android_kernel_oneplus_msm8998/drivers
Julius Werner 837bfdb413 drivers: char: mem: Check for address space wraparound with mmap()
commit b299cde245b0b76c977f4291162cf668e087b408 upstream.

/dev/mem currently allows mmap() mappings that wrap around the end of
the physical address space, which should probably be illegal. It
circumvents the existing STRICT_DEVMEM permission check because the loop
immediately terminates (as the start address is already higher than the
end address). On the x86_64 architecture it will then cause a panic
(from the BUG(start >= end) in arch/x86/mm/pat.c:reserve_memtype()).

This patch adds an explicit check to make sure offset + size will not
wrap around in the physical address type.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-25 14:30:18 +02:00
..
accessibility
acpi ACPI / power: Avoid maybe-uninitialized warning 2017-04-27 09:09:33 +02:00
amba
android ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct 2016-11-10 16:36:33 +01:00
ata libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices 2017-02-09 08:02:45 +01:00
atm
auxdisplay
base base/memory, hotplug: fix a kernel oops in show_valid_zones() 2017-02-09 08:02:47 +01:00
bcma bcma: use (get|put)_device when probing/removing device driver 2017-03-12 06:37:30 +01:00
block drbd: avoid redefinition of BITS_PER_PAGE 2017-05-08 07:46:01 +02:00
bluetooth Bluetooth: hci_intel: add missing tty-device sanity check 2017-05-20 14:27:02 +02:00
bus bus: vexpress-config: fix device reference leak 2017-01-19 20:17:22 +01:00
cdrom
char drivers: char: mem: Check for address space wraparound with mmap() 2017-05-25 14:30:18 +02:00
clk clk: Make x86/ conditional on CONFIG_COMMON_CLK 2017-05-14 13:32:55 +02:00
clocksource clocksource/exynos_mct: Clear interrupt when cpu is shut down 2017-01-26 08:23:48 +01:00
connector connector: bump skb->users before callback invocation 2016-01-04 21:46:45 -05:00
cpufreq cpufreq: Restore policy min/max limits on CPU online 2017-03-30 09:35:18 +02:00
cpuidle ARM: cpuidle: Fix error return code 2016-10-16 17:36:15 +02:00
crypto crypto: caam - fix RNG deinstantiation error checking 2017-04-18 07:14:36 +02:00
dca
devfreq
dio
dma dmaengine: ipu: Make sure the interrupt routine checks all interrupts. 2017-03-12 06:37:30 +01:00
dma-buf
edac EDAC: Increment correct counter in edac_inc_ue_error() 2016-09-07 08:32:41 +02:00
eisa
extcon extcon: max77843: Use correct size for reading the interrupt register 2016-05-04 14:48:54 -07:00
firewire firewire: net: fix fragmented datagram_size off-by-one 2016-11-10 16:36:35 +01:00
firmware efi: Expose non-blocking set_variable() wrapper to efivars 2016-05-04 14:48:49 -07:00
fmc
fpga
gpio gpio: mpc8xxx: Correct irq handler function 2016-10-28 03:01:25 -04:00
gpu drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2 2017-05-25 14:30:17 +02:00
hid HID: wacom: Fix poor prox handling in 'wacom_pl_irq' 2017-02-09 08:02:46 +01:00
hsi
hv hv: don't reset hv_context.tsc_page on crash 2017-04-27 09:09:34 +02:00
hwmon hwmon: (g762) Fix overflows and crash seen when writing limit attributes 2017-01-12 11:22:48 +01:00
hwspinlock drivers/hwspinlock: fix race between radix tree insertion and lookup 2016-02-25 12:01:23 -08:00
hwtracing intel_th: Fix a deadlock in modprobing 2016-08-10 11:49:30 +02:00
i2c i2c: fix kernel memory disclosure in dev interface 2017-01-19 20:17:20 +01:00
ide
idle intel_idle: Support for Intel Xeon Phi Processor x200 Product Family 2016-09-15 08:27:46 +02:00
iio iio: proximity: as3935: fix as3935_write 2017-05-25 14:30:13 +02:00
infiniband infiniband: call ipv6 route lookup via the stub interface 2017-05-25 14:30:07 +02:00
input Input: i8042 - add Clevo P650RS to the i8042 reset list 2017-05-02 21:19:55 -07:00
iommu iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings 2017-05-25 14:30:16 +02:00
ipack
irqchip irqchip/irq-imx-gpcv2: Fix spinlock initialization 2017-04-21 09:30:06 +02:00
isdn isdn/gigaset: fix NULL-deref at probe 2017-03-26 12:13:19 +02:00
leds leds: ktd2692: avoid harmless maybe-uninitialized warning 2017-05-14 13:32:55 +02:00
lguest
lightnvm lightnvm: put bio before return 2016-09-24 10:07:35 +02:00
macintosh
mailbox
mcb mcb: Fixed bar number assignment for the gdd 2016-06-01 12:15:53 -07:00
md md: update slab_cache before releasing new stripes when stripes resizing 2017-05-25 14:30:08 +02:00
