Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers
History
Jiawei Ye 42ac5e3f69 wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param 
[ Upstream commit 6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8 ]

In the `wilc_parse_join_bss_param` function, the TSF field of the `ies`
structure is accessed after the RCU read-side critical section is
unlocked. According to RCU usage rules, this is illegal. Reusing this
pointer can lead to unpredictable behavior, including accessing memory
that has been updated or causing use-after-free issues.

This possible bug was identified using a static analysis tool developed
by myself, specifically designed to detect RCU-related issues.

To address this, the TSF value is now stored in a local variable
`ies_tsf` before the RCU lock is released. The `param->tsf_lo` field is
then assigned using this local variable, ensuring that the TSF value is
safely accessed.

Fixes: 205c50306acf ("wifi: wilc1000: fix RCU usage in connect path")
Signed-off-by: Jiawei Ye <jiawei.ye@foxmail.com>
Reviewed-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://patch.msgid.link/tencent_466225AA599BA49627FB26F707EE17BC5407@qq.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-23 23:21:18 +01:00
..
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-11-19 12:26:51 +01:00
acpi ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() 2024-11-23 23:21:17 +01:00
amba Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
android binder: fix UAF caused by offsets overwrite 2024-11-23 23:21:07 +01:00
ata ata: pata_macio: Use WARN instead of BUG 2024-11-23 23:21:06 +01:00
atm atm: idt77252: prevent use after free in dequeue_rx() 2024-11-23 23:20:43 +01:00
auxdisplay Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
base devres: Initialize an uninitialized struct member 2024-11-23 23:21:05 +01:00
battery drivers: battery_v2: sec_battery: export {CURRENT/VOLTAGE}_MAX to sysfs 2024-11-17 17:43:14 +01:00
bcma Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
block rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings 2024-11-23 23:20:16 +01:00
bluetooth Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO 2024-11-23 23:20:50 +01:00
bts Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bus bus: tegra-aconnect: Update dependency to ARCH_TEGRA 2024-11-19 08:44:45 +01:00
cdrom Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
char hwrng: amd - Convert PCIBIOS_* return codes to errnos 2024-11-23 23:20:14 +01:00
clk clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API 2024-11-23 23:21:00 +01:00
clocksource clocksource/drivers/timer-of: Remove percpu irq related code 2024-11-23 23:21:07 +01:00
connector Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
counter counter: ti-eqep: enable clock at probe 2024-11-19 14:19:33 +01:00
cpufreq cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately 2024-11-23 23:21:18 +01:00
cpuidle cpuidle: menu: Take negative "sleep length" values into account 2024-11-19 18:01:28 +01:00
crypto crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak 2024-11-19 12:27:18 +01:00
dax Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dca Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
devfreq PM / devfreq: Fix buffer overflow in trans_stat_show 2024-11-19 11:32:38 +01:00
dio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dma dmaengine: dw: Add memory bus width verification 2024-11-23 23:20:55 +01:00
dma-buf dma-buf/sync_file: Speed up ioctl by omitting debug names 2024-11-19 17:53:23 +01:00
edac EDAC, i10nm: make skx_common.o a separate module 2024-11-23 23:19:56 +01:00
eisa Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-11-19 12:27:04 +01:00
fingerprint Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
firewire firewire: nosy: ensure user_length is taken into account when fetching packet contents 2024-11-19 11:32:46 +01:00
firmware firmware: turris-mox-rwtm: Initialize completion before mailbox 2024-11-23 23:20:06 +01:00
fpga fpga: region: add owner module and take its refcount 2024-11-19 12:27:04 +01:00
fsi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gnss Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gpio gpiolib: cdev: Ignore reconfiguration without direction 2024-11-23 23:21:16 +01:00
gpu drm: komeda: Fix an issue related to normalized zpos 2024-11-23 23:21:15 +01:00
greybus greybus: Fix use-after-free bug in gb_interface_release due to race condition. 2024-11-19 14:19:05 +01:00
gud Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hid HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup 2024-11-23 23:21:06 +01:00
hsi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hv Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-11-23 23:21:07 +01:00
hwmon hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 2024-11-23 23:21:12 +01:00
hwspinlock hwspinlock: Introduce hwspin_lock_bust() 2024-11-23 23:20:58 +01:00
hwtracing coresight: Fix ref leak when of_coresight_parse_endpoint() fails 2024-11-23 23:20:10 +01:00
i2c i2c: riic: avoid potential division by zero 2024-11-23 23:20:44 +01:00
i3c i3c: master: cdns: Update maximum prescaler value for i2c clock 2024-11-18 12:13:19 +01:00
ide Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
idle Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ifconn Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iio iio: adc: ad7124: fix chip ID mismatch 2024-11-23 23:21:07 +01:00
infiniband IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock 2024-11-23 23:20:45 +01:00
input Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table 2024-11-23 23:21:11 +01:00
interconnect interconnect: Treat xlate() returning NULL node as an error 2024-11-18 12:12:00 +01:00
iommu iommu/vt-d: Handle volatile descriptor status read 2024-11-23 23:21:05 +01:00
ipack Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
irqchip irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 2024-11-23 23:21:03 +01:00
isdn mISDN: Fix a use after free in hfcmulti_tx() 2024-11-23 23:20:17 +01:00
kperfmon Kperfmon: add xyunbound version 2024-06-15 16:28:49 -03:00
kq/mesh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
leds leds: spi-byte: Call of_node_put() on error path 2024-11-23 23:21:03 +01:00
lightnvm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
macintosh macintosh/therm_windtunnel: fix module unload. 2024-11-23 23:20:11 +01:00
mailbox mailbox: imx: fix suspend failue 2024-11-19 11:32:20 +01:00
mcb mcb: fix error handling for different scenarios when parsing 2024-11-18 11:43:25 +01:00
md dm init: Handle minors larger than 255 2024-11-23 23:21:05 +01:00
