MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-26 10:30:09 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
git.kernel.org/linux-stable/linux-4.20.y
linux-imx/drivers
History
Zha Bin 9ad64a53fd vhost/vsock: fix vhost vsock cid hashing inconsistent 
commit 7fbe078c37 upstream.

The vsock core only supports 32bit CID, but the Virtio-vsock spec define
CID (dst_cid and src_cid) as u64 and the upper 32bits is reserved as
zero. This inconsistency causes one bug in vhost vsock driver. The
scenarios is:

  0. A hash table (vhost_vsock_hash) is used to map an CID to a vsock
  object. And hash_min() is used to compute the hash key. hash_min() is
  defined as:
  (sizeof(val) <= 4 ? hash_32(val, bits) : hash_long(val, bits)).
  That means the hash algorithm has dependency on the size of macro
  argument 'val'.
  0. In function vhost_vsock_set_cid(), a 64bit CID is passed to
  hash_min() to compute the hash key when inserting a vsock object into
  the hash table.
  0. In function vhost_vsock_get(), a 32bit CID is passed to hash_min()
  to compute the hash key when looking up a vsock for an CID.

Because the different size of the CID, hash_min() returns different hash
key, thus fails to look up the vsock object for an CID.

To fix this bug, we keep CID as u64 in the IOCTLs and virtio message
headers, but explicitly convert u64 to u32 when deal with the hash table
and vsock core.

