OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers/pci
History
Jubin Zhong be23b04074 PCI: Fix pci_slot_release() NULL pointer dereference 
commit 4684709bf81a2d98152ed6b610e3d5c403f9bced upstream.

If kobject_init_and_add() fails, pci_slot_release() is called to delete
slot->list from parent->slots.  But slot->list hasn't been initialized
yet, so we dereference a NULL pointer:

  Unable to handle kernel NULL pointer dereference at virtual address
00000000
  ...
  CPU: 10 PID: 1 Comm: swapper/0 Not tainted 4.4.240 #197
  task: ffffeb398a45ef10 task.stack: ffffeb398a470000
  PC is at __list_del_entry_valid+0x5c/0xb0
  LR is at pci_slot_release+0x84/0xe4
  ...
  __list_del_entry_valid+0x5c/0xb0
  pci_slot_release+0x84/0xe4
  kobject_put+0x184/0x1c4
  pci_create_slot+0x17c/0x1b4
  __pci_hp_initialize+0x68/0xa4
  pciehp_probe+0x1a4/0x2fc
  pcie_port_probe_service+0x58/0x84
  driver_probe_device+0x320/0x470

Initialize slot->list before calling kobject_init_and_add() to avoid this.

Fixes: 8a94644b44 ("PCI: Fix pci_create_slot() reference count leak")
Link: https://lore.kernel.org/r/1606876422-117457-1-git-send-email-zhongjubin@huawei.com
Signed-off-by: Jubin Zhong <zhongjubin@huawei.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org	# v5.9+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-12-30 11:51:47 +01:00
..
controller PCI: iproc: Fix out-of-bound array accesses 2020-12-30 11:51:14 +01:00
endpoint
hotplug PCI: pciehp: Fix MSI interrupt race 2020-10-01 13:17:52 +02:00
pcie PCI/ASPM: Add missing newline in sysfs 'policy' 2020-08-19 08:16:13 +02:00
switch
Kconfig pci-v5.4-changes 2019-09-23 19:16:01 -07:00
Makefile
access.c PCI: Fix pci_cfg_wait queue locking problem 2020-08-19 08:16:11 +02:00
ats.c PCI: Fix typos and whitespace errors 2019-07-09 07:24:53 -05:00
bus.c PCI: Add device even if driver attach failed 2020-08-21 13:05:20 +02:00
ecam.c
host-bridge.c
iov.c PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY 2020-10-29 09:57:54 +01:00
irq.c PCI: Use IRQF_ONESHOT if pci_request_irq() called with no handler 2018-07-31 10:43:43 -05:00
mmap.c
msi.c
of.c PCI: OF: Correct of_irq_parse_pci() documentation 2019-08-30 14:00:34 -05:00
p2pdma.c
pci-acpi.c PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() 2020-12-30 11:51:32 +01:00
pci-bridge-emul.c PCI: pci-bridge-emul: Fix PCIe bit conflicts 2020-06-24 17:50:15 +02:00
pci-bridge-emul.h
pci-driver.c
pci-label.c
pci-mid.c
pci-pf-stub.c
pci-stub.c
pci-sysfs.c
pci.c PCI: Fix overflow in command-line resource alignment requests 2020-12-30 11:51:14 +01:00
pci.h
probe.c PCI: Fix pci_register_host_bridge() device_register() error handling 2020-06-24 17:50:27 +02:00
proc.c Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
quirks.c PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken 2020-08-21 13:05:20 +02:00
remove.c
rom.c PCI: Use ioremap(), not phys_to_virt() for platform ROM 2020-10-01 13:17:51 +02:00
search.c
setup-bus.c PCI: Avoid double hpmemsize MMIO window assignment 2020-10-01 13:17:19 +02:00
setup-irq.c
setup-res.c PCI: Allow pci_resize_resource() for devices on root bus 2020-06-24 17:50:11 +02:00
slot.c PCI: Fix pci_slot_release() NULL pointer dereference 2020-12-30 11:51:47 +01:00
syscall.c
vc.c Merge branch 'pci/trivial' 2019-09-23 16:10:31 -05:00
vpd.c PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port 2019-09-16 14:10:09 +01:00
xen-pcifront.c Merge branch 'pci/printk' 2019-05-13 18:34:46 -05:00