linux/drivers/misc
Lv Yunlong 115726c5d3 habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory
Our code analyzer reported a uaf.

In gaudi_memset_device_memory, cb is get via hl_cb_kernel_create()
with 2 refcount.
If hl_cs_allocate_job() failed, the execution runs into release_cb
branch. One ref of cb is dropped by hl_cb_put(cb) and could be freed
if other thread also drops one ref. Then cb is used by cb->id later,
which is a potential uaf.

My patch add a variable 'id' to accept the value of cb->id before the
hl_cb_put(cb) is called, to avoid the potential uaf.

Fixes: 423815bf02 ("habanalabs/gaudi: remove PCI access to SM block")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Reviewed-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Oded Gabbay <ogabbay@kernel.org>
2021-05-08 11:36:07 +03:00
..
altera-stapl altera-stapl: remove the unreached switch case 2020-12-09 19:53:03 +01:00
bcm-vk misc: bcm-vk: only support ttyVK if CONFIG_TTY is set 2021-02-04 00:48:58 +01:00
c2port misc: c2port: core: Make copying name from userspace more secure 2020-11-03 10:12:10 +01:00
cardreader misc: rtsx: init of rts522a add OCP power off when no card is present 2021-02-04 17:09:32 +01:00
cb710 misc: cb710: sgbuf2: Add missing documentation for cb710_sg_dwiter_write_next_block()'s 'data' arg 2020-06-29 18:45:53 +02:00
cxl cxl: don't manipulate the mm.mm_users field directly 2021-03-24 08:26:30 +01:00
echo char: Replace HTTP links with HTTPS ones 2020-07-23 09:44:15 +02:00
eeprom misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom 2021-01-20 18:52:12 +01:00
genwqe misc: genwqe: Rudimentary typo fixes 2021-03-28 14:39:40 +02:00
habanalabs habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory 2021-05-08 11:36:07 +03:00
ibmasm misc: ibmasm: dot_command: Demote function headers from kerneldoc 2020-07-01 15:08:03 +02:00
lis3lv02d misc: lis3lv02d: Do not log an error when kmalloc fails 2021-03-24 08:26:29 +01:00
lkdtm CFI on arm64 series for v5.13-rc1 2021-04-27 10:16:46 -07:00
mei mei: me: add Alder Lake P device id. 2021-04-14 21:05:59 +02:00
ocxl ocxl: use DEFINE_MUTEX() for mutex lock 2021-01-30 11:39:21 +11:00
pvpanic misc/pvpanic: Make some symbols static 2021-04-02 16:16:49 +02:00
sgi-gru x86/platform/uv: Update Copyrights to conform to HPE standards 2020-10-07 09:10:07 +02:00
sgi-xp misc: sgi-xp: xp_main: make some symbols static 2021-03-28 14:39:26 +02:00
ti-st tty: remove TTY_LDISC_MAGIC 2021-03-10 09:34:06 +01:00
uacce IOMMU Updates for Linux v5.13 2021-05-01 09:33:00 -07:00
vmw_vmci misc: vmw_vmci: explicitly initialize vmci_datagram payload 2021-04-05 12:29:31 +02:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c drivers: misc: ad525x_dpot: Add missing check in dpot_read_spi 2021-03-10 09:21:02 +01:00
ad525x_dpot.h
apds990x.c
apds9802als.c
atmel-ssc.c misc: atmel-ssc: lock with mutex instead of spinlock 2020-06-29 19:10:51 +02:00
bh1770glc.c
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
dw-xdata-pcie.c misc: Add Synopsys DesignWare xData IP driver 2021-04-05 13:15:52 +02:00
enclosure.c misc: enclosure: Update enclosure_remove_device() documentation to match reality 2020-07-01 15:05:37 +02:00
fastrpc.c misc: fastrpc: restrict user apps from sending kernel RPC messages 2021-03-10 17:01:29 +01:00
hisi_hikey_usb.c misc: hisi_hikey_usb: use PTR_ERR_OR_ZERO 2020-10-29 08:37:29 +01:00
hmc6352.c
hpilo.c misc: hpilo: avoid a useless memset 2020-07-23 12:56:49 +02:00
hpilo.h hpilo: Replace one-element array with flexible-array member 2020-07-14 18:21:25 +02:00
ibmvmc.c vio: make remove callback return void 2021-03-02 22:41:23 +11:00
ibmvmc.h
ics932s401.c
isl29003.c misc: isl29003: Fix typo for get/set mode 2020-12-09 19:35:34 +01:00
isl29020.c misc: isl29020: add missed pm_runtime_disable 2020-01-14 15:06:07 +01:00
Kconfig misc: Add Synopsys DesignWare xData IP driver 2021-04-05 13:15:52 +02:00
kgdbts.c kgdbts: Switch to do_sys_openat2() for breakpoint testing 2021-03-28 14:40:08 +02:00
lattice-ecp3-config.c misc: lattice-ecp3-config: Remove set but clearly unused variable 'ret' 2020-07-01 15:05:37 +02:00
Makefile misc: Add Synopsys DesignWare xData IP driver 2021-04-05 13:15:52 +02:00
pch_phub.c misc: pch_phub: Remove superfluous descriptions to non-existent args 'offset_address' 2020-07-01 15:05:37 +02:00
pci_endpoint_test.c PCI: Add TI J721E device to PCI IDs 2021-02-23 14:12:41 -06:00
phantom.c misc/phantom.c: use generic power management 2020-06-29 18:43:42 +02:00
qcom-coincell.c
sram-exec.c char: Replace HTTP links with HTTPS ones 2020-07-23 09:44:15 +02:00
sram.c treewide: Change list_sort to use const pointers 2021-04-08 16:04:22 -07:00
sram.h
tifm_7xx1.c misc/tifm_7xx1.c: use generic power management 2020-06-29 18:43:42 +02:00
tifm_core.c
tsl2550.c misc: tsl2550: remove redundant initialization to variable r 2020-01-14 15:16:51 +01:00
vmw_balloon.c drivers: vmw_balloon: remove dentry pointer for debugfs 2021-03-10 09:21:02 +01:00
xilinx_sdfec.c misc: xilinx-sdfec: remove check for ioctl cmd and argument. 2020-11-03 10:11:48 +01:00