android_kernel_oneplus_msm8998/drivers/base at 57efc49c752eaa294b457c8b0d4f647ac29448db - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

History

Srinivasarao P 603f8c63ad drivers: dma-removed: fix signedness issue Large values returned by bitmap_find_next_zero_area() can overflow and become negative when stored in signed variable 'pageno' that can lead to failure of condition 'pageno < dma_mem->nr_pages'. Due to this, Use-after-free issue is observed in bitmap_set(), When user requests to allocate large size buffer using ion calls. BUG: KASAN: use-after-free in bitmap_set+0x9c/0xd4 at addr ffffffe774946cc0 Read of size 8 by task syz-executor0/19717 page:ffffffbe5dd25180 count:0 mapcount:-127 mapping:(null) index:0xffffffe774947000 flags: 0x0() page dumped because: kasan: bad access detected page_owner info is not active (free page?) CPU: 3 PID: 19717 Comm: syz-executor0 Tainted: G W 4.4.78+ #1 Call trace: [<ffffffa10c68b6fc>] dump_backtrace+0x0/0x2fc [<ffffffa10c68ba1c>] show_stack+0x24/0x30 [<ffffffa10cc29a34>] dump_stack+0xdc/0x134 [<ffffffa10c8b2c10>] kasan_report+0x380/0x508 [<ffffffa10c8b1f38>] __asan_load8+0x24/0x80 [<ffffffa10cc42218>] bitmap_set+0x9c/0xd4 [<ffffffa10d15941c>] removed_alloc+0x188/0x5e4 [<ffffffa10dba4f40>] ion_cma_allocate+0x164/0x3e0 [<ffffffa10db9cef4>] __ion_alloc+0x368/0x1044 [<ffffffa10db9e0c8>] ion_ioctl+0x25c/0x6ac [<ffffffa10c8e2f40>] do_vfs_ioctl+0x844/0x9a8 [<ffffffa10c8e311c>] SyS_ioctl+0x78/0xbc [<ffffffa10c683730>] el0_svc_naked+0x24/0x28 Change-Id: Ibbaa451250bdfa9ce2a6e2cb9d2ee357ee0c8385 Signed-off-by: Srinivasarao P <spathi@codeaurora.org>		2018-09-13 22:08:39 -07:00
..
power	Merge android-4.4.114 (`fe09418`) into msm-4.4	2018-02-01 14:02:45 +05:30
regmap	Merge android-4.4.129 (`b1c4836`) into msm-4.4	2018-04-24 19:07:57 +05:30
attribute_container.c
base.h
bus.c	driver core: bus: Fix a potential double free	2017-09-13 14:09:44 -07:00
cacheinfo.c	drivers: base: cacheinfo: fix boot error message when acpi is enabled	2018-01-31 12:06:08 +01:00
class.c
component.c
container.c
core.c	Merge android-4.4.139 (`7ba5557`) into msm-4.4	2018-07-03 12:24:56 -07:00
cpu.c	Merge android-4.4.148 (`f057ff9`) into msm-4.4	2018-08-24 00:07:01 +05:30
dd.c	Merge android-4.4.145 (`05670d3`) into msm-4.4	2018-08-03 17:06:33 +05:30
devcoredump.c
devres.c
devtmpfs.c
dma-coherent.c
dma-contiguous.c
dma-mapping.c	Merge tag 'lsk-v4.4-16.12-android' into branch 'msm-4.4'	2017-02-28 17:10:49 -08:00
dma-removed.c	drivers: dma-removed: fix signedness issue	2018-09-13 22:08:39 -07:00
driver.c
firmware.c
firmware_class.c	firmware_class: make firmware caching configurable	2018-07-17 03:21:57 -07:00
hypervisor.c
init.c
isa.c	isa: Prevent NULL dereference in isa_bus driver callbacks	2017-12-16 10:33:48 +01:00
Kconfig	firmware_class: make firmware caching configurable	2018-07-17 03:21:57 -07:00
Makefile
map.c
memory.c	arm64: Add "remove" probe driver for memory hot-remove	2017-11-22 08:14:26 +05:30
module.c
node.c
pinctrl.c
platform-msi.c
platform.c	Merge android-4.4@73a2b70 (v4.4.92) into msm-4.4	2017-10-20 02:11:57 -07:00
property.c
soc.c
syscore.c
topology.c
transport_class.c