Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
kernel-fxtec-pro1x/drivers
History
Tetsuo Handa 0484e56fef mwifiex: don't call del_timer_sync() on uninitialized timer 
[ Upstream commit 621a3a8b1c0ecf16e1e5667ea5756a76a082b738 ]

syzbot is reporting that del_timer_sync() is called from
mwifiex_usb_cleanup_tx_aggr() from mwifiex_unregister_dev() without
checking timer_setup() from mwifiex_usb_tx_init() was called [1].

Ganapathi Bhat proposed a possibly cleaner fix, but it seems that
that fix was forgotten [2].

"grep -FrB1 'del_timer' drivers/ | grep -FA1 '.function)'" says that
currently there are 28 locations which call del_timer[_sync]() only if
that timer's function field was initialized (because timer_setup() sets
that timer's function field). Therefore, let's use same approach here.

[1] https://syzkaller.appspot.com/bug?id=26525f643f454dd7be0078423e3cdb0d57744959
[2] https://lkml.kernel.org/r/CA+ASDXMHt2gq9Hy+iP_BYkWXsSreWdp3_bAfMkNcuqJ3K+-jbQ@mail.gmail.com

Reported-by: syzbot <syzbot+dc4127f950da51639216@syzkaller.appspotmail.com>
Cc: Ganapathi Bhat <ganapathi.bhat@nxp.com>
Cc: Brian Norris <briannorris@chromium.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Acked-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200821082720.7716-1-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-10-30 10:38:31 +01:00
..
accessibility
acpi ACPI: EC: Reference count query handlers under lock 2020-10-01 13:14:30 +02:00
amba
android binder: fix UAF when releasing todo list 2020-10-29 09:54:56 +01:00
ata ata: sata_mv, avoid trigerrable BUG_ON 2020-10-01 13:14:54 +02:00
atm atm: eni: fix the missed pci_disable_device() for eni_init_one() 2020-10-01 13:14:51 +02:00
auxdisplay
base driver core: Fix probe_count imbalance in really_probe() 2020-10-14 10:31:22 +02:00
bcma
block rbd: require global CAP_SYS_ADMIN for mapping and unmapping 2020-09-17 13:45:29 +02:00
bluetooth Bluetooth: hci_uart: Cancel init work before unregistering 2020-10-29 09:55:05 +01:00
bus bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal 2020-10-01 13:14:35 +02:00
cdrom
char drivers: char: tlclk.c: Avoid data race between init and interrupt handler 2020-10-01 13:14:42 +02:00
clk clk: bcm2835: add missing release if devm_clk_hw_register fails 2020-10-30 10:38:22 +01:00
clocksource clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() 2020-10-01 13:14:51 +02:00
connector
cpufreq cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier 2020-10-30 10:38:20 +01:00
cpuidle cpuidle: Fixup IRQ state 2020-09-09 19:04:23 +02:00
crypto crypto: ccp - fix error handling 2020-10-30 10:38:26 +01:00
dax
dca
devfreq PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out 2020-10-01 13:14:26 +02:00
dio
dma dmaengine: tegra-apb: Prevent race conditions on channel's freeing 2020-10-01 13:14:35 +02:00
dma-buf dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) 2020-10-01 13:14:24 +02:00
edac EDAC/ti: Fix handling of platform_get_irq() error 2020-10-29 09:55:00 +01:00
eisa
extcon extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' 2020-06-25 15:33:01 +02:00
firewire
firmware firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp 2020-10-01 13:14:35 +02:00
fmc
fpga fpga: dfl: fix bug in port reset handshake 2020-07-29 10:16:48 +02:00
fsi
gnss gnss: sirf: fix error return code in sirf_probe() 2020-06-22 09:05:28 +02:00
gpio gpio: sprd: Clear interrupt when setting the type as edge 2020-10-07 08:00:07 +02:00
gpu Fix use after free in get_capset_info callback. 2020-10-30 10:38:31 +01:00
hid HID: hid-input: fix stylus battery reporting 2020-10-29 09:55:12 +01:00
hsi
hv Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload 2020-09-23 12:10:59 +02:00
hwmon hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} 2020-10-29 09:55:02 +01:00
hwspinlock
hwtracing coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb() 2020-08-19 08:14:58 +02:00
i2c i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs 2020-10-30 10:38:26 +01:00
ide
idle
iio iio:accel:mma8452: Fix timestamp alignment and prevent data leak. 2020-09-17 13:45:28 +02:00
infiniband IB/rdmavt: Fix sizeof mismatch 2020-10-30 10:38:20 +01:00
input Input: sun4i-ps2 - fix handling of platform_get_irq() error 2020-10-30 10:38:24 +01:00
iommu iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() 2020-10-07 08:00:07 +02:00
ipack ipack: tpci200: fix error return code in tpci200_register() 2020-05-27 17:37:43 +02:00
irqchip irqchip/stm32-exti: Avoid losing interrupts due to clearing pending bits by mistake 2020-09-03 11:24:29 +02:00
