kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/drivers
History
Joachim Eastwood f3f4bf5cf0 USB: ohci-at91: fix null pointer in ohci_hcd_at91_overcurrent_irq 
Fixes the following NULL pointer dereference:
[    7.740000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    7.810000] Unable to handle kernel NULL pointer dereference at virtual address 00000028
[    7.810000] pgd = c3a38000
[    7.810000] [00000028] *pgd=23a8c831, *pte=00000000, *ppte=00000000
[    7.810000] Internal error: Oops: 17 [#1] PREEMPT ARM
[    7.810000] Modules linked in: ohci_hcd(+) regmap_i2c snd_pcm usbcore snd_page_alloc at91_cf snd_timer pcmcia_rsrc snd soundcore gpio_keys regmap_spi pcmcia_core usb_common nls_base
[    7.810000] CPU: 0    Not tainted  (3.6.0-rc6-mpa+ #264)
[    7.810000] PC is at __gpio_to_irq+0x18/0x40
[    7.810000] LR is at ohci_hcd_at91_overcurrent_irq+0x24/0xb4 [ohci_hcd]
[    7.810000] pc : [<c01392d4>]    lr : [<bf08f694>]    psr: 40000093
[    7.810000] sp : c3a11c40  ip : c3a11c50  fp : c3a11c4c
[    7.810000] r10: 00000000  r9 : c02dcd6e  r8 : fefff400
[    7.810000] r7 : 00000000  r6 : c02cc928  r5 : 00000030  r4 : c02dd168
[    7.810000] r3 : c02e7350  r2 : ffffffea  r1 : c02cc928  r0 : 00000000
[    7.810000] Flags: nZcv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
[    7.810000] Control: c000717f  Table: 23a38000  DAC: 00000015
[    7.810000] Process modprobe (pid: 285, stack limit = 0xc3a10270)
[    7.810000] Stack: (0xc3a11c40 to 0xc3a12000)
[    7.810000] 1c40: c3a11c6c c3a11c50 bf08f694 c01392cc c3a11c84 c2c38b00 c3806900 00000030
[    7.810000] 1c60: c3a11ca4 c3a11c70 c0051264 bf08f680 c3a11cac c3a11c80 c003e764 c3806900
[    7.810000] 1c80: c2c38b00 c02cb05c c02cb000 fefff400 c3806930 c3a11cf4 c3a11cbc c3a11ca8
[    7.810000] 1ca0: c005142c c005123c c3806900 c3805a00 c3a11cd4 c3a11cc0 c0053f24 c00513e4
[    7.810000] 1cc0: c3a11cf4 00000030 c3a11cec c3a11cd8 c005120c c0053e88 00000000 00000000
[    7.810000] 1ce0: c3a11d1c c3a11cf0 c00124d0 c00511e0 01400000 00000001 00000012 00000000
[    7.810000] 1d00: ffffffff c3a11d94 00000030 00000000 c3a11d34 c3a11d20 c005120c c0012438
[    7.810000] 1d20: c001dac4 00000012 c3a11d4c c3a11d38 c0009b08 c00511e0 c00523fc 60000013
[    7.810000] 1d40: c3a11d5c c3a11d50 c0008510 c0009ab4 c3a11ddc c3a11d60 c0008eb4 c00084f0
[    7.810000] 1d60: 00000000 00000030 00000000 00000080 60000013 bf08f670 c3806900 c2c38b00
[    7.810000] 1d80: 00000030 c3806930 00000000 c3a11ddc c3a11d88 c3a11da8 c0054190 c00523fc
[    7.810000] 1da0: 60000013 ffffffff c3a11dec c3a11db8 00000000 c2c38b00 bf08f670 c3806900
[    7.810000] 1dc0: 00000000 00000080 c02cc928 00000030 c3a11e0c c3a11de0 c0052764 c00520d8
[    7.810000] 1de0: c3a11dfc 00000000 00000000 00000002 bf090f61 00000004 c02cc930 c02cc928