Fixes: 834e772c8d ("vhost/vsock: fix use-after-free in network stack callers")
Link: https://github.com/stefanha/virtio/blob/vsock/trunk/content.tex
Signed-off-by: Zha Bin <zhabin@linux.alibaba.com>
Reviewed-by: Liu Jiang <gerry@linux.alibaba.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Shengjing Zhu <i@zhsj.me>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-19 13:11:56 +01:00
..
accessibility
acpi ACPI: EC: Look for ECDT EC after calling acpi_load_tables() 2019-02-27 10:09:49 +01:00
amba
android binder: create node flag to request sender's security context 2019-03-10 07:10:09 +01:00
ata libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD 2019-02-15 08:11:03 +01:00
atm atm: he: fix sign-extension overflow on large shift 2019-02-27 10:09:50 +01:00
auxdisplay auxdisplay: charlcd: fix x/y command parsing 2018-12-21 21:27:21 +01:00
base driver core: Postpone DMA tear-down until after devres release 2019-03-10 07:10:09 +01:00
bcma
block block/swim3: Fix regression on PowerBook G3 2019-02-12 20:02:31 +01:00
bluetooth Bluetooth: btrtl: Restore old logic to assume firmware is already loaded 2019-03-10 07:10:16 +01:00
bus ARM: SoC driver updates for 4.17 2018-10-29 15:16:01 -07:00
cdrom gdrom: fix a memory leak bug 2019-02-12 20:02:30 +01:00
char applicom: Fix potential Spectre v1 vulnerabilities 2019-03-10 07:10:15 +01:00
clk clk: qcom: gcc: Use active only source for CPUSS clocks 2019-03-13 14:04:01 -07:00
clocksource clocksource/drivers/integrator-ap: Add missing of_node_put() 2019-01-26 09:20:49 +01:00
connector connector: fix unsafe usage of ->real_parent 2019-03-19 13:11:52 +01:00
cpufreq cpufreq: Use struct kobj_attribute instead of struct global_attr 2019-03-10 07:10:08 +01:00
cpuidle cpuidle: big.LITTLE: fix refcount leak 2019-02-12 20:02:17 +01:00
crypto crypto: ccree - add missing inline qualifier 2019-03-05 17:59:44 +01:00
dax mm, devm_memremap_pages: fix shutdown handling 2019-01-13 09:24:03 +01:00
dca
devfreq PM / devfreq: remove redundant null pointer check before kfree 2018-10-02 10:16:41 +09:00
dio
dma dmaengine: dmatest: Abort test in case of mapping error 2019-03-13 14:04:15 -07:00
dma-buf udmabuf: set read/write flag when exporting 2018-11-16 08:50:53 +01:00
edac EDAC, altera: Fix S10 persistent register offset 2019-01-31 08:15:41 +01:00
eisa
extcon
firewire
firmware iscsi_ibft: Fix missing break in switch statement 2019-03-13 14:04:18 -07:00
fmc
fpga fpga: altera-cvp: fix 'bad IO access' on x86_64 2019-02-12 20:02:07 +01:00
fsi fsi: fsi-scom.c: Remove duplicate header 2018-11-26 10:13:04 +11:00
gnss gnss: sirf: fix premature wakeup interrupt enable 2019-03-10 07:10:15 +01:00
gpio gpio: vf610: Mask all GPIO interrupts 2019-03-13 14:04:04 -07:00
gpu drm: Block fb changes for async plane updates 2019-03-19 13:11:56 +01:00
hid HID: i2c-hid: Disable runtime PM on Goodix touchpad 2019-03-05 17:59:36 +01:00
hsi
hv vmbus: fix subchannel removal 2019-01-31 08:15:45 +01:00
hwmon hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table 2019-02-27 10:09:50 +01:00
hwspinlock
hwtracing coresight: tmc: Fix bad register address for CLAIM 2019-01-26 09:20:44 +01:00
i2c i2c: omap: Use noirq system sleep pm ops to idle device for suspend 2019-03-13 14:04:16 -07:00
ide ide: fix a typo in the settings proc file name 2019-01-31 08:15:46 +01:00
idle Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 13:32:18 +01:00
iio iio: ti-ads8688: Update buffer allocation for timestamps 2019-02-15 08:11:04 +01:00
infiniband IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start 2019-03-13 14:04:02 -07:00
input Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 2019-03-13 14:04:18 -07:00
iommu iommu/amd: Fix IOMMU page flush when detach device from a domain 2019-03-13 14:04:01 -07:00
ipack
irqchip irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable 2019-03-13 14:04:12 -07:00
isdn isdn: avm: Fix string plus integer warning from Clang 2019-02-27 10:09:52 +01:00
leds leds: lp5523: fix a missing check of return value of lp55xx_read 2019-02-27 10:09:50 +01:00
lightnvm lightnvm: Fix uninitialized return value in nvm_get_chunk_meta() 2019-02-12 20:02:18 +01:00
macintosh memblock: stop using implicit alignment to SMP_CACHE_BYTES 2018-10-31 08:54:16 -07:00
mailbox - Convert print users to use the %pOFn format specifier 2018-10-29 10:30:44 -07:00
mcb
md It's wrong to add len to sector_nr in raid10 reshape twice 2019-03-19 13:11:56 +01:00
media media: Revert "media: rc: some events are dropped by userspace" 2019-03-13 14:04:19 -07:00
memory
memstick memstick: Prevent memstick host from getting runtime suspended during card detection 2019-02-12 20:02:20 +01:00
message
