system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-24 20:29:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/drivers
History
Neil Horman eea915bb0d firmware: Fix an oops on reading fw_priv->fw in sysfs loading file 
This oops was reported recently:
firmware_loading_store+0xf9/0x17b
dev_attr_store+0x20/0x22
sysfs_write_file+0x101/0x134
vfs_write+0xac/0xf3
sys_write+0x4a/0x6e
system_call_fastpath+0x16/0x1b

The complete backtrace was unfortunately not captured, but details can be found
here:
https://bugzilla.redhat.com/show_bug.cgi?id=769920

The cause is fairly clear.

Its caused by the fact that firmware_loading_store has a case 0 in its
switch statement that reads and writes the fw_priv->fw poniter without the
protection of the fw_lock mutex.  since there is a window between the time that
_request_firmware sets fw_priv->fw to NULL and the time the corresponding sysfs
file is unregistered, its possible for a user space application to race in, and
write a zero to the loading file, causing a NULL dereference in
firmware_loading_store.  Fix it by extending the protection of the fw_lock mutex
to cover all of the firware_loading_store function.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2012-01-04 16:31:29 -08:00
..
accessibility
acpi cpu: convert 'cpu' and 'machinecheck' sysdev_class to a regular subsystem 2011-12-21 14:29:42 -08:00
amba
ata Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2011-10-25 13:25:22 +02:00
auxdisplay
base firmware: Fix an oops on reading fw_priv->fw in sysfs loading file 2012-01-04 16:31:29 -08:00
bcma bcma: fix implicit use of export.h contents 2011-10-31 19:32:02 -04:00
block Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
bluetooth USB: convert drivers/bluetooth/* to use module_usb_driver() 2011-11-18 09:47:34 -08:00
cdrom
char Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
clk
clocksource Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
connector
cpufreq cpu: convert 'cpu' and 'machinecheck' sysdev_class to a regular subsystem 2011-12-21 14:29:42 -08:00
cpuidle cpu: convert 'cpu' and 'machinecheck' sysdev_class to a regular subsystem 2011-12-21 14:29:42 -08:00
crypto Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
dca drivers/dca: Add export.h for THIS_MODULE to dca-sysfs.c 2011-10-31 19:31:43 -04:00
devfreq
dio
dma Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
edac edac: convert sysdev_class to a regular subsystem 2011-12-14 15:21:07 -08:00
eisa
firewire Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
firmware firmware: google: fix gsmi.c build warning 2011-12-09 16:23:49 -08:00
gpio driver-core: remove sysdev.h usage. 2011-12-21 16:26:03 -08:00
gpu Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux 2011-11-07 10:01:56 -08:00
hid USB: convert drivers/hid/* to use module_usb_driver() 2011-11-18 09:49:34 -08:00
hv Drivers:hv: Fix a bug in vmbus_driver_unregister() 2012-01-04 16:14:44 -08:00
hwmon Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
hwspinlock
i2c USB: convert some miscellanies drivers to use module_usb_driver() 2011-11-18 09:52:10 -08:00
ide Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
idle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2011-11-07 10:13:52 -08:00
ieee802154
infiniband Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
input USB: convert drivers/input/* to use module_usb_driver() 2011-11-18 09:48:31 -08:00
iommu intel-iommu: now needs export.h for EXPORT_SYMBOL_GPL 2011-10-31 19:32:14 -04:00
isdn USB: convert some miscellanies drivers to use module_usb_driver() 2011-11-18 09:52:10 -08:00
leds driver-core: remove sysdev.h usage. 2011-12-21 16:26:03 -08:00
lguest lguest: add export.h to lguest files for THIS_MODULE/EXPORT_SYMBOL 2011-10-31 19:32:13 -04:00
macintosh driver-core: remove sysdev.h usage. 2011-12-21 16:26:03 -08:00
mca
md device-mapper: using EXPORT_SYBOL in dm-space-map-checker.c needs export.h 2011-11-07 10:29:10 -08:00
media USB: convert drivers/media/* to use module_usb_driver() 2011-11-18 09:46:12 -08:00
memstick drivers/memstick: Add module.h to the prev. implicit modular users 2011-10-31 19:31:52 -04:00
message drivers/message: Add module.h to i2o/pci.c 2011-10-31 19:31:53 -04:00
mfd Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
misc Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
mmc USB: convert some miscellanies drivers to use module_usb_driver() 2011-11-18 09:52:10 -08:00
mtd USB: convert some miscellanies drivers to use module_usb_driver() 2011-11-18 09:52:10 -08:00
net driver-core: remove sysdev.h usage. 2011-12-21 16:26:03 -08:00
nfc USB: convert some miscellanies drivers to use module_usb_driver() 2011-11-18 09:52:10 -08:00
nubus
of Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
oprofile
parisc parisc: add module.h to files really requiring it 2011-10-31 19:31:01 -04:00
parport parport_pc: release IO region properly if unsupported ITE887x card is found 2011-10-18 14:17:40 -07:00
pci Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
pcmcia Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
pinctrl pinctrl: EXPORT_SYMBOL needs export.h 2011-10-31 19:32:21 -04:00
platform driver-core: remove sysdev.h usage. 2011-12-21 16:26:03 -08:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2011-11-07 10:13:52 -08:00
power Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
pps pps gpio client: add missing dependency 2011-11-02 16:07:02 -07:00
ps3 powerpc: Fix up modules that should be including module.h 2011-10-31 19:30:38 -04:00
ptp
rapidio Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
regulator Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
rtc Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
s390 driver-core: remove sysdev.h usage. 2011-12-21 16:26:03 -08:00
sbus
scsi Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
sfi drivers/sfi: sfi_acpi.c needs sysfs.h 2011-10-31 19:31:57 -04:00
sh sh: intc - convert sysdev_class to a regular subsystem 2011-12-21 15:09:52 -08:00
sn
spi Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
ssb ssb: Add export.h to files using EXPORT_SYMBOL/THIS_MODULE 2011-10-31 19:32:08 -04:00
staging USB: convert drivers/staging/* to use module_usb_driver() 2011-11-18 09:42:11 -08:00
target Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
tc
telephony
thermal thermal: Prevent polling from happening during system suspend 2011-11-06 20:38:49 -05:00
tty Revert "hvc_console: display printk messages on console." 2011-11-06 22:22:16 -08:00
uio uio: convert drivers/uio/* to use module_platform_driver() 2011-11-26 20:12:48 -08:00
usb usb: dwc3: fix a warning 2011-11-18 15:19:21 -08:00
uwb USB: convert some miscellanies drivers to use module_usb_driver() 2011-11-18 09:52:10 -08:00
vhost
video USB: convert some miscellanies drivers to use module_usb_driver() 2011-11-18 09:52:10 -08:00
virt
virtio Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
vlynq
w1 w1: add fast search for single slave bus 2011-12-09 19:19:18 -08:00
watchdog USB: convert some miscellanies drivers to use module_usb_driver() 2011-11-18 09:52:10 -08:00
xen xen: fix build breakage in xen-selfballoon.c caused by sysdev conversion 2011-12-15 11:07:02 -08:00
zorro drivers/zorro: Add export.h to proc.c 2011-10-31 19:32:01 -04:00
Kconfig hv: Move Kconfig menu entry 2011-11-26 17:05:33 -08:00
Makefile Merge branch 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging 2011-10-26 15:39:02 +02:00