[    7.810000] 1e00: c3a11e4c c3a11e10 bf090978 c005269c bf090f61 c02cc928 bf093000 c02dd170
[    7.810000] 1e20: c3a11e3c c02cc930 c02cc930 bf0911d0 bf0911d0 bf093000 c3a10000 00000000
[    7.810000] 1e40: c3a11e5c c3a11e50 c0155b7c bf090808 c3a11e7c c3a11e60 c0154690 c0155b6c
[    7.810000] 1e60: c02cc930 c02cc964 bf0911d0 c3a11ea0 c3a11e9c c3a11e80 c015484c c01545e8
[    7.810000] 1e80: 00000000 00000000 c01547e4 bf0911d0 c3a11ec4 c3a11ea0 c0152e58 c01547f4
[    7.810000] 1ea0: c381b88c c384ab10 c2c10540 bf0911d0 00000000 c02d7518 c3a11ed4 c3a11ec8
[    7.810000] 1ec0: c01544c0 c0152e0c c3a11efc c3a11ed8 c01536cc c01544b0 bf091075 c3a11ee8
[    7.810000] 1ee0: bf049af0 bf09120c bf0911d0 00000000 c3a11f1c c3a11f00 c0154e9c c0153628
[    7.810000] 1f00: bf049af0 bf09120c 000ae190 00000000 c3a11f2c c3a11f20 c0155f58 c0154e04
[    7.810000] 1f20: c3a11f44 c3a11f30 bf093054 c0155f1c 00000000 00006a4f c3a11f7c c3a11f48
[    7.810000] 1f40: c0008638 bf093010 bf09120c 000ae190 00000000 c00093c4 00006a4f bf09120c
[    7.810000] 1f60: 000ae190 00000000 c00093c4 00000000 c3a11fa4 c3a11f80 c004fdc4 c000859c
[    7.810000] 1f80: c3a11fa4 000ae190 00006a4f 00016eb8 000ad018 00000080 00000000 c3a11fa8
[    7.810000] 1fa0: c0009260 c004fd58 00006a4f 00016eb8 000ae190 00006a4f 000ae100 00000000
[    7.810000] 1fc0: 00006a4f 00016eb8 000ad018 00000080 000adba0 000ad208 00000000 000ad3d8
[    7.810000] 1fe0: beaf7ae8 beaf7ad8 000172b8 b6e4e940 20000010 000ae190 00000000 00000000
[    7.810000] Backtrace:
[    7.810000] [<c01392bc>] (__gpio_to_irq+0x0/0x40) from [<bf08f694>] (ohci_hcd_at91_overcurrent_irq+0x24/0xb4 [ohci_hcd])
[    7.810000] [<bf08f670>] (ohci_hcd_at91_overcurrent_irq+0x0/0xb4 [ohci_hcd]) from [<c0051264>] (handle_irq_event_percpu+0x38/0x1a8)
[    7.810000]  r6:00000030 r5:c3806900 r4:c2c38b00
[    7.810000] [<c005122c>] (handle_irq_event_percpu+0x0/0x1a8) from [<c005142c>] (handle_irq_event+0x58/0x7c)
[    7.810000] [<c00513d4>] (handle_irq_event+0x0/0x7c) from [<c0053f24>] (handle_simple_irq+0xac/0xd8)
[    7.810000]  r5:c3805a00 r4:c3806900
[    7.810000] [<c0053e78>] (handle_simple_irq+0x0/0xd8) from [<c005120c>] (generic_handle_irq+0x3c/0x48)
[    7.810000]  r4:00000030
[    7.810000] [<c00511d0>] (generic_handle_irq+0x0/0x48) from [<c00124d0>] (gpio_irq_handler+0xa8/0xfc)
[    7.810000]  r4:00000000
[    7.810000] [<c0012428>] (gpio_irq_handler+0x0/0xfc) from [<c005120c>] (generic_handle_irq+0x3c/0x48)
[    7.810000] [<c00511d0>] (generic_handle_irq+0x0/0x48) from [<c0009b08>] (handle_IRQ+0x64/0x88)
[    7.810000]  r4:00000012
[    7.810000] [<c0009aa4>] (handle_IRQ+0x0/0x88) from [<c0008510>] (at91_aic_handle_irq+0x30/0x38)
[    7.810000]  r5:60000013 r4:c00523fc
