evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers
History
Benjamin Tissoires fdab04c119 Input: elan_i2c_smbus - fix corrupted stack 
commit 40f7090bb1b4ec327ea1e1402ff5783af5b35195 upstream.

New ICs (like the one on the Lenovo T480s) answer to
ETP_SMBUS_IAP_VERSION_CMD 4 bytes instead of 3. This corrupts the stack
as i2c_smbus_read_block_data() uses the values returned by the i2c
device to know how many data it need to return.

i2c_smbus_read_block_data() can read up to 32 bytes (I2C_SMBUS_BLOCK_MAX)
and there is no safeguard on how many bytes are provided in the return
value. Ensure we always have enough space for any future firmware.
Also 0-initialize the values to prevent any access to uninitialized memory.

Cc: <stable@vger.kernel.org> # v4.4.x, v4.9.x, v4.14.x, v4.15.x, v4.16.x
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Acked-by: KT Liao <kt.liao@emc.com.tw>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-06-06 16:46:20 +02:00
..
accessibility
acpi ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c 2018-05-30 07:49:11 +02:00
amba ARM: amba: Don't read past the end of sysfs "driver_override" buffer 2018-05-02 07:53:42 -07:00
android binder: add missing binder_unlock() 2018-02-28 10:17:23 +01:00
ata libata: blacklist Micron 500IT SSD with MU01 firmware 2018-05-30 07:48:51 +02:00
atm atm: zatm: Fix potential Spectre v1 2018-05-16 10:06:52 +02:00
auxdisplay
base regmap: Fix reversed bounds check in regmap_raw_write() 2018-04-24 09:32:06 +02:00
bcma
block cdrom: do not call check_disk_change() inside cdrom_open() 2018-05-30 07:49:13 +02:00
bluetooth Bluetooth: btusb: Add device ID for RTL8822BE 2018-05-30 07:49:17 +02:00
bus bus: brcmstb_gisb: correct support for 64-bit address output 2018-04-13 19:50:05 +02:00
cdrom cdrom: do not call check_disk_change() inside cdrom_open() 2018-05-30 07:49:13 +02:00
char hwrng: stm32 - add reset during probe 2018-05-30 07:49:14 +02:00
clk clk: samsung: exynos3250: Fix PLL rates 2018-05-30 07:49:16 +02:00
clocksource clocksource/drivers/fsl_ftm_timer: Fix error return checking 2018-05-30 07:49:01 +02:00
connector
cpufreq cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path 2018-05-30 07:49:11 +02:00
cpuidle cpuidle: coupled: remove unused define cpuidle_coupled_lock 2018-05-26 08:48:53 +02:00
crypto crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss 2018-05-30 07:49:16 +02:00
dca
devfreq PM / devfreq: Propagate error from devfreq_add_device() 2018-02-22 15:44:58 +01:00
dio
dma dmaengine: pl330: fix a race condition in case of threaded irqs 2018-05-30 07:49:14 +02:00
dma-buf
edac EDAC, mv64x60: Fix an error handling path 2018-04-13 19:50:23 +02:00
eisa
extcon extcon: palmas: Check the parent instance to prevent the NULL 2017-11-21 09:21:18 +01:00
firewire firewire-ohci: work around oversized DMA reads on JMicron controllers 2018-05-30 07:48:52 +02:00
firmware firmware: dmi_scan: Fix handling of empty DMI strings 2018-05-30 07:48:56 +02:00
fmc
fpga
gpio gpio: rcar: Add Runtime PM handling for interrupts 2018-05-26 08:49:00 +02:00
gpu drm/rockchip: Respect page offset for PRIME mmap calls 2018-05-30 07:49:16 +02:00
hid HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() 2018-05-30 07:48:54 +02:00
hsi HSI: ssi_protocol: double free in ssip_pn_xmit() 2018-03-24 10:58:42 +01:00
hv Drivers: hv: vmbus: fix build warning 2018-02-25 11:03:46 +01:00
hwmon hwmon: (pmbus/adm1275) Accept negative page register values 2018-05-30 07:49:13 +02:00
hwspinlock
hwtracing coresight: Fix disabling of CoreSight TPIU 2018-03-24 10:58:48 +01:00
i2c i2c: mv64xxx: Apply errata delay only in standard mode 2018-05-30 07:49:11 +02:00
ide cdrom: do not call check_disk_change() inside cdrom_open() 2018-05-30 07:49:13 +02:00
idle idle: i7300: add PCI dependency 2018-02-25 11:03:51 +01:00
iio iio: magnetometer: st_magn_spi: fix spi_device_id table 2018-04-13 19:50:21 +02:00
infiniband RDMA/ucma: Correct option size check using optlen 2018-05-30 07:49:05 +02:00
input Input: elan_i2c_smbus - fix corrupted stack 2018-06-06 16:46:20 +02:00
iommu iommu/vt-d: Fix a potential memory leak 2018-04-24 09:32:08 +02:00
ipack
irqchip irqchip/gic-v3: Change pr_debug message to pr_devel 2018-05-30 07:48:57 +02:00
isdn mISDN: Fix a sleep-in-atomic bug 2018-04-13 19:50:16 +02:00
leds leds: pca955x: Correct I2C Functionality 2018-04-13 19:50:09 +02:00
lguest
lightnvm
macintosh
