axi-clkgen: make sure to enable the AXI bus clock 2024-12-17 13:24:10 +01:00
clocksource clocksource/drivers:sp804: Make user selectable 2024-12-17 13:24:00 +01:00
connector
counter counter: ti-eqep: enable clock at probe 2024-11-19 14:19:33 +01:00
cpufreq cpufreq: loongson2: Unregister platform_driver on failure 2024-12-17 13:24:08 +01:00
cpuidle cpuidle: menu: Take negative "sleep length" values into account 2024-11-19 18:01:28 +01:00
crypto crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() 2024-12-17 13:24:00 +01:00
dax
dca
devfreq PM / devfreq: Fix buffer overflow in trans_stat_show 2024-11-19 11:32:38 +01:00
dio
dma dmaengine: dw: Add memory bus width verification 2024-11-23 23:20:55 +01:00
dma-buf dma-buf/sync_file: Speed up ioctl by omitting debug names 2024-11-19 17:53:23 +01:00
edac EDAC/fsl_ddr: Fix bad bit shift operations 2024-12-17 13:23:59 +01:00
eisa
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-11-19 12:27:04 +01:00
fingerprint
firewire firewire: nosy: ensure user_length is taken into account when fetching packet contents 2024-11-19 11:32:46 +01:00
firmware firmware: arm_scpi: Check the DVFS OPP count returned by the firmware 2024-12-17 13:24:03 +01:00
fpga fpga: region: add owner module and take its refcount 2024-11-19 12:27:04 +01:00
fsi
gnss
gpio gpio: grgpio: Add NULL check in grgpio_probe 2024-12-17 13:24:27 +01:00
gpu drm/sti: Add __iomem for mixer_dbg_mxn's parameter 2024-12-17 13:24:27 +01:00
greybus greybus: Fix use-after-free bug in gb_interface_release due to race condition. 2024-11-19 14:19:05 +01:00
gud
hid HID: wacom: fix when get product name maybe null pointer 2024-12-17 13:24:28 +01:00
hsi
hv Revert "Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic" 2024-11-24 00:23:37 +01:00
hwmon Revert "hwmon: (adc128d818) Fix underflows seen when writing limit attributes" 2024-11-24 00:23:40 +01:00
hwspinlock Revert "hwspinlock: Introduce hwspin_lock_bust()" 2024-11-24 00:23:48 +01:00
hwtracing Revert "coresight: tmc: sg: Do not leak sg_table" 2024-11-24 00:23:19 +01:00
i2c Revert "i2c: Add i2c_get_match_data()" 2024-11-24 00:23:27 +01:00
i3c i3c: master: Fix dynamic address leak when 'assigned-address' is present 2024-12-17 13:24:27 +01:00
ide
idle
ifconn
iio ad7780: fix division by zero in ad7780_write_raw() 2024-12-17 13:24:23 +01:00
infiniband RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() 2024-12-17 13:24:09 +01:00
input Revert "Input: uinput - reject requests with unreasonable number of slots" 2024-11-24 00:23:39 +01:00
interconnect Revert "interconnect: qcom: sm8250: Enable sync_state" 2024-11-24 00:23:19 +01:00
iommu Revert "iommu: sun50i: clear bypass register" 2024-11-24 00:23:43 +01:00
ipack
irqchip irqchip/gic-v3: Force propagation of the active state with a read-back 2024-11-30 02:33:26 +01:00
isdn mISDN: Fix a use after free in hfcmulti_tx() 2024-11-23 23:20:17 +01:00
kperfmon
kq/mesh
leds leds: lp55xx: Remove redundant test for invalid channel number 2024-12-17 13:20:50 +01:00
lightnvm
macintosh macintosh/therm_windtunnel: fix module unload. 2024-11-23 23:20:11 +01:00
mailbox Revert "mailbox: rockchip: fix a typo in module autoloading" 2024-11-24 00:23:13 +01:00
mcb
md dm thin: Add missing destroy_work_on_stack() 2024-12-17 13:24:24 +01:00
media media: v4l2-core: v4l2-dv-timings: check cvt/gtf result 2024-12-17 13:24:20 +01:00
memory memory: stm32-fmc2-ebi: check regmap_read return value 2024-11-23 23:20:46 +01:00
memstick
message scsi: fusion: Remove unused variable 'rc' 2024-12-17 13:24:09 +01:00
mfd mfd: rt5033: Fix missing regmap_del_irq_chip() 2024-12-17 13:24:08 +01:00
misc misc: apds990x: Fix missing pm_runtime_disable() 2024-12-17 13:24:16 +01:00
mmc mmc: mmc_spi: drop buggy snprintf() 2024-12-17 13:24:00 +01:00
most
mtd ubi: fastmap: Fix duplicate slab cache names while attaching 2024-12-17 13:24:21 +01:00
muic
mux
net geneve: do not assume mac header is set in geneve_xmit_skb() 2024-12-17 13:24:27 +01:00
nfc nfc: pn533: Add poll mod list filling check 2024-11-23 23:20:55 +01:00
ntb Revert "ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()" 2024-11-24 00:23:20 +01:00
nubus
nvdimm Revert "virtio_pmem: Check device status before requesting flush" 2024-11-24 00:22:58 +01:00