[    7.810000] [<c00084e0>] (at91_aic_handle_irq+0x0/0x38) from [<c0008eb4>] (__irq_svc+0x34/0x60)
[    7.810000] Exception stack(0xc3a11d60 to 0xc3a11da8)
[    7.810000] 1d60: 00000000 00000030 00000000 00000080 60000013 bf08f670 c3806900 c2c38b00
[    7.810000] 1d80: 00000030 c3806930 00000000 c3a11ddc c3a11d88 c3a11da8 c0054190 c00523fc
[    7.810000] 1da0: 60000013 ffffffff
[    7.810000] [<c00520c8>] (__setup_irq+0x0/0x458) from [<c0052764>] (request_threaded_irq+0xd8/0x134)
[    7.810000] [<c005268c>] (request_threaded_irq+0x0/0x134) from [<bf090978>] (ohci_hcd_at91_drv_probe+0x180/0x41c [ohci_hcd])
[    7.810000] [<bf0907f8>] (ohci_hcd_at91_drv_probe+0x0/0x41c [ohci_hcd]) from [<c0155b7c>] (platform_drv_probe+0x20/0x24)
[    7.810000] [<c0155b5c>] (platform_drv_probe+0x0/0x24) from [<c0154690>] (driver_probe_device+0xb8/0x20c)
[    7.810000] [<c01545d8>] (driver_probe_device+0x0/0x20c) from [<c015484c>] (__driver_attach+0x68/0x88)
[    7.810000]  r7:c3a11ea0 r6:bf0911d0 r5:c02cc964 r4:c02cc930
[    7.810000] [<c01547e4>] (__driver_attach+0x0/0x88) from [<c0152e58>] (bus_for_each_dev+0x5c/0x9c)
[    7.810000]  r6:bf0911d0 r5:c01547e4 r4:00000000
[    7.810000] [<c0152dfc>] (bus_for_each_dev+0x0/0x9c) from [<c01544c0>] (driver_attach+0x20/0x28)
[    7.810000]  r7:c02d7518 r6:00000000 r5:bf0911d0 r4:c2c10540
[    7.810000] [<c01544a0>] (driver_attach+0x0/0x28) from [<c01536cc>] (bus_add_driver+0xb4/0x22c)
[    7.810000] [<c0153618>] (bus_add_driver+0x0/0x22c) from [<c0154e9c>] (driver_register+0xa8/0x144)
[    7.810000]  r7:00000000 r6:bf0911d0 r5:bf09120c r4:bf049af0
[    7.810000] [<c0154df4>] (driver_register+0x0/0x144) from [<c0155f58>] (platform_driver_register+0x4c/0x60)
[    7.810000]  r7:00000000 r6:000ae190 r5:bf09120c r4:bf049af0
[    7.810000] [<c0155f0c>] (platform_driver_register+0x0/0x60) from [<bf093054>] (ohci_hcd_mod_init+0x54/0x8c [ohci_hcd])
[    7.810000] [<bf093000>] (ohci_hcd_mod_init+0x0/0x8c [ohci_hcd]) from [<c0008638>] (do_one_initcall+0xac/0x174)
[    7.810000]  r4:00006a4f
[    7.810000] [<c000858c>] (do_one_initcall+0x0/0x174) from [<c004fdc4>] (sys_init_module+0x7c/0x1a0)
[    7.810000] [<c004fd48>] (sys_init_module+0x0/0x1a0) from [<c0009260>] (ret_fast_syscall+0x0/0x2c)
[    7.810000]  r7:00000080 r6:000ad018 r5:00016eb8 r4:00006a4f
[    7.810000] Code: e24cb004 e59f3028 e1a02000 e7930180 (e5903028)
[    7.810000] ---[ end trace 85aa37ed128143b5 ]---
[    7.810000] Kernel panic - not syncing: Fatal exception in interrupt

Commit 6fffb77c (USB: ohci-at91: fix PIO handling in relation with number of
ports) started setting unused pins to EINVAL. But this exposed a bug in the
ohci_hcd_at91_overcurrent_irq function where the gpio was used without being
checked to see if it is valid.

