UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Qiujun Huang 2bbcaaee1f ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb 
In ath9k_hif_usb_rx_cb interface number is assumed to be 0.
usb_ifnum_to_if(urb->dev, 0)
But it isn't always true.

The case reported by syzbot:
https://lore.kernel.org/linux-usb/000000000000666c9c05a1c05d12@google.com
usb 2-1: new high-speed USB device number 2 using dummy_hcd
usb 2-1: config 1 has an invalid interface number: 2 but max is 0
usb 2-1: config 1 has no interface number 0
usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice=
1.08
usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
general protection fault, probably for non-canonical address
0xdffffc0000000015: 0000 [#1] SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc5-syzkaller #0

Call Trace
__usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650
usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716
dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404
expire_timers kernel/time/timer.c:1449 [inline]
__run_timers kernel/time/timer.c:1773 [inline]
__run_timers kernel/time/timer.c:1740 [inline]
run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1786
__do_softirq+0x21e/0x950 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:373 [inline]
irq_exit+0x178/0x1a0 kernel/softirq.c:413
exiting_irq arch/x86/include/asm/apic.h:546 [inline]
smp_apic_timer_interrupt+0x141/0x540 arch/x86/kernel/apic/apic.c:1146
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829

Reported-and-tested-by: syzbot+40d5d2e8a4680952f042@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200404041838.10426-6-hqjagain@gmail.com
 		2020-04-07 07:57:26 +03:00
..
accessibility
acpi ACPI fixes for 5.6-rc4 2020-02-28 09:02:18 -08:00
amba
android binder: prevent UAF for binderfs devices II 2020-03-03 19:58:37 +01:00
ata libata-5.6-2020-02-05 2020-02-06 06:11:50 +00:00
atm atm: nicstar: fix if-statement empty body warning 2020-02-29 21:28:30 -08:00
auxdisplay auxdisplay: charlcd: replace zero-length array with flexible-array member 2020-03-06 22:18:07 +01:00
base Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-01-28 16:02:33 -08:00
block virtio: fixes 2020-03-09 16:02:32 -07:00
bluetooth Bluetooth: btusb: print Intel fw build version in power-on boot 2020-03-16 08:57:40 +01:00
bus Few fixes for omaps for v5.6-rc cycle 2020-02-29 11:47:44 -08:00
cdrom scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places 2020-02-24 15:06:07 -05:00
char ipmi_si: Avoid spurious errors for optional IRQs 2020-03-11 21:15:19 -05:00
clk ARM: SoC: late updates 2020-02-08 14:17:27 -08:00
clocksource ARM: SoC: late updates 2020-02-08 14:17:27 -08:00
connector
counter
cpufreq cpufreq: Fix policy initialization for internal governor drivers 2020-02-27 08:57:48 +01:00
cpuidle ARM: SoC-related driver updates 2020-02-08 14:04:19 -08:00
crypto Crypto/chtls: add/delete TLS header in driver 2020-03-23 13:04:48 -07:00
dax dax: Get rid of fs_dax_get_by_host() helper 2020-01-16 09:52:27 -08:00
dca
devfreq Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" 2020-02-24 11:14:29 +09:00
dio
dma dmaengine: imx-sdma: Fix the event id check to include RX event for UART6 2020-02-25 14:15:26 +05:30
dma-buf dma-buf: free dmabuf->name in dma_buf_release() 2020-02-27 18:01:58 +05:30
edac EDAC/synopsys: Do not print an error with back-to-back snprintf() calls 2020-02-27 16:44:25 +01:00
eisa
extcon
firewire remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
