mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
dde7b00e4c85db74a4ae02ec31752cc8be3c75f1
linux/drivers
History
Chris Wilson dde7b00e4c drm/i915: Fix use after free in lpe_audio_platdev_destroy() 
[31908.547136] BUG: KASAN: use-after-free in intel_lpe_audio_teardown+0x78/0xb0 [i915] at addr ffff8801f7788358
[31908.547297] Read of size 8 by task drv_selftest/3781
[31908.547405] CPU: 0 PID: 3781 Comm: drv_selftest Tainted: G    BU  W       4.10.0+ #451
[31908.547553] Hardware name:                  /        , BIOS PYBSWCEL.86A.0027.2015.0507.1758 05/07/2015
[31908.547682] Call Trace:
[31908.547772]  dump_stack+0x68/0x9f
[31908.547857]  kasan_object_err+0x1c/0x70
[31908.547947]  kasan_report_error+0x1f1/0x4f0
[31908.548038]  ? kfree+0xaa/0x170
[31908.548121]  kasan_report+0x34/0x40
[31908.548211]  ? klist_children_get+0x20/0x30
[31908.548472]  ? intel_lpe_audio_teardown+0x78/0xb0 [i915]
[31908.548567]  __asan_load8+0x5e/0x70
[31908.548824]  intel_lpe_audio_teardown+0x78/0xb0 [i915]
[31908.549080]  intel_audio_deinit+0x28/0x80 [i915]
[31908.549315]  i915_driver_unload+0xe4/0x360 [i915]
[31908.549551]  ? i915_driver_load+0x1d70/0x1d70 [i915]
[31908.549651]  ? trace_hardirqs_on+0xd/0x10
[31908.549885]  i915_pci_remove+0x23/0x30 [i915]
[31908.549978]  pci_device_remove+0x5c/0x100
[31908.550069]  device_release_driver_internal+0x1db/0x2e0
[31908.550165]  driver_detach+0x68/0xc0
[31908.550256]  bus_remove_driver+0x8b/0x150
[31908.550346]  driver_unregister+0x3e/0x60
[31908.550439]  pci_unregister_driver+0x1d/0x110
[31908.550531]  ? find_module_all+0x7a/0xa0
[31908.550791]  i915_exit+0x1a/0x87 [i915]
[31908.550881]  SyS_delete_module+0x264/0x2c0
[31908.550971]  ? free_module+0x430/0x430
[31908.551064]  ? trace_hardirqs_off_caller+0x16/0x110
[31908.551159]  ? trace_hardirqs_on_caller+0x16/0x280
[31908.551256]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[31908.551350]  entry_SYSCALL_64_fastpath+0x1c/0xb1
[31908.551440] RIP: 0033:0x7f1d67312ec7
[31908.551520] RSP: 002b:00007ffebe34e888 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
[31908.551650] RAX: ffffffffffffffda RBX: ffffffff811123f6 RCX: 00007f1d67312ec7
[31908.551743] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000560d0af476b8
[31908.551837] RBP: ffff880233d87f98 R08: 0000000000000000 R09: 00007ffebe34e8b8
[31908.551930] R10: 00007f1d68adf8c0 R11: 0000000000000206 R12: 0000000000000000
[31908.552023] R13: 0000560d0af46440 R14: 0000000000000034 R15: 00007ffebe34d860
[31908.552121]  ? trace_hardirqs_off_caller+0x16/0x110
[31908.552217] Object at ffff8801f7788000, in cache kmalloc-2048 size: 2048
[31908.552306] Allocated:
[31908.552377] PID = 3781
[31908.552456]  save_stack_trace+0x16/0x20
[31908.552539]  kasan_kmalloc+0xee/0x190
[31908.552627]  __kmalloc+0xdb/0x1b0
[31908.552713]  platform_device_alloc+0x27/0x90
[31908.552804]  platform_device_register_full+0x36/0x220
[31908.553066]  intel_lpe_audio_init+0x41e/0x570 [i915]
[31908.553320]  intel_audio_init+0xd/0x40 [i915]