This patches fixed the issue by adding the gpio valid check.

Signed-off-by: Joachim Eastwood <joachim.eastwood@jotron.com>
Cc: stable <stable@vger.kernel.org> # [3.4+] whereever 6fffb77c went
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-09-24 10:42:25 -07:00
..
accessibility
acpi ACPI / PM: Use KERN_DEBUG when no power resources are found 2012-09-14 20:54:44 +02:00
amba Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
ata ahci: Add identifiers for ASM106x devices 2012-09-13 00:24:29 -04:00
atm drivers/atm/iphase.c: fix error return code 2012-08-06 13:29:57 -07:00
auxdisplay
base mm: cma: fix alignment requirements for contiguous regions 2012-08-28 21:01:01 +02:00
bcma bcma: BCM43228 support 2012-08-02 13:51:46 -04:00
block Merge 3.6-rc6 into usb-next 2012-09-16 20:42:46 -07:00
bluetooth Bluetooth: Add support for Apple vendor-specific devices 2012-08-27 08:36:42 -05:00
cdrom
char drm/i915: fix hsw uncached pte 2012-08-17 09:21:35 +02:00
clk clk: validate pointer in __clk_disable() 2012-07-30 17:25:13 -07:00
clocksource cs5535-clockevt: typo, it's MFGPT, not MFPGT 2012-08-21 16:45:02 -07:00
connector
cpufreq Merge branch 'imx/fixes-for-3.6' of git://git.linaro.org/people/shawnguo/linux-2.6 into fixes 2012-08-23 17:02:42 +02:00
cpuidle cpuidle: Prevent null pointer dereference in cpuidle_coupled_cpu_notify 2012-08-17 19:37:08 +02:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2012-09-12 07:14:17 +08:00
dca
devfreq
dio
dma dma: tegra: enable/disable dma clock 2012-08-13 10:15:22 +05:30
edac Merge branch 'devel' 2012-07-29 21:11:05 -03:00
eisa
extcon This is the remaining MFD fixes for 3.6, with 5 pending fixes: 2012-09-16 13:22:21 -07:00
firewire - Small fixes and optimizations. 2012-07-30 09:32:39 -07:00
firmware This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
gpio gpio: rdc321x: Prevent removal of modules exporting active GPIOs 2012-09-01 12:52:24 +02:00
gpu drm/nouveau: fix booting with plymouth + dumb support 2012-09-14 15:45:01 +10:00
hid Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2012-09-07 12:29:38 -07:00
hsi
hv This patch series contains a major revamp of how we collect entropy 2012-07-31 19:07:42 -07:00
hwmon hwmon: (ina2xx) Fix word size register read and write operations 2012-09-12 06:42:11 -07:00
hwspinlock
i2c Merge branch 'i2c-embedded/for-current' of git://git.pengutronix.de/git/wsa/linux 2012-09-14 17:55:57 -07:00
ide ide: fix generic_ide_suspend/resume Oops 2012-08-21 14:54:42 -07:00
idle intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing it. 2012-08-17 19:37:14 +02:00
ieee802154
iio drivers/iio/adc/at91_adc.c: adjust inconsistent IS_ERR and PTR_ERR 2012-08-27 21:15:25 +01:00
infiniband Merge branches 'cma', 'ipoib', 'misc', 'mlx4', 'ocrdma', 'qib' and 'srp' into for-next 2012-08-16 09:38:39 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2012-09-08 16:20:59 -07:00
iommu iommu/amd: Fix wrong check for ARRAY_SIZE() 2012-08-10 11:34:08 +02:00
isdn mISDN: Fix wrong usage of flush_work_sync while holding locks 2012-09-13 14:58:54 -04:00
leds leds: renesas: fix error handling 2012-08-13 14:34:02 +08:00
lguest
macintosh
md md/raid10: fix problem with on-stack allocation of r10bio structure. 2012-08-18 09:51:42 +10:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-08-21 16:54:38 -07:00