firmware ARM: SoC fixes 2020-03-08 17:36:22 -07:00
fpga fpga: xilinx-pr-decoupler: Remove clk_get error message for probe defer 2020-01-10 12:51:56 -08:00
fsi fsi: aspeed: add unspecified HAS_IOMEM dependency 2020-02-10 13:45:49 -08:00
gnss
gpio gpio: sifive: fix static checker warning 2020-02-10 13:54:17 +01:00
gpu Merge tag 'topic/mst-bw-check-fixes-for-airlied-2020-03-12-2' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes 2020-03-13 10:38:25 +10:00
greybus
hid HID: hyperv: NULL check before some freeing functions is not needed. 2020-03-05 14:17:11 +00:00
hsi
hv - Most of the commits here are work to enable host-initiated hibernation 2020-02-03 14:42:03 +00:00
hwmon hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() 2020-03-03 12:42:55 -08:00
hwspinlock hwspinlock: sirf: Use devm_hwspin_lock_register() to register hwlock controller 2020-01-21 16:16:36 -08:00
hwtracing coresight: etm4x: Fix unused function warning 2020-01-14 15:38:28 +01:00
i2c i2c: altera: Fix potential integer overflow 2020-02-13 09:29:30 +01:00
i3c i3c: master: dw: reattach device on first available location of address table 2020-01-13 10:00:05 +01:00
ide scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places 2020-02-24 15:06:07 -05:00
idle intel_idle: Introduce 'states_off' module parameter 2020-02-03 11:57:18 +01:00
iio chrome platform changes for 5.6 2020-02-04 07:17:41 +00:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-02-15 16:49:25 -08:00
interconnect interconnect: Handle memory allocation errors 2020-03-03 08:02:57 +01:00
iommu iommu/arm-smmu: Restore naming of driver parameter prefix 2020-02-19 12:03:21 +01:00
ipack remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
irqchip irqchip/gic-v4.1: Avoid 64bit division for the sake of 32bit ARM 2020-02-09 15:47:37 -08:00
isdn proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
leds leds: lm3532: add pointer to documentation and fix typo 2020-01-22 21:08:24 +01:00
lightnvm
macintosh macintosh: therm_windtunnel: fix regression when instantiating devices 2020-02-29 21:13:22 +01:00
mailbox mailbox: armada-37xx-rwtm: convert to devm_platform_ioremap_resource 2020-01-08 10:41:52 +01:00
mcb
md block-5.6-2020-03-07 2020-03-07 14:14:38 -06:00
media media: mc-entity.c: use & to check pad flags, not == 2020-02-24 15:10:04 +01:00
memory mvebu drivers for 5.6 (part 1) 2020-01-16 10:45:44 -08:00
memstick
message Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2020-01-19 22:10:04 +01:00
mfd chrome platform changes for 5.6 2020-02-04 07:17:41 +00:00
misc altera-stapl: altera_get_note: prevent write beyond end of 'key' 2020-03-03 08:02:57 +01:00
mmc mmc: sdhci-pci-gli: Enable MSI interrupt for GL975x 2020-03-04 15:41:22 +01:00
mtd treewide: remove redundant IS_ERR() before error code check 2020-02-04 03:05:27 +00:00
mux
net ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb 2020-04-07 07:57:26 +03:00
nfc NFC: Replace zero-length array with flexible-array member 2020-02-27 12:06:20 -08:00
ntb
nubus
nvdimm mm: Cleanup __put_devmap_managed_page() vs ->page_free() 2020-01-31 10:30:37 -08:00
nvme nvme-pci: Hold cq_poll_lock while completing CQEs 2020-02-28 01:32:14 +09:00
nvmem Merge branch 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2020-02-07 12:54:13 -08:00
of drivers/of/of_mdio.c:fix of_mdiobus_register() 2020-03-03 19:01:51 -08:00
opp ioremap changes for 5.6 2020-01-27 13:03:00 -08:00
oprofile tracing: Make struct ring_buffer less ambiguous 2020-01-13 13:19:38 -05:00