nvme nvme-pci: fix freeing of the HMB descriptor table 2024-12-17 13:23:59 +01:00
nvmem Revert "nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc" 2024-11-24 00:23:38 +01:00
of Revert "of/irq: Prevent device address out-of-bounds read in interrupt map walk" 2024-11-24 00:23:38 +01:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-11-19 08:44:49 +01:00
oprofile
parisc
parport Revert "parport: Proper fix for array out-of-bounds access" 2024-11-24 00:22:51 +01:00
pci PCI: keystone: Add link up check to ks_pcie_other_map_bus() 2024-12-17 13:24:24 +01:00
pcmcia Revert "pcmcia: Use resource_size function on resource object" 2024-11-24 00:23:42 +01:00
perf
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-11-19 09:22:34 +01:00
pinctrl Revert "pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins" 2024-11-24 00:23:50 +01:00
platform platform/chrome: cros_ec_typec: fix missing fwnode reference decrement 2024-12-17 13:24:19 +01:00
pnp PNP: ACPI: fix fortify warning 2024-11-18 12:13:09 +01:00
power power: supply: bq27xxx: Fix registers of bq27426 2024-12-17 13:24:13 +01:00
powercap Revert "powercap: RAPL: fix invalid initialization for pl4_supported field" 2024-11-24 00:23:18 +01:00
pps Revert "pps: remove usage of the deprecated ida_simple_xx() API" 2024-11-24 00:23:14 +01:00
ps3
ptp ptp: Add error handling for adjfine callback in ptp_clock_adjtime 2024-12-17 13:24:25 +01:00
pwm pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle 2024-12-17 13:24:02 +01:00
rapidio
ras
regulator regulator: rk808: Add apply_bit for BUCK3 on RK809 2024-12-17 13:23:58 +01:00
remoteproc remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region 2024-12-17 13:24:13 +01:00
reset Revert "reset: berlin: fix OF node leak in probe() error path" 2024-11-24 00:23:27 +01:00
rpmsg rpmsg: glink: Propagate TX failures in intentless mode as well 2024-12-17 13:24:21 +01:00
rtc rtc: ab-eoz9: don't fail temperature reads on undervoltage notification 2024-12-17 13:24:22 +01:00
s390 Revert "s390/zcore: no need to check return value of debugfs_create functions" 2024-11-24 00:22:59 +01:00
samsung
sbus
scsi scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() 2024-12-17 13:24:09 +01:00
sensorhub
sensors
sfi
sh sh: intc: Fix use-after-free bug in register_intc_controller() 2024-12-17 13:24:23 +01:00
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-11-19 09:22:34 +01:00
soc soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() 2024-12-17 13:24:17 +01:00
soundwire Revert "soundwire: stream: fix programming slave ports for non-continous port maps" 2024-11-24 00:23:49 +01:00
spi spi: mpc52xx: Add cancel_work_sync before module remove 2024-12-17 13:24:27 +01:00
spmi
spu_verify
ssb ssb: Fix division by zero issue in ssb_calc_clock_rate 2024-11-23 23:20:44 +01:00
staging comedi: Flush partial mappings in error case 2024-12-17 13:24:18 +01:00
sti
target scsi: target: core: Fix null-ptr-deref in target_alloc_device() 2024-11-23 23:21:59 +01:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-11-19 09:22:39 +01:00
thermal
thunderbolt thunderbolt: Mark XDomain as unplugged when router is removed 2024-11-23 23:20:42 +01:00
tty serial: 8250: omap: Move pm_runtime_get_sync 2024-12-17 13:24:19 +01:00
uh
uio Revert "uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind" 2024-11-24 00:23:37 +01:00
usb usb: dwc3: gadget: Fix looping of queued SG entries 2024-12-17 13:24:20 +01:00
vdpa vdpa/mlx5: Fix suboptimal range on iotlb iteration 2024-12-17 13:24:13 +01:00
vfio vfio/pci: Properly hide first-in-list PCIe extended capability 2024-12-17 13:24:13 +01:00
vhost Revert "vdpa: Add eventfd for the vdpa callback" 2024-11-24 00:23:19 +01:00
vibrator
video fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() 2024-12-17 13:24:09 +01:00
virt
virtio Revert "vdpa: Add eventfd for the vdpa callback" 2024-11-24 00:23:19 +01:00
vision
vision3
visorbus
vlynq
vme
w1
watchdog watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() 2024-12-17 13:24:25 +01:00
xen xen: Fix the issue of resource not being properly released in xenbus_dev_probe() 2024-12-17 13:24:17 +01:00
zorro
Kconfig Added KernelSU 2024-11-19 22:44:48 +01:00
Kconfig.variant1
kernelsu Added KernelSU 2024-11-19 22:44:48 +01:00
Makefile Added KernelSU 2024-11-19 22:44:48 +01:00
Makefile.variant1