Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers
History
Niklas Cassel c45f01f66c ata: libata-core: Fix null pointer dereference on error 
commit 5d92c7c566dc76d96e0e19e481d926bbe6631c1e upstream.

If the ata_port_alloc() call in ata_host_alloc() fails,
ata_host_release() will get called.

However, the code in ata_host_release() tries to free ata_port struct
members unconditionally, which can lead to the following:

BUG: unable to handle page fault for address: 0000000000003990
PGD 0 P4D 0
Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
RIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]
Code: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41
RSP: 0018:ffffc90000ebb968 EFLAGS: 00010246
RAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0
RBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68
R10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004
R13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006
FS:  00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
 <TASK>
 ? __die_body.cold+0x19/0x27
 ? page_fault_oops+0x15a/0x2f0
 ? exc_page_fault+0x7e/0x180
 ? asm_exc_page_fault+0x26/0x30
 ? ata_host_release.cold+0x2f/0x6e [libata]
 ? ata_host_release.cold+0x2f/0x6e [libata]
 release_nodes+0x35/0xb0
 devres_release_group+0x113/0x140
 ata_host_alloc+0xed/0x120 [libata]
 ata_host_alloc_pinfo+0x14/0xa0 [libata]
 ahci_init_one+0x6c9/0xd20 [ahci]

Do not access ata_port struct members unconditionally.