parisc proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
parport
pci Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
pcmcia PCMCIA/i82092: remove #if 0 block 2019-12-16 11:49:54 +01:00
perf drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer 2020-03-02 12:07:35 +00:00
phy phy: for 5.6-rc 2020-03-04 13:28:52 +01:00
pinctrl pinctrl: qcom: Assign irq_eoi conditionally 2020-03-09 16:31:34 +01:00
platform platform/chrome: wilco_ec: Include asm/unaligned instead of linux/ path 2020-02-11 09:10:36 +01:00
pnp proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
power ARM: SoC platform updates 2020-02-08 13:55:25 -08:00
powercap Merge back power capping changes for v5.6. 2020-01-13 10:32:19 +01:00
pps
ps3
ptp ptp: add VMware virtual PTP clock driver 2020-03-05 17:25:07 -08:00
pwm pwm: Remove set but not set variable 'pwm' 2020-01-20 15:40:49 +01:00
rapidio
ras
regulator regulator: Fixes for v5.6 2020-03-06 14:48:30 -06:00
remoteproc remoteproc: clean up notification config 2020-03-16 17:31:51 -07:00
reset reset: intel: add unspecified HAS_IOMEM dependency 2020-02-10 11:11:55 +01:00
rpmsg rpmsg: add rpmsg support for mt8183 SCP. 2020-01-20 10:29:56 -08:00
rtc chrome platform changes for 5.6 2020-02-04 07:17:41 +00:00
s390 s390/qeth: use dev->reg_state 2020-03-18 16:33:35 -07:00
sbus
scsi Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
sfi
sh remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
siox siox: Use the correct style for SPDX License Identifier 2020-01-14 21:46:53 +01:00
slimbus slimbus: qcom: add missed clk_disable_unprepare in remove 2020-01-14 21:46:48 +01:00
soc i.MX fixes for 5.6: 2020-02-24 09:57:05 -08:00
soundwire soundwire: cadence: fix kernel-doc parameter descriptions 2020-01-16 17:34:38 +05:30
spi spi: Fixes for v5.6 2020-03-06 14:50:16 -06:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-10 13:16:04 +01:00
ssb ssb: Use scnprintf() for avoiding potential buffer overflow 2020-03-12 15:44:12 +02:00
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
target scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" 2020-02-14 17:13:54 -05:00
tc The main MIPS changes for 5.6: 2020-01-31 11:28:31 -08:00
tee arm64: dts: agilex: fix gmac compatible 2020-03-03 16:40:56 -08:00
thermal - Fix a SEVERE docs build failure for cpu idle cooling device (Randy Dunlap) 2020-01-31 14:39:21 -08:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-13 04:59:30 -08:00
tty tty: serial: fsl_lpuart: free IDs allocated by IDA 2020-03-06 14:10:44 +01:00
uio uio: uio_pdrv_genirq: Do not log an error when deferring probe routine. 2020-01-14 15:27:51 +01:00
usb usb: dwc3: gadget: Update chain bit correctly when using sg list 2020-03-04 10:58:16 +01:00
vfio VFIO updates for v5.6-rc1 2020-02-03 22:22:05 +00:00
vhost vhost: Check docket sk_family instead of call getname 2020-02-22 21:41:42 -08:00
video ARM: SoC fixes 2020-03-08 17:36:22 -07:00
virt
virtio virtio_balloon: Adjust label in virtballoon_probe 2020-03-08 05:35:24 -04:00
visorbus visorbus: fix uninitialized variable access 2020-01-14 15:30:35 +01:00
vlynq
vme Char/Misc driver changes for 5.6-rc1 2020-01-29 10:35:54 -08:00
w1 Char/Misc driver changes for 5.6-rc1 2020-01-29 10:35:54 -08:00
watchdog ACPI fixes for 5.6-rc4 2020-02-28 09:02:18 -08:00
xen xen/xenbus: fix locking 2020-03-05 09:42:23 -06:00
zorro Kbuild updates for v5.6 (2nd) 2020-02-09 16:05:50 -08:00
Kconfig
Makefile thunderbolt: Update Kconfig entries to USB4 2019-12-18 15:39:18 +01:00