raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-27 12:32:50 +00:00
Code Issues Projects Releases Wiki Activity
Files
4d5968ea06fbfc7f6bb88dee7ce459f4755cebb5
linux/drivers
History
Teng Qi 22519eff7d ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() 
[ Upstream commit a66998e0fb ]

The if statement:
  if (port >= DSAF_GE_NUM)
        return;

limits the value of port less than DSAF_GE_NUM (i.e., 8).
However, if the value of port is 6 or 7, an array overflow could occur:
  port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off;

because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6).

To fix this possible array overflow, we first check port and if it is
greater than or equal to DSAF_MAX_PORT_NUM, the function returns.

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Teng Qi <starmiku1207184332@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-12-08 09:03:19 +01:00
..
accessibility
acpi
ACPI: Get acpi_device's parent from the parent field
2021-12-01 09:18:58 +01:00
amba
ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
2021-11-06 14:10:09 +01:00
android
binder: fix test regression due to sender_euid change
2021-12-01 09:18:59 +01:00
ata
ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
2021-12-08 09:03:19 +01:00
atm
atm: nicstar: register the interrupt handler in the right place
2021-07-19 09:44:52 +02:00
auxdisplay
auxdisplay: ht16k33: Fix frame buffer device blanking
2021-11-18 14:04:24 +01:00
base
firmware_loader: fix pre-allocated buf built-in firmware use
2021-11-26 10:39:10 +01:00
bcma
bcma: Fix memory leak for internally-handled cores
2021-09-15 09:50:45 +02:00
block
xen/blkfront: don't trust the backend response data blindly
2021-12-01 09:19:09 +01:00
bluetooth
Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
2021-11-18 14:04:03 +01:00
bus
bus: ti-sysc: Use context lost quirk for otg
2021-11-26 10:39:08 +01:00
cdrom
cdrom: gdrom: initialize global variable at init time
2021-05-26 12:06:55 +02:00
char
tpm_tis_spi: Add missing SPI ID
2021-11-18 14:04:11 +01:00
clk
clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
2021-11-26 10:39:13 +01:00
clocksource
clocksource/drivers/timer-ti-dm: Select TIMER_OF
2021-11-18 14:04:09 +01:00
connector
counter
counter: 104-quad-8: Return error when invalid mode during ceiling_write
2021-09-15 09:50:38 +02:00
cpufreq
cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
2021-10-06 15:55:46 +02:00
cpuidle
cpuidle: Fix kobject memory leaks in error paths
2021-11-18 14:04:05 +01:00
crypto
crypto: qat - disregard spurious PFVF interrupts
2021-11-18 14:04:06 +01:00
dax
device-dax: Fix default return code of range_parse()
2021-03-04 11:38:15 +01:00
dca
devfreq
PM / devfreq: Add missing error code in devfreq_add_device()
2021-07-14 16:56:11 +02:00
dio
dma
dmaengine: dmaengine_desc_callback_valid(): Check for callback_result
2021-11-18 14:04:24 +01:00
dma-buf
dma-buf: WARN on dmabuf release with pending attachments
2021-11-18 14:03:52 +01:00
edac
EDAC/amd64: Handle three rank interleaving mode
2021-11-18 14:04:06 +01:00
eisa
extcon
extcon: intel-mrfld: Sync hardware and software state on init
2021-07-19 09:45:00 +02:00
firewire
firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
2021-04-07 15:00:11 +02:00
firmware
firmware: smccc: Fix check for ARCH_SOC_ID not implemented
2021-12-01 09:19:04 +01:00
fpga
fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
2021-09-30 10:11:04 +02:00
fsi
fsi: Add missing MODULE_DEVICE_TABLE
2021-07-20 16:05:42 +02:00
gnss
gpio
gpio: mlxbf2.c: Add check for bgpio_init failure