isdn PCI: add USR vendor id and use it in r8169 and w6692 driver 2020-06-22 09:05:23 +02:00
leds leds: mlxreg: Fix possible buffer overflow 2020-10-01 13:14:25 +02:00
lightnvm
macintosh drivers/macintosh: Fix memleak in windfarm_pm112 driver 2020-06-22 09:05:29 +02:00
mailbox mailbox: avoid timer start from callback 2020-10-30 10:38:21 +01:00
mcb
md bcache: fix a lost wake-up problem caused by mca_cannibalize_lock 2020-10-01 13:14:27 +02:00
media media: venus: core: Fix runtime PM imbalance in venus_probe 2020-10-30 10:38:28 +01:00
memory memory: fsl-corenet-cf: Fix handling of platform_get_irq() error 2020-10-30 10:38:24 +01:00
memstick
message scsi: mptscsih: Fix read sense data size 2020-07-16 08:17:23 +02:00
mfd mfd: sm501: Fix leaks in probe() 2020-10-29 09:55:13 +01:00
misc misc: rtsx: Fix memory leak in rtsx_pci_probe 2020-10-30 10:38:30 +01:00
mmc mmc: sdio: Check for CISTPL_VERS_1 buffer size 2020-10-30 10:38:28 +01:00
mtd mtd: mtdoops: Don't write panic data twice 2020-10-29 09:55:17 +01:00
mux
net mwifiex: don't call del_timer_sync() on uninitialized timer 2020-10-30 10:38:31 +01:00
nfc NFC: st95hf: Fix memleak in st95hf_in_send_cmd 2020-09-17 13:45:24 +02:00
ntb NTB: hw: amd: fix an issue about leak system resources 2020-10-30 10:38:25 +01:00
nubus
nvdimm libnvdimm: Fix endian conversion issues 2020-06-07 13:17:53 +02:00
nvme nvmet: fix uninitialized work for zero kato 2020-10-30 10:38:25 +01:00
nvmem nvmem: qfprom: remove incorrect write support 2020-06-10 21:35:00 +02:00
of of: of_mdio: Correct loop scanning logic 2020-07-22 09:32:03 +02:00
opp
oprofile
parisc parisc: mask out enable and reserved bits from sba imask 2020-08-19 08:15:07 +02:00
parport
pci PCI: iproc: Set affinity mask on MSI interrupts 2020-10-30 10:38:21 +01:00
pcmcia
perf drivers/perf: xgene_pmu: Fix uninitialized resource struct 2020-10-29 09:55:00 +01:00
phy phy: samsung: s5pv210-usb2: Add delay after reset 2020-10-01 13:14:44 +02:00
pinctrl pinctrl: mcp23s08: Fix mcp23x17 precious range 2020-10-29 09:55:10 +01:00
platform platform/x86: mlx-platform: Remove PSU EEPROM configuration 2020-10-29 09:55:14 +01:00
pnp
power power: supply: max17040: Correct voltage reading 2020-10-01 13:14:43 +02:00
powercap
pps
ps3
ptp
pwm pwm: img: Fix null pointer access in probe 2020-10-30 10:38:21 +01:00
rapidio rapidio: fix the missed put_device() for rio_mport_add_riodev 2020-10-30 10:38:21 +01:00
ras
regulator regulator: resolve supply after creating regulator 2020-10-29 09:55:04 +01:00
remoteproc remoteproc: qcom: q6v5: Update running state before requesting stop 2020-08-21 11:05:34 +02:00
reset
rpmsg rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge() 2020-10-30 10:38:21 +01:00
rtc rtc: ds1374: fix possible race condition 2020-10-01 13:14:38 +02:00
s390 s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl 2020-10-01 13:14:54 +02:00
sbus
scsi scsi: qedi: Fix list_del corruption while removing active I/O 2020-10-30 10:38:31 +01:00
sfi
sh
siox
slimbus slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback 2020-10-29 09:55:12 +01:00
sn
soc soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag 2020-08-19 08:14:50 +02:00
soundwire
spi spi: spi-s3c64xx: Check return values 2020-10-29 09:55:05 +01:00
spmi
ssb
staging staging: rtl8192u: Do not use GFP_KERNEL in atomic context 2020-10-29 09:55:07 +01:00
target scsi: target: tcmu: Fix warning: 'page' may be used uninitialized 2020-10-29 09:55:14 +01:00
tc
tee
thermal thermal: rcar_thermal: Handle probe error gracefully 2020-10-01 13:14:39 +02:00
thunderbolt thunderbolt: Drop duplicated get_switch_at_route() 2020-05-27 17:37:40 +02:00
tty tty: ipwireless: fix error handling 2020-10-30 10:38:31 +01:00
uio uio_pdrv_genirq: fix use without device tree and no interrupt 2020-07-22 09:32:11 +02:00
usb usb: ohci: Default to per-port over-current protection 2020-10-30 10:38:30 +01:00
uwb
vfio vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages 2020-10-30 10:38:23 +01:00
vhost vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() 2020-10-07 08:00:05 +02:00
video video: fbdev: radeon: Fix memleak in radeonfb_pci_register 2020-10-29 09:55:09 +01:00
virt drivers/virt/fsl_hypervisor: Fix error handling path 2020-10-29 09:55:09 +01:00
virtio virtio_ring: Avoid loop when vq is broken in virtqueue_poll 2020-08-26 10:31:01 +02:00
visorbus
vlynq
vme
w1 w1: omap-hdq: cleanup to add missing newline for some dev_dbg 2020-06-22 09:05:30 +02:00
watchdog watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 2020-10-30 10:38:22 +01:00
xen xen/xenbus: Fix granting of vmalloc'd memory 2020-09-09 19:04:24 +02:00
zorro
Kconfig
Makefile