mfd mfd: mc13xxx: Fix a missing check of a register-read failure 2019-02-27 10:09:44 +01:00
misc eeprom: at24: add support for 24c2048 2019-02-20 10:29:00 +01:00
mmc mmc: sdhci-esdhc-imx: correct the fix of ERR004536 2019-03-05 17:59:43 +01:00
mtd mtd: rawnand: gpmi: fix MX28 bus master lockup problem 2019-02-15 08:11:03 +01:00
mux This is the bulk of GPIO changes for the v4.20 series: 2018-10-23 08:45:05 +01:00
net bonding: fix PACKET_ORIGDEV regression 2019-03-19 13:11:55 +01:00
nfc NFC: nfcmrvl_uart: fix OF child-node lookup 2018-10-23 13:28:53 -05:00
ntb ntb: idt: Alter the driver info comments 2018-11-01 10:33:12 -04:00
nubus
nvdimm mm, devm_memremap_pages: fix shutdown handling 2019-01-13 09:24:03 +01:00
nvme nvme-pci: add missing unlock for reset error 2019-03-13 14:04:17 -07:00
nvmem nvmem: core: fix regression in of_nvmem_cell_get() 2018-11-11 09:15:29 -08:00
of of: overlay: do not duplicate properties from overlay for new nodes 2019-02-06 17:27:45 +01:00
opp OPP: Use opp_table->regulators to verify no regulator case 2019-02-12 20:02:18 +01:00
oprofile
parisc parisc: Add alternative coding infrastructure 2018-10-17 17:22:26 +02:00
parport
pci Revert "PCI/PME: Implement runtime PM callbacks" 2019-03-13 14:04:19 -07:00
pcmcia powerpc updates for 4.20 2018-10-26 14:36:21 -07:00
perf perf: arm_spe: handle devm_kasprintf() failure 2019-02-12 20:02:12 +01:00
phy phy: ath79-usb: Fix the main reset name to match the DT binding 2019-03-05 17:59:37 +01:00
pinctrl pinctrl: mcp23s08: spi: Fix regmap allocation for mcp23s18 2019-03-13 14:04:10 -07:00
platform platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 2019-03-13 14:04:07 -07:00
pnp
power power: supply: olpc_battery: correct the temperature units 2019-01-13 09:24:09 +01:00
powercap Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 13:32:18 +01:00
pps
ps3
ptp ptp: Fix pass zero to ERR_PTR() in ptp_clock_register 2019-02-12 20:02:10 +01:00
pwm pwm: lpss: Only set update bit if we are actually changing the settings 2018-10-16 13:16:15 +02:00
rapidio
ras
regulator regulator: Regulator updates for next release 2018-10-23 01:54:44 +01:00
remoteproc virtio: don't allocate vqs when names[i] = NULL 2019-01-22 21:09:52 +01:00
reset ARM: SoC driver updates for 4.17 2018-10-29 15:16:01 -07:00
rpmsg rpmsg: glink: smem: Support rx peak for size less than 4 bytes 2018-10-03 17:04:32 -07:00
rtc rtc: m41t80: Correct alarm month range with RTC reads 2019-01-09 17:46:04 +01:00
s390 s390/qeth: conclude all event processing before offlining a card 2019-03-13 14:04:15 -07:00
sbus drivers/sbus/char: add of_node_put() 2018-12-02 20:55:23 -08:00
scsi scsi: aacraid: Fix missing break in switch statement 2019-03-13 14:04:18 -07:00
sfi mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
sh
siox
slimbus slimbus: ngd: remove unnecessary check 2018-11-07 14:59:28 +01:00
sn
soc soc: fsl: qbman: avoid race in clearing QMan interrupt 2019-03-13 14:04:10 -07:00
soundwire
spi spi: fix spi-at91-usart.c build errors when PINCTRL is not set 2019-02-12 20:02:13 +01:00
spmi
ssb ssb: chipcommon: fix fall-through annotation 2018-10-05 11:37:20 +03:00
staging staging: erofs: keep corrupted fs from crashing kernel in erofs_namei() 2019-03-13 14:04:20 -07:00
target scsi: tcmu: avoid cmd/qfull timers updated whenever a new cmd comes 2019-02-27 10:09:47 +01:00
tc TC: Set DMA masks for devices 2018-10-11 09:16:44 -07:00
tee tee: optee: avoid possible double list_del() 2019-02-12 20:02:18 +01:00
thermal drivers: thermal: int340x_thermal: Fix sysfs race condition 2019-03-05 17:59:38 +01:00
thunderbolt thunderbolt: Prevent root port runtime suspend during NVM upgrade 2018-11-26 20:38:49 +01:00
tty serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling 2019-03-05 17:59:39 +01:00
uio uio_hv_generic: set callbacks on open 2018-12-11 14:23:17 +01:00
usb usb: dwc3: exynos: Fix error handling of clk_prepare_enable 2019-03-13 14:04:12 -07:00
uwb
vfio vfio/type1: Fix unmap overflow off-by-one 2019-01-16 22:03:24 +01:00
vhost vhost/vsock: fix vhost vsock cid hashing inconsistent 2019-03-19 13:11:56 +01:00
video backlight: pwm_bl: Fix devicetree parsing with auto-generated brightness tables 2019-02-27 10:09:42 +01:00
virt vbox: fix link error with 'gcc -Og' 2019-02-12 20:02:07 +01:00
virtio virtio-balloon: tweak config_changed implementation 2019-01-22 21:09:52 +01:00
visorbus
vlynq
vme
w1 w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). 2018-10-15 20:50:32 +02:00
watchdog watchdog: mt7621_wdt/rt2880_wdt: Fix compilation problem 2019-02-27 10:09:45 +01:00
xen pvcalls-front: fix potential null dereference 2019-02-27 10:09:49 +01:00
zorro
Kconfig
Makefile