[31908.553552]  i915_driver_load+0x13f5/0x1d70 [i915]
[31908.553788]  i915_pci_probe+0x65/0xe0 [i915]
[31908.553881]  pci_device_probe+0xda/0x140
[31908.553969]  driver_probe_device+0x400/0x660
[31908.554058]  __driver_attach+0x11c/0x120
[31908.554147]  bus_for_each_dev+0xe6/0x150
[31908.554237]  driver_attach+0x26/0x30
[31908.554325]  bus_add_driver+0x26b/0x3b0
[31908.554412]  driver_register+0xce/0x190
[31908.554502]  __pci_register_driver+0xaf/0xc0
[31908.554589]  0xffffffffa0550063
[31908.554675]  do_one_initcall+0x8b/0x1e0
[31908.554764]  do_init_module+0x102/0x325
[31908.554852]  load_module+0x3aad/0x45e0
[31908.554944]  SyS_finit_module+0x169/0x1a0
[31908.555033]  entry_SYSCALL_64_fastpath+0x1c/0xb1
[31908.555119] Freed:
[31908.555188] PID = 3781
[31908.555266]  save_stack_trace+0x16/0x20
[31908.555349]  kasan_slab_free+0xb0/0x180
[31908.555436]  kfree+0xaa/0x170
[31908.555520]  platform_device_release+0x76/0x80
[31908.555610]  device_release+0x45/0xe0
[31908.555698]  kobject_put+0x11f/0x260
[31908.555785]  put_device+0x12/0x20
[31908.555871]  platform_device_unregister+0x1b/0x20
[31908.556135]  intel_lpe_audio_teardown+0x5c/0xb0 [i915]
[31908.556390]  intel_audio_deinit+0x28/0x80 [i915]
[31908.556622]  i915_driver_unload+0xe4/0x360 [i915]
[31908.556858]  i915_pci_remove+0x23/0x30 [i915]
[31908.556948]  pci_device_remove+0x5c/0x100
[31908.557037]  device_release_driver_internal+0x1db/0x2e0
[31908.557129]  driver_detach+0x68/0xc0
[31908.557217]  bus_remove_driver+0x8b/0x150
[31908.557304]  driver_unregister+0x3e/0x60
[31908.557394]  pci_unregister_driver+0x1d/0x110
[31908.557653]  i915_exit+0x1a/0x87 [i915]
[31908.557741]  SyS_delete_module+0x264/0x2c0
[31908.557834]  entry_SYSCALL_64_fastpath+0x1c/0xb1
[31908.557919] Memory state around the buggy address:
[31908.558005]  ffff8801f7788200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[31908.558127]  ffff8801f7788280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[31908.558255] >ffff8801f7788300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[31908.558374]                                                     ^
[31908.558467]  ffff8801f7788380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[31908.558595]  ffff8801f7788400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb

v2: Just leak the memory (8 bytes) as freeing it ourselves is not safe,
and we need to coordinate a proper fix in platform_device itself.

Fixes: eef57324d9 ("drm/i915: setup bridge for HDMI LPE audio driver")
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99952
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Cc: Jerome Anand <jerome.anand@intel.com>
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: Takashi Iwai <tiwai@suse.de>
Link: http://patchwork.freedesktop.org/patch/msgid/20170412080251.30648-1-chris@chris-wilson.co.uk
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
(cherry picked from commit 48ae80741d)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
2017-04-26 16:28:15 +03:00
..