Fixes: 633273a3ed1c ("libata-pmp: hook PMP support and enable it")
Cc: stable@vger.kernel.org
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: John Garry <john.g.garry@oracle.com>
Link: https://lore.kernel.org/r/20240629124210.181537-7-cassel@kernel.org
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-23 23:20:54 +01:00
..
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-11-19 12:26:51 +01:00
acpi ACPI: SBS: manage alarm sysfs attribute through psy core 2024-11-23 23:20:23 +01:00
amba
android binder: fix hang of unregistered readers 2024-11-23 23:20:14 +01:00
ata ata: libata-core: Fix null pointer dereference on error 2024-11-23 23:20:54 +01:00
atm atm: idt77252: prevent use after free in dequeue_rx() 2024-11-23 23:20:43 +01:00
auxdisplay
base driver core: Fix uevent_show() vs driver detach race 2024-11-23 23:20:28 +01:00
battery
bcma
block rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings 2024-11-23 23:20:16 +01:00
bluetooth Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO 2024-11-23 23:20:50 +01:00
bts
bus bus: tegra-aconnect: Update dependency to ARCH_TEGRA 2024-11-19 08:44:45 +01:00
cdrom
char hwrng: amd - Convert PCIBIOS_* return codes to errnos 2024-11-23 23:20:14 +01:00
clk clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use 2024-11-23 23:20:14 +01:00
clocksource clocksource/drivers/sh_cmt: Address race condition for clock events 2024-11-23 23:20:23 +01:00
connector
counter counter: ti-eqep: enable clock at probe 2024-11-19 14:19:33 +01:00
cpufreq cpufreq: exit() callback is optional 2024-11-19 12:26:54 +01:00
cpuidle cpuidle: menu: Take negative "sleep length" values into account 2024-11-19 18:01:28 +01:00
crypto crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak 2024-11-19 12:27:18 +01:00
dax
dca
devfreq PM / devfreq: Fix buffer overflow in trans_stat_show 2024-11-19 11:32:38 +01:00
dio
dma dmaengine: ioatdma: Fix missing kmem_cache_destroy() 2024-11-19 14:19:09 +01:00
dma-buf dma-buf/sync_file: Speed up ioctl by omitting debug names 2024-11-19 17:53:23 +01:00
edac EDAC, i10nm: make skx_common.o a separate module 2024-11-23 23:19:56 +01:00
eisa
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-11-19 12:27:04 +01:00
fingerprint
firewire firewire: nosy: ensure user_length is taken into account when fetching packet contents 2024-11-19 11:32:46 +01:00
firmware firmware: turris-mox-rwtm: Initialize completion before mailbox 2024-11-23 23:20:06 +01:00
fpga fpga: region: add owner module and take its refcount 2024-11-19 12:27:04 +01:00
fsi
gnss
gpio gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) 2024-11-19 14:19:33 +01:00
gpu drm/amdkfd: don't allow mapping the MMIO HDP page with large pages 2024-11-23 23:20:53 +01:00
greybus greybus: Fix use-after-free bug in gb_interface_release due to race condition. 2024-11-19 14:19:05 +01:00
gud
hid HID: microsoft: Add rumble support to latest xbox controllers 2024-11-23 23:20:49 +01:00
hsi
hv
hwmon hwmon: (max6697) Fix swapped temp{1,8} critical alarms 2024-11-23 23:19:57 +01:00
hwspinlock
hwtracing coresight: Fix ref leak when of_coresight_parse_endpoint() fails 2024-11-23 23:20:10 +01:00
i2c i2c: riic: avoid potential division by zero 2024-11-23 23:20:44 +01:00
i3c
ide
idle
ifconn
iio iio: chemical: bme680: Fix sensor data read operation 2024-11-19 14:19:33 +01:00
infiniband IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock 2024-11-23 23:20:45 +01:00
input Revert "Input: ioc3kbd - convert to platform remove callback returning void" 2024-11-23 23:20:54 +01:00
interconnect
iommu iommu: pcie: Fix incorrect kmemleak_ignore() usage 2024-11-19 17:53:28 +01:00
ipack
irqchip irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc 2024-11-23 23:20:47 +01:00
isdn mISDN: Fix a use after free in hfcmulti_tx() 2024-11-23 23:20:17 +01:00
kperfmon
kq/mesh
leds leds: ss4200: Convert PCIBIOS_* return codes to errnos 2024-11-23 23:20:13 +01:00
lightnvm
macintosh macintosh/therm_windtunnel: fix module unload. 2024-11-23 23:20:11 +01:00
mailbox mailbox: imx: fix suspend failue 2024-11-19 11:32:20 +01:00
mcb
md dm suspend: return -ERESTARTSYS instead of -EINTR 2024-11-23 23:20:47 +01:00
media media: uvcvideo: Fix integer overflow calculating timestamp 2024-11-23 23:20:54 +01:00
memory memory: stm32-fmc2-ebi: check regmap_read return value 2024-11-23 23:20:46 +01:00
memstick
message
mfd mfd: omap-usb-tll: Use struct_size to allocate tll 2024-11-23 23:20:09 +01:00
misc uid_sys_stats: Remove dependency on the profiling subsystem 2024-11-19 17:53:52 +01:00
mmc mmc: dw_mmc: allow biu and ciu clocks to defer 2024-11-23 23:20:50 +01:00
most
mtd ubi: eba: properly rollback inside self_check_eba 2024-11-23 23:20:14 +01:00
muic
mux
net wifi: mwifiex: duplicate static structs used in driver instances 2024-11-23 23:20:53 +01:00
nfc NFC: trf7970a: disable all regulators on removal 2024-11-19 11:32:37 +01:00
ntb
nubus
nvdimm
nvme nvmet-rdma: fix possible bad dereference when freeing rsps 2024-11-23 23:20:47 +01:00
nvmem nvmem: meson-efuse: Fix return value of nvmem callbacks 2024-11-19 14:19:45 +01:00
of of: dynamic: Synchronize of_changeset_destroy() with the devlink removals 2024-11-19 09:23:10 +01:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-11-19 08:44:49 +01:00
oprofile
parisc
parport dev/parport: fix the array out-of-bounds risk 2024-11-23 23:20:14 +01:00
pci PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal 2024-11-23 23:20:30 +01:00
pcmcia
perf
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-11-19 09:22:34 +01:00
pinctrl pinctrl: single: fix potential NULL dereference in pcs_get_function() 2024-11-23 23:20:53 +01:00
platform platform/chrome: cros_ec_proto: Lock device when updating MKBP version 2024-11-23 23:20:20 +01:00
pnp
power power: supply: axp288_charger: Round constant_charge_voltage writes down 2024-11-23 23:20:29 +01:00
powercap
pps
ps3
ptp ptp: Fix error message on failed pin verification 2024-11-19 14:19:01 +01:00
pwm pwm: stm32: Always do lazy disabling 2024-11-23 23:19:56 +01:00
rapidio
ras
regulator regulator: core: Fix modpost error "regulator_get_regmap" undefined 2024-11-19 14:19:09 +01:00
remoteproc remoteproc: imx_rproc: Skip over memory region when node value is NULL 2024-11-23 23:20:20 +01:00
reset
rpmsg
rtc rtc: isl1208: Fix return value of nvmem callbacks 2024-11-23 23:20:15 +01:00
s390 s390/cio: rename bitmap_size() -> idset_bitmap_size() 2024-11-23 23:20:43 +01:00
samsung
sbus
scsi scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() 2024-11-23 23:20:45 +01:00
sensorhub
sensors
sfi
sh
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-11-19 09:22:34 +01:00
soc drivers: soc: xilinx: check return status of get_api_version() 2024-11-23 23:20:19 +01:00
soundwire soundwire: cadence: fix invalid PDI offset 2024-11-19 12:27:00 +01:00
spi spi: spi-fsl-lpspi: Fix scldiv calculation 2024-11-23 23:20:27 +01:00
spmi
spu_verify
ssb ssb: Fix division by zero issue in ssb_calc_clock_rate 2024-11-23 23:20:44 +01:00
staging staging: ks7010: disable bh on tx_dev_lock 2024-11-23 23:20:44 +01:00
sti
target target/file: allocate the bvec array as part of struct target_core_file_cmd 2024-11-19 17:42:15 +01:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-11-19 09:22:39 +01:00
thermal
thunderbolt thunderbolt: Mark XDomain as unplugged when router is removed 2024-11-23 23:20:42 +01:00
tty serial: core: check uartclk for zero to avoid divide by zero 2024-11-23 23:20:29 +01:00
uh
uio
usb usb: dwc3: core: Skip setting event buffers for host only controllers 2024-11-23 23:20:47 +01:00
vdpa
vfio vfio/fsl-mc: Block calling interrupt handler without trigger 2024-11-19 09:22:45 +01:00
vhost vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler 2024-11-23 23:20:31 +01:00
vibrator
video Optimized Console FrameBuffer for upto 70% increase in Performance 2024-11-19 17:30:21 +01:00
virt
virtio virtio: delete vq in vp_find_vqs_msix() when request_irq() fails 2024-11-19 12:27:09 +01:00
vision
vision3
visorbus
vlynq
vme
w1
watchdog watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin 2024-11-19 12:27:18 +01:00
xen xen/events: close evtchn after mapping cleanup 2024-11-19 09:22:39 +01:00
zorro
Kconfig Added KernelSU 2024-11-19 22:44:48 +01:00
Kconfig.variant1
kernelsu Added KernelSU 2024-11-19 22:44:48 +01:00
Makefile Added KernelSU 2024-11-19 22:44:48 +01:00
Makefile.variant1