tmp_suning_uos_patched/drivers
Dan Williams 36fdd770c0 ACPI: NFIT: Fix input validation of bus-family
commit 9a7e3d7f056831a6193d6d737fb7a26dfdceb04b upstream.

Dan reports that smatch thinks userspace can craft an out-of-bound bus
family number. However, nd_cmd_clear_to_send() blocks all non-zero
values of bus-family since only the kernel can initiate these commands.
However, in the speculation path, family is a user controlled array
index value so mask it for speculation safety. Also, since the
nd_cmd_clear_to_send() safety is non-obvious and possibly may change in
the future include input validation as if userspace could get past the
nd_cmd_clear_to_send() gatekeeper.

Link: http://lore.kernel.org/r/20201111113000.GA1237157@mwanda
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 6450ddbd5d ("ACPI: NFIT: Define runtime firmware activation commands")
Cc: <stable@vger.kernel.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-30 11:54:05 +01:00
..
accessibility speakup: fix uninitialized flush_lock 2020-12-30 11:53:44 +01:00
acpi ACPI: NFIT: Fix input validation of bus-family 2020-12-30 11:54:05 +01:00
amba
android
ata libata-5.10-2020-10-30 2020-10-30 14:51:01 -07:00
atm atm: nicstar: Unmap DMA on send error 2020-11-18 16:42:07 -08:00
auxdisplay
base PM: runtime: Resume the device earlier in __device_release_driver() 2020-11-02 18:14:07 +01:00
bcma
block block/rnbd-clt: Fix possible memleak 2020-12-30 11:53:57 +01:00
bluetooth Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 2020-12-30 11:53:40 +01:00
bus bus: fsl-mc: fix error return code in fsl_mc_object_allocate() 2020-12-30 11:53:46 +01:00
cdrom
char Char/Misc driver fixes for 5.10-rc4 2020-11-15 10:15:17 -08:00
clk clk: vc5: Use "idt,voltage-microvolt" instead of "idt,voltage-microvolts" 2020-12-30 11:54:01 +01:00
clocksource clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI 2020-12-30 11:53:37 +01:00
connector
counter counter/ti-eqep: Fix regmap max_register 2020-11-01 17:17:31 +00:00
cpufreq cpufreq: imx: fix NVMEM_IMX_OCOTP dependency 2020-12-30 11:53:39 +01:00
cpuidle cpuidle: tegra: Annotate tegra_pm_set_cpu_in_lp2() with RCU_NONIDLE 2020-11-16 13:24:32 +01:00
crypto crypto: atmel-i2c - select CONFIG_BITREVERSE 2020-12-30 11:53:50 +01:00
dax mm: fix phys_to_target_node() and memory_add_physaddr_to_nid() exports 2020-11-22 10:48:22 -08:00
dca
devfreq
dio
dma dmaengine: ti: k3-udma: Correct normal channel offset when uchan_cnt is not 0 2020-12-30 11:53:51 +01:00
dma-buf
edac EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId 2020-12-30 11:53:16 +01:00
eisa
extcon extcon: max77693: Fix modalias string 2020-12-30 11:53:49 +01:00
firewire
firmware mm/gup: prevent gup_fast from racing with COW during fork 2020-12-30 11:53:54 +01:00
fpga fpga: Specify HAS_IOMEM dependency for FPGA_DFL 2020-12-01 18:46:24 +01:00
fsi fsi: Aspeed: Add mutex to protect HW access 2020-12-30 11:53:46 +01:00
gnss
gpio gpiolib: irq hooks: fix recursion in gpiochip_irq_unmask 2020-12-30 11:53:51 +01:00
gpu drm/amdgpu: fix regression in vbios reservation handling on headless 2020-12-30 11:53:54 +01:00
greybus
hid HID: i2c-hid: add Vero K147 to descriptor override 2020-12-26 16:02:43 +01:00
hsi HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() 2020-12-30 11:53:24 +01:00
hv hyperv-fixes for 5.10-rc5 2020-11-16 15:02:33 -08:00
hwmon hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable 2020-12-30 11:53:31 +01:00
hwspinlock
hwtracing coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
i2c Revert "i2c: i2c-qcom-geni: Fix DMA transfer race" 2020-12-30 11:52:57 +01:00
i3c
ide
idle intel_idle: Build fix 2020-12-03 10:00:23 +01:00
iio iio: hrtimer-trigger: Mark hrtimer to expire in hard interrupt context 2020-12-30 11:53:33 +01:00
infiniband RDMA/cma: Don't overwrite sgid_attr after device is released 2020-12-30 11:53:53 +01:00
input Input: cyapa_gen6 - fix out-of-bounds stack access 2020-12-30 11:54:05 +01:00
interconnect interconnect: fix memory trashing in of_count_icc_providers() 2020-11-20 16:01:35 +02:00
iommu iommu/vt-d: include conditionally on CONFIG_INTEL_IOMMU_SVM 2020-12-30 11:53:14 +01:00
ipack
irqchip irqchip/qcom-pdc: Fix phantom irq when changing between rising/falling 2020-12-30 11:53:51 +01:00
isdn
leds leds: turris-omnia: check for LED_COLOR_ID_RGB instead LED_COLOR_ID_MULTI 2020-12-30 11:53:22 +01:00
lightnvm
macintosh macintosh/adb-iop: Send correct poll command 2020-12-30 11:53:39 +01:00
mailbox mailbox: arm_mhu_db: Fix mhu_db_shutdown by replacing kfree with devm_kfree 2020-12-30 11:53:28 +01:00
mcb
md dm ioctl: fix error return code in target_message 2020-12-30 11:53:36 +01:00