accessibility
acpi
Merge branch 'acpi-scan-fixes'
2017-04-07 13:48:26 +02:00
amba
android
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
2017-03-02 08:42:29 +01:00
ata
ahci: qoriq: correct the sata ecc setting error
2017-03-09 11:55:23 -05:00
atm
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
auxdisplay
auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches
2017-03-16 16:59:55 +09:00
base
drivers core: remove assert_held_device_hotplug()
2017-03-16 16:56:19 -07:00
bcma
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-02-02 16:54:00 -05:00
block
nbd: replace kill_bdev() with __invalidate_device()
2017-03-24 15:42:47 -06:00
bluetooth
Bluetooth: btqcomsmd: fix compile-test dependency
2017-03-22 19:22:04 -07:00
bus
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2017-02-23 15:57:04 -08:00
cdrom
Merge branch 'for-4.11/next' into for-4.11/linus-merge
2017-02-17 14:08:19 -07:00
char
Backmerge tag 'v4.11-rc4' into drm-next
2017-03-28 17:34:19 +10:00
clk
Merge tag 'sunxi-clk-fixes-for-4.11' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into clk-fixes
2017-03-23 16:08:46 -07:00
clocksource
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-04-02 09:22:03 -07:00
connector
cpufreq
Merge branches 'pm-cpufreq-fixes' and 'pm-cpuidle-fixes'
2017-03-31 23:00:53 +02:00
cpuidle
cpuidle: powernv: Pass correct drv->cpumask for registration
2017-03-29 22:55:36 +02:00
crypto
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2017-03-31 12:11:32 -07:00
dax
device-dax: fix debug output typo
2017-03-10 19:56:56 -08:00
dca
devfreq
scripts/spelling.txt: add "followings" pattern and fix typo instances
2017-02-27 18:43:47 -08:00
dio
dma
dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
2017-03-14 10:11:27 +05:30
dma-buf
dma-buf: align debugfs output
2017-04-03 21:57:20 +05:30
edac
EDAC, pnd2_edac: Fix reported DIMM number
2017-03-26 09:36:28 +02:00
eisa
extcon
extcon: int3496: Set the id pin to direction-input if necessary
2017-03-22 18:29:48 +09:00
firewire
Merge branch 'idr-4.11' of git://git.infradead.org/users/willy/linux-dax
2017-02-28 20:29:41 -08:00
firmware
efi/esrt: Cleanup bad memory map log messages
2017-03-17 18:53:12 +00:00
fmc
fpga
fpga zynq: Use the scatterlist interface
2017-02-10 15:20:44 +01:00
fsi
drivers/fsi: add driver to device matches
2017-02-10 15:19:48 +01:00
gpio
ACPI / gpio: do not fall back to parsing _CRS when we get a deferral
2017-03-30 11:08:46 +02:00
gpu
drm/i915: Fix use after free in lpe_audio_platdev_destroy()
2017-04-26 16:28:15 +03:00
hid
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
2017-03-31 11:50:31 -07:00
hsi
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
hv
Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
2017-03-16 16:42:33 +09:00
hwmon
hwmon: (asus_atk0110) fix uninitialized data access
2017-03-23 12:01:57 -07:00
hwspinlock
hwtracing
intel_th: pci: Add Gemini Lake support
2017-03-15 14:55:18 +02:00
i2c
Backmerge tag 'v4.11-rc6' into drm-next
2017-04-11 07:40:42 +10:00
ide
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task_stack.h>
2017-03-02 08:42:36 +01:00
idle
Merge tag 'pm-turbostat-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
2017-03-02 17:41:27 -08:00
iio
iio: hid-sensor-attributes: Fix sensor property setting failure.
2017-04-02 11:44:03 +01:00
infiniband
IB/qib: fix false-postive maybe-uninitialized warning
2017-03-24 22:44:29 -04:00
input
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2017-03-23 19:51:06 -07:00
iommu
Merge branch 'for-joerg/arm-smmu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux into iommu/fixes
2017-03-22 23:59:56 +01:00
ipack
irqchip
Merge tag 'irq-fixes-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent
2017-03-31 16:54:48 +02:00
isdn
isdn: kcapi: avoid uninitialized data
2017-03-28 17:59:33 -07:00
leds
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/loadavg.h>
2017-03-02 08:42:27 +01:00
lguest
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
lightnvm
lightnvm: set default lun range when no luns are specified
2017-02-15 08:27:21 -07:00
macintosh
powerpc/pmac: Fix crash in dma-mapping.h with NULL dma_ops
2017-03-10 14:17:23 +11:00
mailbox
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
mcb
md
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
2017-04-08 11:56:58 -07:00
media
Merge tag 'media/v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
2017-03-24 13:34:16 -07:00
memory
Merge tag 'v4.11-rc1' into omap-for-v4.11/fixes
2017-03-06 08:37:53 -08:00
memstick
Merge branch 'for-4.11/next' into for-4.11/linus-merge
2017-02-17 14:08:19 -07:00