media media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse 2024-11-23 23:21:03 +01:00
memory memory: stm32-fmc2-ebi: check regmap_read return value 2024-11-23 23:20:46 +01:00
memstick Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
message Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mfd mfd: omap-usb-tll: Use struct_size to allocate tll 2024-11-23 23:20:09 +01:00
misc VMCI: Fix use-after-free when removing resource in vmci_resource_remove() 2024-11-23 23:21:07 +01:00
mmc mmc: cqhci: Fix checking of CQHCI_HALT state 2024-11-23 23:21:09 +01:00
most Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mtd ubi: eba: properly rollback inside self_check_eba 2024-11-23 23:20:14 +01:00
muic Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mux Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
net wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param 2024-11-23 23:21:18 +01:00
nfc nfc: pn533: Add poll mod list filling check 2024-11-23 23:20:55 +01:00
ntb Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nubus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nvdimm nd_btt: Make BTT lanes preemptible 2024-11-18 11:43:03 +01:00
nvme nvmet-tcp: fix kernel crash if commands allocation fails 2024-11-23 23:21:08 +01:00
nvmem nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc 2024-11-23 23:21:07 +01:00
of of/irq: Prevent device address out-of-bounds read in interrupt map walk 2024-11-23 23:21:06 +01:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-11-19 08:44:49 +01:00
oprofile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
parisc Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
parport dev/parport: fix the array out-of-bounds risk 2024-11-23 23:20:14 +01:00
pci PCI: Add missing bridge lock to pci_bus_lock() 2024-11-23 23:21:06 +01:00
pcmcia pcmcia: Use resource_size function on resource object 2024-11-23 23:21:03 +01:00
perf perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 2024-11-08 11:24:52 +01:00
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-11-19 09:22:34 +01:00
pinctrl pinctrl: at91: make it work with current gpiolib 2024-11-23 23:21:14 +01:00
platform platform/x86: dell-smbios: Fix error path in dell_smbios_init() 2024-11-23 23:21:04 +01:00
pnp PNP: ACPI: fix fortify warning 2024-11-18 12:13:09 +01:00
power power: supply: axp288_charger: Round constant_charge_voltage writes down 2024-11-23 23:20:29 +01:00
powercap Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pps Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ps3 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ptp ptp: Fix error message on failed pin verification 2024-11-19 14:19:01 +01:00
pwm pwm: stm32: Always do lazy disabling 2024-11-23 23:19:56 +01:00
rapidio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ras Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
regulator regulator: core: Fix modpost error "regulator_get_regmap" undefined 2024-11-19 14:19:09 +01:00
remoteproc remoteproc: imx_rproc: Skip over memory region when node value is NULL 2024-11-23 23:20:20 +01:00
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-11-18 12:12:16 +01:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-11-18 12:12:56 +01:00
rtc rtc: isl1208: Fix return value of nvmem callbacks 2024-11-23 23:20:15 +01:00
s390 s390/cio: rename bitmap_size() -> idset_bitmap_size() 2024-11-23 23:20:43 +01:00
samsung Fix clang 16 errors treewide 2024-06-15 16:28:48 -03:00
sbus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
scsi scsi: aacraid: Fix double-free on probe failure 2024-11-23 23:20:55 +01:00
sensorhub treewide: fix build errors 2024-06-15 16:21:17 -03:00
sensors Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sfi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
siox Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-11-19 09:22:34 +01:00
soc soc: qcom: cmd-db: Map shared memory as WC, not WB 2024-11-23 23:20:55 +01:00
soundwire soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" 2024-11-23 23:21:13 +01:00
spi spi: bcm63xx: Enable module autoloading 2024-11-23 23:21:15 +01:00
spmi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
spu_verify Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ssb ssb: Fix division by zero issue in ssb_calc_clock_rate 2024-11-23 23:20:44 +01:00
staging minmax: reduce min/max macro expansion in atomisp driver 2024-11-23 23:21:12 +01:00
sti Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
target target/file: allocate the bvec array as part of struct target_core_file_cmd 2024-11-19 17:42:15 +01:00
tc Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-11-19 09:22:39 +01:00
thermal thermal: core: prevent potential string overflow 2024-11-18 11:42:50 +01:00
thunderbolt thunderbolt: Mark XDomain as unplugged when router is removed 2024-11-23 23:20:42 +01:00
tty serial: core: check uartclk for zero to avoid divide by zero 2024-11-23 23:20:29 +01:00
uh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uio Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2024-11-23 23:21:07 +01:00
usb USB: usbtmc: prevent kernel-usb-infoleak 2024-11-23 23:21:16 +01:00
vdpa Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vfio vfio/fsl-mc: Block calling interrupt handler without trigger 2024-11-19 09:22:45 +01:00
vhost vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler 2024-11-23 23:20:31 +01:00
vibrator Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
video Optimized Console FrameBuffer for upto 70% increase in Performance 2024-11-19 17:30:21 +01:00
virt Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
virtio virtio: delete vq in vp_find_vqs_msix() when request_irq() fails 2024-11-19 12:27:09 +01:00
vision Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vision3 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
visorbus Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vlynq Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vme Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
w1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
watchdog watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin 2024-11-19 12:27:18 +01:00
xen xen/events: close evtchn after mapping cleanup 2024-11-19 09:22:39 +01:00
zorro Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig Added KernelSU 2024-11-19 22:44:48 +01:00
Kconfig.variant1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kernelsu Added KernelSU 2024-11-19 22:44:48 +01:00
Makefile Added KernelSU 2024-11-19 22:44:48 +01:00
Makefile.variant1 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00