Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers
History
Dirk Behme 32ba65d9a4 drivers: core: synchronize really_probe() and dev_uevent() 
commit c0a40097f0bc81deafc15f9195d1fb54595cd6d0 upstream.

Synchronize the dev->driver usage in really_probe() and dev_uevent().
These can run in different threads, what can result in the following
race condition for dev->driver uninitialization:

Thread #1:
==========

really_probe() {
...
probe_failed:
...
device_unbind_cleanup(dev) {
    ...
    dev->driver = NULL;   // <= Failed probe sets dev->driver to NULL
    ...
    }
...
}

Thread #2:
==========

dev_uevent() {
...
if (dev->driver)
      // If dev->driver is NULLed from really_probe() from here on,
      // after above check, the system crashes
      add_uevent_var(env, "DRIVER=%s", dev->driver->name);
...
}

really_probe() holds the lock, already. So nothing needs to be done
there. dev_uevent() is called with lock held, often, too. But not
always. What implies that we can't add any locking in dev_uevent()
itself. So fix this race by adding the lock to the non-protected
path. This is the path where above race is observed:

 dev_uevent+0x235/0x380
 uevent_show+0x10c/0x1f0  <= Add lock here
 dev_attr_show+0x3a/0xa0
 sysfs_kf_seq_show+0x17c/0x250
 kernfs_seq_show+0x7c/0x90
 seq_read_iter+0x2d7/0x940
 kernfs_fop_read_iter+0xc6/0x310
 vfs_read+0x5bc/0x6b0
 ksys_read+0xeb/0x1b0
 __x64_sys_read+0x42/0x50
 x64_sys_call+0x27ad/0x2d30
 do_syscall_64+0xcd/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Similar cases are reported by syzkaller in

https://syzkaller.appspot.com/bug?extid=ffa8143439596313a85a

But these are regarding the *initialization* of dev->driver

dev->driver = drv;

As this switches dev->driver to non-NULL these reports can be considered
to be false-positives (which should be "fixed" by this commit, as well,
though).

The same issue was reported and tried to be fixed back in 2015 in

https://lore.kernel.org/lkml/1421259054-2574-1-git-send-email-a.sangwan@samsung.com/

already.