memory
memstick
message drivers/message/i2o/i2o_config.c: bound allocation 2012-07-30 17:25:17 -07:00
mfd This is the remaining MFD fixes for 3.6, with 5 pending fixes: 2012-09-16 13:22:21 -07:00
misc drivers/misc/sgi-xp/xpc_uv.c: SGI XPC fails to load when cpu 0 is out of IRQ resources 2012-08-21 16:45:03 -07:00
mmc mmc: omap: fix broken PIO mode 2012-09-04 13:58:11 -04:00
mtd UBI: fix a horrible memory deallocation bug 2012-09-04 09:40:26 +03:00
net bnx2x: Add missing afex code 2012-09-13 16:37:52 -04:00
nfc
nubus
of dt: introduce for_each_available_child_of_node, of_get_next_available_child 2012-08-20 02:16:00 -07:00
oprofile
parisc PCI changes for the 3.6 merge window: 2012-07-24 16:17:07 -07:00
parport
pci PCI: Don't print anything while decoding is disabled 2012-08-23 10:53:08 -06:00
pcmcia Merge branch 'for-linus' of git://git.linaro.org/people/rmk/linux-arm 2012-07-27 15:14:26 -07:00
pinctrl pinctrl/nomadik: add kp_b_2 keyboard function group list 2012-08-17 11:09:58 +02:00
platform thinkpad_acpi: buffer overflow in fan_get_status() 2012-09-13 16:46:31 -04:00
pnp
power Merge branch 'for-linus-3.6' of git://dev.laptop.org/users/dilinger/linux-olpc 2012-08-02 11:52:39 -07:00
pps pps: return PTR_ERR on error in device_create 2012-07-30 17:25:21 -07:00
ps3
ptp
pwm pwm: pwm-tiehrpwm: Fix conflicting channel period setting 2012-09-10 17:04:38 +02:00
rapidio rapidio/tsi721: fix unused variable compiler warning 2012-08-21 16:45:03 -07:00
regulator This is the remaining MFD fixes for 3.6, with 5 pending fixes: 2012-09-16 13:22:21 -07:00
remoteproc A batch of remoteproc patches for 3.6: 2012-07-26 16:19:08 -07:00
rpmsg A batch of remoteproc patches for 3.6: 2012-07-26 16:19:08 -07:00
rtc Fixes for AT91 related to: 2012-08-27 17:07:37 -07:00
s390 s390/dasd: fix ioctl return value 2012-08-28 10:08:31 +02:00
sbus
scsi [SCSI] Fix 'Device not ready' issue on mpt2sas 2012-08-22 09:42:54 +04:00
sfi
sh sh: intc: Handle domain association for sparseirq pre-allocated vectors. 2012-08-09 13:21:05 +09:00
sn
spi Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2012-08-25 11:45:04 -07:00
ssb
staging USB: Serial: serqt_usb2.c: remove debug module parameter 2012-09-18 10:15:09 +01:00
target target: go through normal processing for zero-length REQUEST_SENSE 2012-09-07 11:32:54 -07:00
tc
thermal The tag contains just a few battery-related changes for v3.6. It's is 2012-07-31 18:08:25 -07:00
tty tty: serial: imx: don't reinit clock in imx_setup_ufcr() 2012-09-05 12:44:44 -07:00
uio
usb USB: ohci-at91: fix null pointer in ohci_hcd_at91_overcurrent_irq 2012-09-24 10:42:25 -07:00
uwb
vfio vfio: grab vfio_device reference *before* exposing the sucker via fd_install() 2012-08-22 10:26:42 -04:00
vhost tcm_vhost: Fix vhost_scsi_target structure alignment 2012-08-20 14:52:11 -07:00
video OMAPFB: fix framebuffer console colors 2012-08-23 12:37:22 +00:00
virt
virtio
vlynq
vme
w1 1-Wire: Add support for the maxim ds1825 temperature sensor 2012-08-16 12:33:59 -07:00
watchdog watchdog: da9052: Remove duplicate inclusion of delay.h 2012-08-29 17:13:06 +02:00
xen USB EHCI/Xen: propagate controller reset information to hypervisor 2012-09-18 17:20:48 +01:00
zorro
Kconfig vfio: VFIO core 2012-07-31 08:16:22 -06:00
Makefile vfio: VFIO core 2012-07-31 08:16:22 -06:00