linux/drivers
Joerg Roedel e324fc82ea vfio: Fix bug in vfio_device_get_from_name()
The vfio_device_get_from_name() function might return a
non-NULL pointer, when called with a device name that is not
found in the list. This causes undefined behavior, in my
case calling an invalid function pointer later on:

 kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
 BUG: unable to handle kernel paging request at ffff8800cb3ddc08

[...]

 Call Trace:
  [<ffffffffa03bd733>] ? vfio_group_fops_unl_ioctl+0x253/0x410 [vfio]
  [<ffffffff811efc4d>] do_vfs_ioctl+0x2cd/0x4c0
  [<ffffffff811f9657>] ? __fget+0x77/0xb0
  [<ffffffff811efeb9>] SyS_ioctl+0x79/0x90
  [<ffffffff81001bb0>] ? syscall_return_slowpath+0x50/0x130
  [<ffffffff8167f776>] entry_SYSCALL_64_fastpath+0x16/0x75

Fix the issue by returning NULL when there is no device with
the requested name in the list.

Cc: stable@vger.kernel.org # v4.2+
Fixes: 4bc94d5dc9 ("vfio: Fix lockdep issue")
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-11-04 09:27:39 -07:00
..
accessibility
acpi ACPICA: Tables: Fix FADT dependency regression 2015-10-14 22:48:13 +02:00
amba
android mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
ata Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-09-03 16:55:55 -07:00
atm solos-pci: Increase headroom on received packets 2015-09-17 21:29:07 -07:00
auxdisplay
base mm: cma: fix incorrect type conversion for size during dma allocation 2015-10-23 17:55:10 +09:00
bcma
block Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2015-10-24 07:20:57 +09:00
bluetooth Bluetooth: hci_bcm: Fix crash on suspend 2015-08-28 21:09:14 +02:00
bus bus: arm-ccn: Fix irq affinity setting on CPU migration 2015-10-15 17:10:15 +02:00
cdrom
char Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-09-26 21:05:23 -04:00
clk Partially revert "clk: mvebu: Convert to clk_hw based provider APIs" 2015-10-14 11:28:17 -07:00
clocksource clocksource/drivers/keystone: Fix bad NO_IRQ usage 2015-09-29 14:33:51 +02:00
connector
cpufreq cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) 2015-10-15 22:46:33 +02:00
cpuidle Additional power management and ACPI material for v4.3-rc1 2015-09-11 19:11:06 -07:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-09-26 21:05:23 -04:00
dca
devfreq PM / devfreq: fix double kfree 2015-10-02 11:05:58 +09:00
dio
dma dmaengine fixes for 4.3-rc4 2015-10-02 14:46:15 -04:00
dma-buf
edac edac updates for v4.3-rc1 2015-09-11 16:21:12 -07:00
eisa
extcon extcon: Fix attached value returned by is_extcon_changed 2015-09-21 15:07:19 +09:00
firewire
firmware arm64/efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions 2015-10-01 12:51:28 +02:00
fmc
gpio Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-09-18 08:11:42 -07:00
gpu Merge branch 'drm-fixes-4.3' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 2015-10-22 10:24:55 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-09-04 12:02:11 -07:00
hsi mm: mark most vm_operations_struct const 2015-09-10 13:29:01 -07:00
hv Drivers: hv: vmbus: fix init_vp_index() for reloading hv_netvsc 2015-09-20 22:44:51 -07:00
hwmon hwmon: (pwm-fan) Fix module autoload for OF platform driver 2015-09-20 17:50:19 -07:00
hwspinlock
hwtracing/coresight
i2c i2c: designware: Do not use parameters from ACPI on Dell Inspiron 7348 2015-10-18 14:11:08 +02:00
ide
idle intel_idle: Skylake Client Support - updated 2015-09-10 14:03:44 -04:00
iio iio: st_accel: fix interrupt handling on LIS3LV02 2015-10-03 10:27:18 +01:00
infiniband Changes for 4.3-rc6 2015-10-24 07:28:05 +09:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-10-16 17:39:27 -07:00
iommu Merge tag 'for-linus-20151021' of git://git.infradead.org/intel-iommu 2015-10-22 06:32:48 +09:00
ipack
irqchip Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-10-04 11:40:09 +01:00
isdn libnvdimm for 4.3: 2015-09-08 14:35:59 -07:00
leds leds:lp55xx: Correct Kconfig dependency for f/w user helper 2015-09-17 10:02:20 +02:00
lguest
macintosh powerpc updates for 4.3 2015-09-03 16:41:38 -07:00
mailbox Merge branch 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration 2015-09-05 18:11:04 -07:00