media xc2028: Fix use-after-free bug properly 2017-05-25 14:30:15 +02:00
memory memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing 2016-07-27 09:47:35 -07:00
memstick memstick: rtsx_usb_ms: Manage runtime PM when accessing the device 2016-10-28 03:01:35 -04:00
message
mfd mfd: core: Fix device reference leak in mfd_clone_cell 2016-11-26 09:54:53 +01:00
misc mei: bus: fix mei_cldev_enable KDoc 2017-01-12 11:22:47 +01:00
mmc mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card 2017-04-27 09:09:33 +02:00
mtd mtd: avoid stack overflow in MTD CFI code 2017-05-08 07:46:01 +02:00
net net: irda: irda-usb: fix firmware name on big-endian hosts 2017-05-25 14:30:12 +02:00
nfc mei: bus: fix received data size check in NFC fixup 2016-11-18 10:48:36 +01:00
ntb ntb_transport: Pick an unused queue 2017-02-23 17:43:10 +01:00
nubus
nvdimm libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat 2017-04-21 09:30:06 +02:00
nvme nvme: Call pci_disable_device on the error path. 2016-09-15 08:27:51 +02:00
nvmem nvmem: mxs-ocotp: fix buffer overflow in read 2016-05-11 11:21:21 +02:00
of of: fix sparse warning in of_pci_range_parser_one 2017-05-25 14:30:10 +02:00
oprofile
parisc
parport parport: fix attempt to write duplicate procfiles 2017-03-30 09:35:17 +02:00
pci PCI: Freeze PME scan before suspending devices 2017-05-25 14:30:17 +02:00
pcmcia pcmcia: db1xxx_ss: fix last irq_to_gpio user 2016-04-20 15:42:09 +09:00
perf drivers/perf: arm_pmu: Fix leak in error path 2016-10-07 15:23:41 +02:00
phy phy: qcom-usb-hs: Add depends on EXTCON 2017-05-14 13:32:57 +02:00
pinctrl pinctrl: qcom: Don't clear status bit on irq_unmask 2017-03-31 09:49:53 +02:00
platform platform/x86: acer-wmi: setup accelerometer when machine has appropriate notify event 2017-04-21 09:30:07 +02:00
pnp PNP: Add Broadwell to Intel MCH size workaround 2016-08-16 09:30:48 +02:00
power power: supply: bq24190_charger: Handle fault before status on interrupt 2017-05-14 13:32:54 +02:00
powercap
pps pps: do not crash when failed to register 2016-08-10 11:49:25 +02:00
ps3
ptp
pwm pwm: pca9685: Fix period change with same duty cycle 2017-03-15 09:57:14 +08:00
rapidio
ras
regulator regulator: tps65023: Fix inverted core enable logic. 2017-05-25 14:30:09 +02:00
remoteproc remoteproc: Fix potential race condition in rproc_add 2016-08-20 18:09:20 +02:00
reset
rpmsg
rtc rtc: tegra: Implement clock handling 2017-04-21 09:30:07 +02:00
s390 s390/zcrypt: Introduce CEX6 toleration 2017-03-30 09:35:20 +02:00
sbus
scsi scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m 2017-05-14 13:32:57 +02:00
sfi
sh drivers: sh: Restore legacy clock domain on SuperH platforms 2016-03-09 15:34:49 -08:00
sn
soc soc: qcom/spm: shut up uninitialized variable warning 2016-09-24 10:07:42 +02:00
spi spi: mvebu: fix baudrate calculation for armada variant 2017-01-15 13:41:36 +01:00
spmi
ssb ssb: Fix error routine when fallback SPROM fails 2017-01-09 08:07:42 +01:00
staging staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD. 2017-05-25 14:30:16 +02:00
target iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement 2017-05-20 14:26:58 +02:00
tc
thermal thermal: hwmon: Properly report critical temperature in sysfs 2017-01-09 08:07:44 +01:00
thunderbolt thunderbolt: Fix double free of drom buffer 2016-06-01 12:15:53 -07:00
tty tty: pty: Fix ldisc flush after userspace become aware of the data already 2017-05-20 14:27:02 +02:00
uio uio: fix dmem_region_start computation 2016-10-31 04:13:59 -06:00
usb USB: hub: fix non-SS hub-descriptor handling 2017-05-25 14:30:13 +02:00
uwb uwb: fix device quirk on big-endian hosts 2017-05-25 14:30:17 +02:00
vfio vfio/type1: Remove locked page accounting workqueue 2017-05-20 14:27:00 +02:00
vhost vhost/scsi: fix reuse of &vq->iov[out] in response 2016-09-15 08:27:53 +02:00
video xen, fbfront: fix connecting to backend 2017-04-21 09:30:06 +02:00
virt
virtio virtio_balloon: init 1st buffer in stats vq 2017-03-31 09:49:53 +02:00
vlynq
vme vme: Fix wrong pointer utilization in ca91cx42_slave_get 2017-01-19 20:17:21 +01:00
w1 w1: ds2490: USB transfer buffers need to be DMAable 2017-03-12 06:37:29 +01:00
watchdog watchdog: pcwd_usb: fix NULL-deref at probe 2017-05-25 14:30:07 +02:00
xen xen/acpi: upload PM state from init-domain to Xen 2017-03-30 09:35:18 +02:00
zorro
Kconfig
Makefile usb: Make sure usb/phy/of gets built-in 2017-05-20 14:26:59 +02:00