media media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE 2020-12-30 11:54:05 +01:00
memory memory: jz4780_nemc: Fix potential NULL dereference in jz4780_nemc_probe() 2020-12-30 11:53:37 +01:00
memstick memstick: r592: Fix error return in r592_probe() 2020-12-30 11:53:34 +01:00
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-10-26 16:57:18 -04:00
mfd mfd: cpcap: Fix interrupt regression with regmap clear_ack 2020-12-30 11:53:16 +01:00
misc misc: pci_endpoint_test: fix return value of error branch 2020-12-30 11:53:45 +01:00
mmc mmc: pxamci: Fix error return code in pxamci_probe 2020-12-30 11:53:20 +01:00
most
mtd mtd: rawnand: gpmi: Fix the random DMA timeout issue 2020-12-30 11:53:49 +01:00
mux
net virtio_net: Fix error code in probe() 2020-12-30 11:54:00 +01:00
nfc nfc: s3fwrn5: Release the nfc firmware 2020-12-30 11:53:53 +01:00
ntb Bug fixes for v5.10 2020-10-25 11:12:31 -07:00
nubus
nvdimm libnvdimm/label: Return -ENXIO for no slot in __blk_label_update 2020-12-30 11:53:58 +01:00
nvme nvme: fix memory leak freeing command effects 2020-11-14 09:57:55 +01:00
nvmem
of of/address: Fix of_node memory leak in of_dma_is_coherent 2020-11-11 17:10:16 -06:00
opp opp: Reduce the size of critical section in _opp_table_kref_release() 2020-10-27 13:21:03 +05:30
oprofile
parisc
parport
pci PCI: iproc: Invalidate correct PAXB inbound windows 2020-12-30 11:53:27 +01:00
pcmcia
perf
phy drm/mediatek: avoid dereferencing a null hdmi_phy on an error message 2020-12-30 11:53:43 +01:00
pinctrl pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() 2020-12-30 11:53:34 +01:00
platform platform/chrome: cros_ec_spi: Don't overwrite spi::mode 2020-12-30 11:53:45 +01:00
pnp PNP: fix kernel-doc markups 2020-10-27 19:23:04 +01:00
power power: supply: bq24190_charger: fix reference leak 2020-12-30 11:53:25 +01:00
powercap Merge branch 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2020-11-10 10:02:31 -08:00
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:53:53 +01:00
ptp ptp: clockmatrix: bug fix for idtcm_strverscmp 2020-11-25 17:24:49 -08:00
pwm pwm: sun4i: Remove erroneous else branch 2020-12-30 11:53:59 +01:00
rapidio
ras
regulator regulator: ti-abb: Fix array out of bound read access on the first transition 2020-11-18 17:59:24 +00:00
remoteproc remoteproc/mediatek: unprepare clk if scp_before_load fails 2020-12-30 11:53:48 +01:00
reset ARM: SoC-related driver updates 2020-10-24 10:39:22 -07:00
rpmsg rpmsg updates for 5.10 2020-10-22 12:58:21 -07:00
rtc rtc: pcf2127: fix pcf2127_nvmem_read/write() returns 2020-12-30 11:52:57 +01:00
s390 s390/cio: fix use-after-free in ccw_device_destroy_console 2020-12-30 11:53:46 +01:00
sbus
scsi scsi: qla2xxx: Fix N2N and NVMe connect retry failure 2020-12-30 11:53:45 +01:00
sfi
sh
siox
slimbus slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() 2020-12-30 11:53:47 +01:00
soc soc: rockchip: io-domain: Fix error return code in rockchip_iodomain_probe() 2020-12-30 11:53:34 +01:00
soundwire soundwire: master: use pm_runtime_set_active() on add 2020-12-30 11:53:28 +01:00
spi spi: dw: Fix error return code in dw_spi_bt1_probe() 2020-12-30 11:53:39 +01:00
spmi
ssb
staging staging: greybus: audio: Fix possible leak free widgets in gbaudio_dapm_free_controls 2020-12-30 11:53:39 +01:00
target SCSI fixes on 20201120 2020-11-20 16:24:28 -08:00
tc
tee ARM: SoC fixes for v5.10, part 3 2020-11-27 14:48:03 -08:00
thermal thermal: ti-soc-thermal: Disable the CPU PM notifier for OMAP4430 2020-11-12 12:30:29 +01:00
thunderbolt thunderbolt: Fix use-after-free in remove_unplugged_switch() 2020-11-19 17:44:10 +03:00
tty serial: 8250-mtk: Fix reference leak in mtk8250_probe 2020-12-30 11:53:23 +01:00
uio uio: Fix use-after-free in uio_unregister_device() 2020-11-09 18:54:30 +01:00
usb usb: oxu210hp-hcd: Fix memory leak in oxu_create 2020-12-30 11:53:44 +01:00
vdpa vdpa/mlx5: Use write memory barrier after updating CQ index 2020-12-30 11:54:00 +01:00
vfio vfio/pci/nvlink2: Do not attempt NPU2 setup on POWER8NVL NPU 2020-12-30 11:54:03 +01:00
vhost vhost scsi: fix error return code in vhost_scsi_set_endpoint() 2020-12-30 11:54:00 +01:00
video video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() 2020-12-30 11:53:13 +01:00
virt nitro_enclaves: Fixup type and simplify logic of the poll mask setup 2020-11-09 18:20:36 +01:00
virtio virtio_ring: Fix two use after free bugs 2020-12-30 11:54:00 +01:00
visorbus
vlynq
vme
w1
watchdog watchdog: coh901327: add COMMON_CLK dependency 2020-12-30 11:53:58 +01:00
xen xen: don't use page->lru for ZONE_DEVICE memory 2020-12-09 10:31:41 +01:00
zorro
Kconfig
Makefile vdpa: mlx5: fix vdpa/vhost dependencies 2020-12-02 04:09:56 -05:00