Fixes: 239378f16aa1 ("Driver core: add uevent vars for devices of a class")
Cc: stable <stable@kernel.org>
Cc: syzbot+ffa8143439596313a85a@syzkaller.appspotmail.com
Cc: Ashish Sangwan <a.sangwan@samsung.com>
Cc: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com>
Link: https://lore.kernel.org/r/20240513050634.3964461-1-dirk.behme@de.bosch.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-19 14:19:04 +01:00
..
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-11-19 12:26:51 +01:00
acpi ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx 2024-11-19 12:27:13 +01:00
amba Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
android binder: check offset alignment in binder_get_object() 2024-11-19 11:32:22 +01:00
ata ata: pata_legacy: make legacy_exit() work again 2024-11-19 12:27:13 +01:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-11-18 12:13:24 +01:00
auxdisplay Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
base drivers: core: synchronize really_probe() and dev_uevent() 2024-11-19 14:19:04 +01:00
battery drivers: battery_v2: sec_battery: export {CURRENT/VOLTAGE}_MAX to sysfs 2024-11-17 17:43:14 +01:00
bcma Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block null_blk: Print correct max open zones limit in null_init_zoned_dev() 2024-11-19 14:19:00 +01:00
bluetooth Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 2024-11-19 11:32:38 +01:00
bts Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bus bus: tegra-aconnect: Update dependency to ARCH_TEGRA 2024-11-19 08:44:45 +01:00
cdrom Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
char ppdev: Add an error check in register_device 2024-11-19 12:27:04 +01:00
clk clk: qcom: mmcc-msm8998: fix venus clock issue 2024-11-19 12:26:59 +01:00
clocksource clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware 2024-11-18 11:43:12 +01:00
connector Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
counter counter: microchip-tcb-capture: Fix the use of internal GCLK logic 2024-11-08 11:25:51 +01:00
cpufreq cpufreq: exit() callback is optional 2024-11-19 12:26:54 +01:00
cpuidle Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
crypto crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak 2024-11-19 12:27:18 +01:00
dax Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dca Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
devfreq PM / devfreq: Fix buffer overflow in trans_stat_show 2024-11-19 11:32:38 +01:00
dio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dma dmaengine: idma64: Add check for dma_set_max_seg_size 2024-11-19 12:27:00 +01:00
dma-buf dma-buf/sw-sync: don't enable IRQ from sync_print_obj() 2024-11-19 12:27:10 +01:00
edac EDAC/thunderx: Fix possible out-of-bounds string access 2024-11-18 12:12:19 +01:00
eisa Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-11-19 12:27:04 +01:00
fingerprint Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
firewire firewire: nosy: ensure user_length is taken into account when fetching packet contents 2024-11-19 11:32:46 +01:00
firmware firmware: dmi-id: add a release callback function 2024-11-19 12:27:01 +01:00
fpga fpga: region: add owner module and take its refcount 2024-11-19 12:27:04 +01:00
fsi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gnss Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gpio gpio: tqmx86: store IRQ trigger type and unmask status separately 2024-11-19 14:19:03 +01:00
gpu drm/bridge/panel: Fix runtime warning on panel bridge release 2024-11-19 14:19:03 +01:00
greybus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gud Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hid HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() 2024-11-19 14:19:03 +01:00
hsi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hv Drivers: hv: vmbus: Drop error message when 'No request id available' 2024-11-18 23:19:53 +01:00
hwmon hwmon: (shtc1) Fix property misspelling 2024-11-19 12:27:11 +01:00
hwspinlock Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hwtracing intel_th: pci: Add Meteor Lake-S CPU support 2024-11-19 12:27:18 +01:00
i2c i2c: smbus: fix NULL function pointer dereference 2024-11-19 11:32:40 +01:00
i3c i3c: master: cdns: Update maximum prescaler value for i2c clock 2024-11-18 12:13:19 +01:00
ide Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
idle Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ifconn Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iio iio: imu: inv_icm42600: delete unneeded update watermark call 2024-11-19 14:19:04 +01:00
infiniband RDMA/hns: Fix CQ and QP cache affinity 2024-11-19 12:27:20 +01:00
input Input: try trimming too long modalias strings 2024-11-19 14:19:02 +01:00
interconnect interconnect: Treat xlate() returning NULL node as an error 2024-11-18 12:12:00 +01:00
iommu iommu/amd: Fix sysfs leak in iommu init 2024-11-19 14:19:03 +01:00
ipack Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
irqchip irqchip/loongson-pch-msi: Fix off-by-one on allocation error path 2024-11-19 12:26:54 +01:00
isdn Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kperfmon Kperfmon: add xyunbound version 2024-06-15 16:28:49 -03:00
kq/mesh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
leds leds: sgm3140: Add missing timer cleanup and flash gpio control 2024-11-19 08:44:56 +01:00
lightnvm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
macintosh macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" 2024-11-19 12:26:55 +01:00
mailbox mailbox: imx: fix suspend failue 2024-11-19 11:32:20 +01:00
mcb mcb: fix error handling for different scenarios when parsing 2024-11-18 11:43:25 +01:00
md md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING 2024-11-19 12:27:16 +01:00
media Revert "media: cec: core: avoid confusing "transmit timed out" message" 2024-11-19 14:03:20 +01:00
memory Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
memstick Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
message Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mfd mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref 2024-11-19 08:44:54 +01:00