mailbox mailbox: handle empty message in tx_tick 2017-08-06 19:19:41 -07:00
mcb
md bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set 2018-05-30 07:49:11 +02:00
media media: cx25821: prevent out-of-bounds read on array card 2018-05-30 07:49:15 +02:00
memory ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure 2017-12-16 10:33:51 +01:00
memstick
message scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() 2018-05-30 07:48:58 +02:00
mfd mfd: palmas: Reset the POWERHOLD mux during power off 2018-03-24 10:58:44 +01:00
misc drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests 2018-04-13 19:50:02 +02:00
mmc mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register 2018-05-30 07:48:51 +02:00
mtd gpmi-nand: Handle ECC Errors in erased pages 2018-05-16 10:06:47 +02:00
net enic: enable rq before updating rq descriptors 2018-05-30 07:49:14 +02:00
nfc NFC: nfcmrvl: double free on error path 2018-03-22 09:23:23 +01:00
ntb ntb_transport: Fix bug with max_mw_size parameter 2018-05-30 07:48:55 +02:00
nubus
nvdimm libnvdimm, namespace: make 'resource' attribute only readable by root 2017-11-30 08:37:23 +00:00
nvme nvme-pci: Fix nvme queue cleanup if IRQ setup fails 2018-05-30 07:49:01 +02:00
nvmem nvmem: imx-ocotp: Fix wrong register size 2017-08-06 19:19:46 -07:00
of of: fix of_device_get_modalias returned length when truncating buffers 2018-03-22 09:23:21 +01:00
oprofile
parisc parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode 2018-05-30 07:49:10 +02:00
parport parport_pc: Add support for WCH CH382L PCI-E single parallel port card. 2018-04-08 11:52:00 +02:00
pci PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 2018-05-30 07:49:15 +02:00
pcmcia
perf drivers/perf: arm_pmu: handle no platform_device 2018-03-22 09:23:26 +01:00
phy phy: work around 'phys' references to usb-nop-xceiv devices 2018-01-23 19:50:16 +01:00
pinctrl pinctrl: Really force states during suspend/resume 2018-03-24 10:58:48 +01:00
platform platform/chrome: Use proper protocol transfer function 2018-03-24 10:58:47 +01:00
pnp
power power: supply: pda_power: move from timer to delayed_work 2018-03-24 10:58:45 +01:00
powercap PowerCap: Fix an error code in powercap_register_zone() 2018-04-13 19:50:05 +02:00
pps
ps3
ptp time: Change posix clocks ops interfaces to use timespec64 2018-03-24 10:58:40 +01:00
pwm pwm: tegra: Increase precision in PWM rate calculation 2018-03-22 09:23:27 +01:00
rapidio
ras
regulator regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' 2018-05-30 07:49:17 +02:00
remoteproc
reset
rpmsg
rtc rtc: tx4939: avoid unintended sign extension on a 24 bit shift 2018-05-30 07:49:14 +02:00
s390 s390/cio: clear timer when terminating driver I/O 2018-05-30 07:49:00 +02:00
sbus
scsi scsi: lpfc: Fix frequency of Release WQE CQEs 2018-05-30 07:49:17 +02:00
sfi
sh
sn
soc
spi spi: pxa2xx: Allow 64-bit DMA 2018-05-26 08:48:52 +02:00
spmi spmi: Include OF based modalias in device uevent 2017-07-27 15:06:10 -07:00
ssb ssb: mark ssb_bus_register as __maybe_unused 2018-02-25 11:03:44 +01:00
staging staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr 2018-05-30 07:49:14 +02:00
target tcm_fileio: Prevent information leak for short reads 2018-03-24 10:58:45 +01:00
tc
thermal thermal: imx: Fix race condition in imx_thermal_probe() 2018-04-24 09:32:08 +02:00
thunderbolt thunderbolt: Resume control channel after hibernation image is created 2018-04-24 09:32:07 +02:00
tty serial: arc_uart: Fix out-of-bounds access through DT alias 2018-05-30 07:49:15 +02:00
uio
usb USB: serial: cp210x: use tcflag_t to fix incompatible pointer type 2018-06-06 16:46:20 +02:00
uwb uwb: ensure that endpoint is interrupt 2017-10-12 11:27:35 +02:00
vfio vfio/pci: Virtualize Maximum Read Request Size 2018-04-24 09:32:09 +02:00
vhost vhost: correctly remove wait queue during poll failure 2018-04-13 19:50:25 +02:00
video fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). 2018-05-30 07:49:04 +02:00
virt
virtio virtio_balloon: prevent uninitialized variable use 2018-02-25 11:03:42 +01:00
vlynq
vme
w1
watchdog watchdog: f71808e_wdt: Fix magic close handling 2018-05-30 07:49:03 +02:00
xen xen/acpi: off by one in read_acpi_id() 2018-05-30 07:49:09 +02:00
zorro zorro: Set up z->dev.dma_mask for the DMA API 2018-05-30 07:49:11 +02:00
Kconfig
Makefile usb: build drivers/usb/common/ when USB_SUPPORT is set 2018-02-25 11:03:38 +01:00