mcb mcb: Fix error handling in mcb_pci_probe() 2015-10-05 05:10:01 +01:00
md dm cache: the CLEAN_SHUTDOWN flag was not being set 2015-10-23 14:02:56 -04:00
media [media] m88ds3103: use own reg update_bits() implementation 2015-10-22 15:48:28 -02:00
memory memory: omap-gpmc: dump "before" state before first modification 2015-10-12 16:23:34 -07:00
memstick
message mptfusion: prevent some memory corruption 2015-08-26 07:11:45 -07:00
mfd mfd: max77843: Fix max77843_chg_init() return on error 2015-10-01 16:31:42 +01:00
misc powerpc fixes for 4.3 #3 2015-10-16 12:07:43 -07:00
mmc mmc: core: Fix init_card in 52Mhz 2015-10-21 10:18:11 +02:00
mtd A few MTD fixes: 2015-10-07 09:35:15 +01:00
net net: bcmgenet: Fix early link interrupt enabling 2015-10-18 23:07:12 -07:00
nfc This is the bulk of GPIO changes for the v4.3 kernel cycle: 2015-09-04 10:07:45 -07:00
ntb NTB: Fix range check on memory window index 2015-09-07 15:27:12 -04:00
nubus
nvdimm pmem: add proper fencing to pmem_rw_page() 2015-09-17 11:49:28 -04:00
nvmem nvmem: sunxi: Check for memory allocation failure 2015-10-04 12:09:43 +01:00
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-09-26 06:01:33 -04:00
oprofile
parisc PCI: Revert "PCI: Call pci_read_bridge_bases() from core instead of arch code" 2015-09-15 13:18:04 -05:00
parport
pci genirq/msi: Do not use pci_msi_[un]mask_irq as default methods 2015-10-16 12:40:43 +02:00
pcmcia pcmcia: soc_common: remove skt_dev_info's clk pointer 2015-09-03 16:01:03 +01:00
perf drivers/perf: arm_pmu: avoid CPU device_node reference leak 2015-10-15 17:11:23 +02:00
phy phy: berlin-sata: Fix module autoload for OF platform driver 2015-09-25 17:01:14 +05:30
pinctrl pinctrl: uniphier: fix input enable settings for PH1-sLD8 2015-10-02 04:06:26 -07:00
platform platform-drivers-x86 for 4.3-2 2015-09-17 21:41:02 -07:00
pnp
power power supply and reset fixes for the v4.3 series 2015-09-17 12:25:42 -07:00
powercap powercap / RAPL: disable the 2nd power limit properly 2015-08-29 01:46:40 +02:00
pps
ps3
ptp
pwm pwm: Changes for v4.3-rc1 2015-09-09 10:55:32 -07:00
rapidio
ras
regulator Merge remote-tracking branch 'regulator/fix/axp20x' into regulator-linus 2015-10-06 12:00:42 +01:00
remoteproc
reset reset: ath79: Fix missing spin_lock_init 2015-09-01 14:48:40 +02:00
rpmsg
rtc rtc: abx80x: fix RTC write bit 2015-09-05 19:37:31 +02:00
s390 virtio: fixes on top of 4.3-rc1 2015-09-18 09:28:20 -07:00
sbus
scsi SCSI fixes on 20151010 2015-10-11 10:02:30 -07:00
sfi
sh SH Drivers Updates for v4.3 2015-09-21 12:02:27 -07:00
sn
soc genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
spi Merge remote-tracking branches 'spi/fix/davinci' and 'spi/fix/sh-msiof' into spi-linus 2015-10-07 11:43:39 +01:00
spmi genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
ssb
staging staging driver fixes for 4.3-rc7 2015-10-24 07:51:13 +09:00
target iscsi-target: Avoid OFMarker + IFMarker negotiation 2015-09-24 23:24:46 -07:00
tc
thermal Samsung 2nd fixes for v4.3 2015-10-21 17:02:13 +02:00
thunderbolt thunderbolt: Allow loading of module on recent Apple MacBooks with thunderbolt 2 controller 2015-09-20 15:20:11 -07:00
tty Revert "serial: 8250_dma: don't bother DMA with small transfers" 2015-10-17 21:24:46 -07:00
uio
usb xhci: Add spurious wakeup quirk for LynxPoint-LP controllers 2015-10-17 00:04:18 -07:00
uwb
vfio vfio: Fix bug in vfio_device_get_from_name() 2015-11-04 09:27:39 -07:00
vhost virtio: fixes on top of 4.3-rc1 2015-09-18 09:28:20 -07:00
video fbcon: initialize blink interval before calling fb_set_par 2015-10-17 22:00:39 -07:00
virt
virtio virtio_balloon: do not change memory amount visible via /proc/meminfo 2015-09-08 13:32:11 +03:00
vlynq
vme
w1 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-09-01 18:46:42 -07:00
watchdog watchdog: iTCO: Fix dependencies on I2C 2015-09-28 10:56:10 +02:00
xen Merge branch 'akpm' (patches from Andrew) 2015-09-10 18:19:42 -07:00
zorro
Kconfig Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2015-09-03 16:27:01 -07:00
Makefile This is the bulk of pin control changes for the v4.3 development 2015-09-04 10:22:09 -07:00