evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/char
History
G. Campana 23c7f01691 virtio_console: fix a crash in config_work_handler 
[ Upstream commit 8379cadf71c3ee8173a1c6fc1ea7762a9638c047 ]

Using control_work instead of config_work as the 3rd argument to
container_of results in an invalid portdev pointer. Indeed, the work
structure is initialized as below:

    INIT_WORK(&portdev->config_work, &config_work_handler);

It leads to a crash when portdev->vdev is dereferenced later. This
bug
is triggered when the guest uses a virtio-console without multiport
feature and receives a config_changed virtio interrupt.

Signed-off-by: G. Campana <gcampana@quarkslab.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-05 14:37:18 +02:00
..
agp agp/uninorth: fix a memleak in create_gatt_table 2015-10-02 22:57:59 +10:00
hw_random hwrng: core - Don't use a stack buffer in add_early_randomness() 2016-11-18 10:48:36 +01:00
ipmi ipmi: Fix kernel panic at ipmi_ssif_thread() 2017-05-20 14:27:03 +02:00
mwave
pcmcia pcmcia: remove left-over %Z format 2017-06-07 12:06:01 +02:00
tpm tpm_crb: check for bad response size 2017-05-25 14:30:07 +02:00
xilinx_hwicap char:xilinx_hwicap:buffer_icap - change 1/0 to true/false for bool type variable in function buffer_icap_set_configuration(). 2015-06-12 16:58:33 -07:00
xillybus char: xillybus: Allow 64-bit DMA on PCIe interface 2015-08-05 12:27:09 -07:00
apm-emulation.c
applicom.c
applicom.h
bfin-otp.c
bsr.c
ds1302.c
ds1620.c
dsp56k.c drivers/char/dsp56k.c: drop check for negativity of unsigned parameter 2014-07-17 18:38:37 -07:00
dtlk.c
efirtc.c drivers/char: make efirtc.c driver explicitly non-modular 2015-09-20 19:32:35 -07:00
generic_nvram.c
genrtc.c
hangcheck-timer.c hangcheck-timer: cleanup casting in hangcheck_init() 2014-11-07 11:24:01 -08:00
hpet.c drivers/char: make hpet.c explicitly non-modular 2015-09-20 19:32:35 -07:00
Kconfig char: lack of bool string made CONFIG_DEVPORT always on 2017-04-21 09:30:06 +02:00
lp.c char: lp: fix possible integer overflow in lp_setup() 2017-05-25 14:30:07 +02:00
Makefile hwmon: Rename i8k driver to dell-smm-hwmon and move it to hwmon tree 2015-05-24 12:48:12 -07:00
mbcs.c
mbcs.h
mem.c drivers: char: mem: Fix wraparound check to allow mappings up to the end 2017-06-14 13:16:26 +02:00
misc.c char: make misc_deregister a void function 2015-08-05 10:35:49 -07:00
mmtimer.c
mspec.c
nsc_gpio.c
nvram.c char/nvram: Use bitwise OR to obtain Atari video mode data 2015-08-05 13:30:16 -07:00
nwbutton.c
nwbutton.h
nwflash.c
pc8736x_gpio.c
ppdev.c
ps3flash.c
random.c random: properly align get_random_int_hash 2017-06-14 13:16:23 +02:00
raw.c writeback: separate out include/linux/backing-dev-defs.h 2015-06-02 08:33:34 -06:00
rtc.c
scx200_gpio.c
snsc.c drivers/char: make SGI snsc.c driver explicitly non-modular 2015-09-20 19:32:35 -07:00
snsc.h
snsc_event.c
sonypi.c char: drop owner assignment from platform_drivers 2014-10-20 16:20:19 +02:00
tb0219.c char: drop owner assignment from platform_drivers 2014-10-20 16:20:19 +02:00
tile-srom.c fs: move struct kiocb to fs.h 2015-03-25 20:28:11 -04:00
tlclk.c
toshiba.c toshiba laptop: replace ioremap_cache with ioremap 2015-08-05 17:26:00 -07:00
ttyprintk.c
uv_mmtimer.c
virtio_console.c virtio_console: fix a crash in config_work_handler 2017-07-05 14:37:18 +02:00