message
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2017-02-21 11:51:42 -08:00
mfd
Merge tag 'staging-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
2017-02-22 12:14:01 -08:00
misc
Merge tag 'char-misc-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2017-03-26 11:15:54 -07:00
mmc
mmc: sdhci-of-at91: fix MMC_DDR_52 timing selection
2017-03-30 21:10:29 +02:00
mtd
scripts/spelling.txt: add "disble(d)" pattern and fix typo instances
2017-03-09 17:01:09 -08:00
net
nfp: fix potential use after free on xdp prog
2017-04-05 18:46:40 -07:00
nfc
scripts/spelling.txt: add "omited" pattern and fix typo instances
2017-02-27 18:43:47 -08:00
ntb
ntb: ntb_hw_intel: link_poll isn't clearing the pending status properly
2017-02-16 23:11:26 -05:00
nubus
nvdimm
nfit, libnvdimm: fix interleave set cookie calculation
2017-03-01 00:49:42 -08:00
nvme
nvmet: fix byte swap in nvmet_parse_io_cmd
2017-04-02 10:24:15 +03:00
nvmem
of
Merge tag 'doc-4.11-images' of git://git.lwn.net/linux into drm-misc-next
2017-03-14 15:07:33 +01:00
oprofile
sched/headers: Prepare to move the get_task_struct()/put_task_struct() and related APIs from <linux/sched.h> to <linux/sched/task.h>
2017-03-02 08:42:40 +01:00
parisc
Merge branch 'parisc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
2017-03-03 16:20:06 -08:00
parport
parport: fix attempt to write duplicate procfiles
2017-03-16 17:32:21 +09:00
pci
Backmerge tag 'v4.11-rc6' into drm-next
2017-04-11 07:40:42 +10:00
pcmcia
perf
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/clock.h>
2017-03-02 08:42:27 +01:00
phy
phy: qcom-usb-hs: Add depends on EXTCON
2017-03-09 15:29:57 +05:30
pinctrl
pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable()
2017-04-07 01:08:08 +02:00
platform
apple-gmux: Don't switch external DP port on 2011+ MacBook Pros
2017-03-30 22:42:30 +02:00
pnp
power
scripts/spelling.txt: add "intialization" pattern and fix typo instances
2017-02-27 18:43:47 -08:00
powercap
pps
ps3
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
2017-03-02 08:42:29 +01:00
ptp
PTP: fix ptr_ret.cocci warnings
2017-03-20 16:25:06 +01:00
pwm
Merge tag 'pwm/for-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
2017-03-01 09:46:02 -08:00
rapidio
drivers/rapidio/devices/tsi721.c: make module parameter variable name unique
2017-03-31 17:13:30 -07:00
ras
regulator
Merge tag 'regulator-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
2017-02-20 17:23:57 -08:00
remoteproc
remoteproc: qcom: fix QCOM_SMD dependencies
2017-03-20 14:45:44 -07:00
reset
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
2017-02-23 15:57:04 -08:00
rpmsg
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
2017-03-02 13:53:13 -08:00
rtc
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
s390
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-04-05 20:17:38 -07:00
sbus
scsi
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
2017-04-08 11:56:58 -07:00
sfi
sh
sn
soc
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
spi
sched/headers: Prepare for new header dependencies before moving code to <uapi/linux/sched/types.h>
2017-03-02 08:42:27 +01:00
spmi
ssb
staging
staging: android: ashmem: lseek failed due to no FMODE_LSEEK.
2017-04-08 12:13:11 +02:00
target
tcmu: Convert cmd_time_out into backend device attribute
2017-03-18 16:32:30 -07:00
tc
thermal
thermal: cpu_cooling: Check OPP for errors
2017-03-13 10:06:55 +08:00
thunderbolt
tty
Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-04-02 09:25:10 -07:00
uio
sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h>
2017-03-02 08:42:32 +01:00
usb
usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
2017-03-29 12:13:50 +02:00
uwb
uwb: i1480-dfu: fix NULL-deref at probe
2017-03-14 17:07:31 +08:00
vfio
Merge tag 'vfio-v4.11-rc4' of git://github.com/awilliam/linux-vfio
2017-03-24 14:39:36 -07:00
vhost
vhost-vsock: add pkt cancel capability
2017-03-21 14:41:46 -07:00
video
sched/headers: Remove the <linux/mm_types.h> dependency from <linux/sched.h>
2017-03-03 01:45:16 +01:00
virt
virtio
virtio_balloon: prevent uninitialized variable use
2017-03-28 20:41:28 +03:00
vlynq
vme
w1
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
2017-03-02 08:42:29 +01:00
watchdog
watchdog: retu: restore MFD dependency
2017-03-01 06:15:10 -08:00
xen
xenbus: remove transaction holder from list before freeing
2017-04-04 10:11:06 -04:00
zorro
Kconfig
drivers/fsi: Add empty fsi bus definitions
2017-02-10 15:19:48 +01:00
Makefile
Merge tag 'pci-v4.11-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2017-02-23 11:53:22 -08:00