android_kernel_oneplus_msm8998/drivers/tty at 592203a5ae4bc0387e6b835768a7a7b3e2ce9c14 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

History

Peter Hurley d62ea94957 tty: Prevent ldisc drivers from re-using stale tty fields Line discipline drivers may mistakenly misuse ldisc-related fields when initializing. For example, a failure to initialize tty->receive_room in the N_GIGASET_M101 line discipline was recently found and fixed [1]. Now, the N_X25 line discipline has been discovered accessing the previous line discipline's already-freed private data [2]. Harden the ldisc interface against misuse by initializing revelant tty fields before instancing the new line discipline. [1] commit `fd98e9419d` Author: Tilman Schmidt <tilman@imap.cc> Date: Tue Jul 14 00:37:13 2015 +0200 isdn/gigaset: reset tty->receive_room when attaching ser_gigaset [2] Report from Sasha Levin <sasha.levin@oracle.com> [ 634.336761] ================================================================== [ 634.338226] BUG: KASAN: use-after-free in x25_asy_open_tty+0x13d/0x490 at addr ffff8800a743efd0 [ 634.339558] Read of size 4 by task syzkaller_execu/8981 [ 634.340359] ============================================================================= [ 634.341598] BUG kmalloc-512 (Not tainted): kasan: bad access detected ... [ 634.405018] Call Trace: [ 634.405277] dump_stack (lib/dump_stack.c:52) [ 634.405775] print_trailer (mm/slub.c:655) [ 634.406361] object_err (mm/slub.c:662) [ 634.406824] kasan_report_error (mm/kasan/report.c:138 mm/kasan/report.c:236) [ 634.409581] __asan_report_load4_noabort (mm/kasan/report.c:279) [ 634.411355] x25_asy_open_tty (drivers/net/wan/x25_asy.c:559 (discriminator 1)) [ 634.413997] tty_ldisc_open.isra.2 (drivers/tty/tty_ldisc.c:447) [ 634.414549] tty_set_ldisc (drivers/tty/tty_ldisc.c:567) [ 634.415057] tty_ioctl (drivers/tty/tty_io.c:2646 drivers/tty/tty_io.c:2879) [ 634.423524] do_vfs_ioctl (fs/ioctl.c:43 fs/ioctl.c:607) [ 634.427491] SyS_ioctl (fs/ioctl.c:622 fs/ioctl.c:613) [ 634.427945] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188) Change-Id: Idc6b27fb0b73b9057541ecc02c6c2aac46b50ffc Cc: Tilman Schmidt <tilman@imap.cc> Cc: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Git-repo: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git Git-commit: dd42bf1197144ede075a9d4793123f7689e164bc Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>		2016-11-18 16:57:49 -08:00
..
hvc
ipwireless
serial	Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4	2016-10-28 10:48:35 -07:00
vt	tty/vt/keyboard: fix OOB access in do_compute_shiftstate()	2016-07-27 09:47:37 -07:00
amiserial.c
bfin_jtag_comm.c
cyclades.c
ehv_bytechan.c
goldfish.c
isicom.c
Kconfig
Makefile
metag_da.c
mips_ejtag_fdc.c
moxa.c
moxa.h
mxser.c
mxser.h
n_gsm.c	TTY: n_gsm, fix false positive WARN_ON	2016-06-01 12:15:52 -07:00
n_hdlc.c	Fix OpenSSH pty regression on close	2016-06-01 12:15:52 -07:00
n_r3964.c
n_tracerouter.c
n_tracesink.c
n_tracesink.h
n_tty.c	Fix OpenSSH pty regression on close	2016-06-01 12:15:52 -07:00
nozomi.c
pty.c	Fix OpenSSH pty regression on close	2016-06-01 12:15:52 -07:00
rocket.c
rocket.h
rocket_int.h
synclink.c
synclink_gt.c
synclinkmp.c
sysrq.c	sysrq: Fix warning in sysrq generated crash.	2016-09-24 03:43:50 -07:00
tty_audit.c
tty_buffer.c	Fix OpenSSH pty regression on close	2016-06-01 12:15:52 -07:00
tty_io.c
tty_ioctl.c
tty_ldisc.c	tty: Prevent ldisc drivers from re-using stale tty fields	2016-11-18 16:57:49 -08:00
tty_ldsem.c
tty_mutex.c
tty_port.c