misc mei: me: release irq in mei_me_pci_resume error path 2024-11-19 14:19:02 +01:00
mmc mmc: davinci: Don't strip remove function when driver is builtin 2024-11-19 14:19:01 +01:00
most Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mtd mtd: rawnand: hynix: fixed typo 2024-11-19 12:26:57 +01:00
muic Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mux Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
net ionic: fix use after netif_napi_del() 2024-11-19 14:19:04 +01:00
nfc NFC: trf7970a: disable all regulators on removal 2024-11-19 11:32:37 +01:00
ntb Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nubus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nvdimm nd_btt: Make BTT lanes preemptible 2024-11-18 11:43:03 +01:00
nvme nvmet: fix ns enable/disable possible hang 2024-11-19 12:27:10 +01:00
nvmem nvmem: meson-efuse: fix function pointer type mismatch 2024-11-19 09:22:34 +01:00
of of: dynamic: Synchronize of_changeset_destroy() with the devlink removals 2024-11-19 09:23:10 +01:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-11-19 08:44:49 +01:00
oprofile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
parisc Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
parport parport: parport_serial: Add Brainboxes device IDs and geometry 2024-11-18 12:12:19 +01:00
pci PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 2024-11-19 12:27:04 +01:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2024-11-18 11:43:06 +01:00
perf perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 2024-11-08 11:24:52 +01:00
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-11-19 09:22:34 +01:00
pinctrl pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() 2024-11-19 12:26:38 +01:00
platform platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet 2024-11-19 09:23:14 +01:00
pnp PNP: ACPI: fix fortify warning 2024-11-18 12:13:09 +01:00
power power: rt9455: hide unused rt9455_boost_voltage_values 2024-11-19 11:32:42 +01:00
powercap Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pps Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ps3 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ptp ptp: Fix error message on failed pin verification 2024-11-19 14:19:01 +01:00
pwm pwm: jz4740: Don't use dev_err_probe() in .request() 2024-11-18 12:12:47 +01:00
rapidio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ras Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
regulator regulator: bd71828: Don't overwrite runtime voltages 2024-11-19 12:27:09 +01:00
remoteproc remoteproc: stm32: fix phys_addr_t format string 2024-11-19 08:45:00 +01:00
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-11-18 12:12:16 +01:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-11-18 12:12:56 +01:00
rtc rtc: mt6397: select IRQ_DOMAIN instead of depending on it 2024-11-19 08:44:58 +01:00
s390 s390/ap: Fix crash in AP internal function modify_bitmap() 2024-11-19 12:27:19 +01:00
samsung Fix clang 16 errors treewide 2024-06-15 16:28:48 -03:00
sbus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
scsi scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory 2024-11-19 14:19:02 +01:00
sensorhub treewide: fix build errors 2024-06-15 16:21:17 -03:00
sensors Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sfi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
siox Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-11-19 09:22:34 +01:00
soc soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE 2024-11-19 12:26:52 +01:00
soundwire soundwire: cadence: fix invalid PDI offset 2024-11-19 12:27:00 +01:00
spi spi: stm32: Don't warn about spurious interrupts 2024-11-19 12:27:10 +01:00
spmi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
spu_verify Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ssb Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
staging greybus: arche-ctrl: move device table to its right location 2024-11-19 12:27:01 +01:00
sti Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
target scsi: target: Fix SELinux error when systemd-modules loads the target module 2024-11-19 11:32:44 +01:00
tc Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-11-19 09:22:39 +01:00
thermal thermal: core: prevent potential string overflow 2024-11-18 11:42:50 +01:00
thunderbolt thunderbolt: Fix wake configurations after device unplug 2024-11-19 11:32:22 +01:00
tty serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler 2024-11-19 14:19:01 +01:00
uh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uio uio: Fix use-after-free in uio_open 2024-11-18 12:12:19 +01:00
usb xhci: Apply broken streams quirk to Etron EJ188 xHCI host 2024-11-19 14:19:02 +01:00
vdpa Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vfio vfio/fsl-mc: Block calling interrupt handler without trigger 2024-11-19 09:22:45 +01:00
vhost vhost: Add smp_rmb() in vhost_vq_avail_empty() 2024-11-19 11:32:20 +01:00
vibrator Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
video fbdev: savage: Handle err return when savagefb_check_var failed 2024-11-19 12:27:18 +01:00
virt Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
virtio virtio: delete vq in vp_find_vqs_msix() when request_irq() fails 2024-11-19 12:27:09 +01:00
vision Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vision3 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
visorbus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vlynq Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vme Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
w1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
watchdog watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin 2024-11-19 12:27:18 +01:00
xen xen/events: close evtchn after mapping cleanup 2024-11-19 09:22:39 +01:00
zorro Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig drivers: add stub kperfmon 2024-06-15 16:28:49 -03:00
Kconfig.variant1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile drivers: add stub kperfmon 2024-06-15 16:28:49 -03:00
Makefile.variant1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00