2021-11-18 14:03:42 +01:00
gpu
drm/amd/amdgpu: fix potential memleak
2021-12-08 09:03:19 +01:00
greybus
hid
HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
2021-12-01 09:19:00 +01:00
hsi
HSI: core: fix resource leaks in hsi_add_client_from_dt()
2021-05-14 09:50:28 +02:00
hv
hyperv/vmbus: include linux/bitops.h
2021-11-18 14:03:42 +01:00
hwmon
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
2021-11-18 14:04:07 +01:00
hwspinlock
hwtracing
coresight: cti: Correct the parameter for pm_runtime_put
2021-11-18 14:03:51 +01:00
i2c
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
2021-11-18 14:04:25 +01:00
i3c
Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register"
2021-05-14 09:50:05 +02:00
ide
ide/falconide: Fix module unload
2021-03-04 11:38:21 +01:00
idle
iio
iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
2021-11-26 10:39:11 +01:00
infiniband
RDMA/bnxt_re: Check if the vlan is valid before reporting
2021-11-26 10:39:08 +01:00
input
Input: i8042 - Add quirk for Fujitsu Lifebook T725
2021-11-18 14:03:36 +01:00
interconnect
treewide: Change list_sort to use const pointers
2021-09-30 10:11:04 +02:00
iommu
iommu/amd: Clarify AMD IOMMUv2 initialization messages
2021-12-01 09:19:09 +01:00
ipack
ipack: ipoctal: fix module reference leak
2021-10-06 15:56:01 +02:00
irqchip
irqchip/sifive-plic: Fixup EOI failed when masked
2021-11-18 14:04:29 +01:00
isdn
mISDN: Fix return values of the probe function
2021-11-18 14:03:41 +01:00
leds
leds: trigger: audio: Add an activate callback to ensure the initial brightness is set
2021-09-15 09:50:36 +02:00
lightnvm
macintosh
mailbox
soc: mediatek: cmdq: add address shift in jump
2021-09-18 13:40:16 +02:00
mcb
mcb: fix error handling in mcb_alloc_bus()
2021-09-30 10:11:00 +02:00
md
md: update superblock after changing rdev flags in state_store
2021-11-18 14:03:57 +01:00
media
media: cec: copy sequence field for the reply
2021-12-01 09:19:00 +01:00
memory
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
2021-11-18 14:04:16 +01:00
memstick
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
2021-11-18 14:04:07 +01:00
message
mfd
mfd: dln2: Add cell for initializing DLN2 ADC
2021-11-18 14:04:30 +01:00
misc
misc: fastrpc: Add missing lock before accessing find_vma()
2021-10-20 11:45:01 +02:00
mmc
mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
2021-12-01 09:19:01 +01:00
most
most: fix control-message timeouts
2021-11-18 14:03:51 +01:00
mtd
mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines
2021-11-18 14:04:31 +01:00
mux
net
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
2021-12-08 09:03:19 +01:00
nfc
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
2021-11-18 14:04:27 +01:00
ntb
NTB: perf: Fix an error code in perf_setup_inbuf()
2021-09-22 12:28:02 +02:00
nubus
nvdimm
libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
2021-09-18 13:40:36 +02:00
nvme
nvmet: use IOCB_NOWAIT only if the filesystem supports it
2021-12-01 09:19:07 +01:00
nvmem
nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
2021-10-20 11:45:01 +02:00
of
of: unittest: fix EXPECT text for gpio hog errors
2021-11-18 14:04:13 +01:00
opp
opp: Fix return in _opp_add_static_v2()
2021-11-18 14:04:22 +01:00
oprofile
parisc
parisc: Move pci_dev_is_behind_card_dino to where it is used
2021-09-26 14:08:59 +02:00
parport
parport: remove non-zero check on count
2021-09-18 13:40:34 +02:00
pci
PCI: aardvark: Fix link training
2021-12-01 09:19:02 +01:00
pcmcia
pcmcia: i82092: fix a null pointer dereference bug
2021-08-12 13:22:16 +02:00
perf
perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same IRQ number
2021-07-14 16:56:08 +02:00
phy
phy: qcom-snps: Correct the FSEL_MASK
2021-11-18 14:04:20 +01:00
pinctrl
pinctrl: qcom: sdm845: Enable dual edge errata
2021-11-26 10:39:18 +01:00
platform
platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
2021-12-08 09:03:19 +01:00
pnp
power
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
2021-11-18 14:04:21 +01:00
powercap
pps
ps3
ptp
ptp_pch: Load module automatically if ID matches
2021-10-13 10:04:27 +02:00
pwm
pwm: stm32-lp: Don't modify HW state in .remove() callback
2021-09-26 14:09:01 +02:00
rapidio
rapidio: handle create_workqueue() failure
2021-05-26 12:06:52 +02:00
ras
RAS/CEC: Correct ce_add_elem()'s returned values
2021-04-14 08:42:12 +02:00
regulator
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
2021-11-18 14:03:45 +01:00
remoteproc
remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()'
2021-11-18 14:04:23 +01:00
reset
reset: socfpga: add empty driver allowing consumers to probe
2021-11-18 14:03:42 +01:00
rpmsg
rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
2021-05-19 10:13:02 +02:00
rtc
rtc: rv3032: fix error handling in rv3032_clkout_set_rate()
2021-11-18 14:04:23 +01:00
s390
s390/cio: make ccw_device_dma_* more robust
2021-11-18 14:04:30 +01:00
sbus
scsi
scsi: iscsi: Unblock session then wake up error handler
2021-12-08 09:03:19 +01:00
sfi
sh
maple: fix wrong return value of maple_bus_init().
2021-11-26 10:39:12 +01:00
siox
slimbus
slimbus: ngd: reset dma setup during runtime pm
2021-08-26 08:35:55 -04:00
soc
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
2021-11-18 14:04:33 +01:00
soundwire
soundwire: debugfs: use controller id and link_id for debugfs
2021-11-18 14:04:16 +01:00
spi
spi: spi-rpc-if: Check return value of rpcif_sw_init()
2021-11-18 14:04:11 +01:00
spmi
spmi: spmi-pmic-arb: Fix hw_irq overflow
2021-03-04 11:38:40 +01:00
ssb
ssb: Fix error return code in ssb_bus_scan()
2021-07-14 16:56:21 +02:00
staging
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
2021-12-01 09:19:00 +01:00
target
scsi: target: Fix alua_tg_pt_gps_count tracking
2021-11-26 10:39:11 +01:00
tc
tee
tee: optee: Fix missing devices unregister during optee_remove
2021-10-20 11:45:02 +02:00
thermal
thermal: core: Reset previous low and high trip during thermal zone init
2021-12-08 09:03:19 +01:00
thunderbolt
thunderbolt: Fix port linking by checking all adapters
2021-09-18 13:40:27 +02:00
tty
tty: hvc: replace BUG_ON() with negative return value
2021-12-01 09:19:10 +01:00
uio
uio_hv_generic: Fix a memory leak in error handling paths
2021-05-26 12:06:52 +02:00
usb
usb: hub: Fix locking issues with address0_mutex
2021-12-01 09:18:59 +01:00
vdpa
vdpa/mlx5: Avoid destroying MR on empty iotlb
2021-08-26 08:35:42 -04:00
vfio
vfio: Use config not menuconfig for VFIO_NOIOMMU
2021-09-18 13:40:12 +02:00
vhost
vhost/vsock: fix incorrect used length reported to the guest
2021-12-01 09:19:09 +01:00
video
parisc/sticon: fix reverse colors
2021-11-26 10:39:20 +01:00
virt
nitro_enclaves: Fix stale file descriptors on failed usercopy
2021-05-11 14:47:11 +02:00
virtio
virtio_ring: check desc == NULL when using indirect with packed
2021-11-18 14:04:21 +01:00
visorbus
visorbus: fix error return code in visorchipset_init()
2021-07-14 16:56:41 +02:00
vlynq
vme
w1
w1: ds2438: fixing bug that would always get page0
2021-07-20 16:05:39 +02:00
watchdog
ar7: fix kernel builds for compiler test
2021-11-18 14:04:24 +01:00
xen
xen: detect uninitialized xenbus in xenbus_init
2021-12-01 09:19:01 +01:00
zorro
Kconfig
Makefile