evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/net
History
YueHaibing 2ff783f3e0 ppp: deflate: Fix possible crash in deflate_init 
[ Upstream commit 3ebe1bca58c85325c97a22d4fc3f5b5420752e6f ]

BUG: unable to handle kernel paging request at ffffffffa018f000
PGD 3270067 P4D 3270067 PUD 3271063 PMD 2307eb067 PTE 0
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 4138 Comm: modprobe Not tainted 5.1.0-rc7+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
RIP: 0010:ppp_register_compressor+0x3e/0xd0 [ppp_generic]
Code: 98 4a 3f e2 48 8b 15 c1 67 00 00 41 8b 0c 24 48 81 fa 40 f0 19 a0
75 0e eb 35 48 8b 12 48 81 fa 40 f0 19 a0 74
RSP: 0018:ffffc90000d93c68 EFLAGS: 00010287
RAX: ffffffffa018f000 RBX: ffffffffa01a3000 RCX: 000000000000001a
RDX: ffff888230c750a0 RSI: 0000000000000000 RDI: ffffffffa019f000
RBP: ffffc90000d93c80 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0194080
R13: ffff88822ee1a700 R14: 0000000000000000 R15: ffffc90000d93e78
FS:  00007f2339557540(0000) GS:ffff888237a00000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa018f000 CR3: 000000022bde4000 CR4: 00000000000006f0
Call Trace:
 ? 0xffffffffa01a3000
 deflate_init+0x11/0x1000 [ppp_deflate]
 ? 0xffffffffa01a3000
 do_one_initcall+0x6c/0x3cc
 ? kmem_cache_alloc_trace+0x248/0x3b0
 do_init_module+0x5b/0x1f1
 load_module+0x1db1/0x2690
 ? m_show+0x1d0/0x1d0
 __do_sys_finit_module+0xc5/0xd0
 __x64_sys_finit_module+0x15/0x20
 do_syscall_64+0x6b/0x1d0
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

If ppp_deflate fails to register in deflate_init,
module initialization failed out, however
ppp_deflate_draft may has been regiestred and not
unregistered before return.
Then the seconed modprobe will trigger crash like this.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-11 12:23:43 +02:00
..
appletalk net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT 2018-09-29 03:08:52 -07:00
arcnet
bonding bonding: fix arp_validate toggling in active-backup mode 2019-05-16 19:45:18 +02:00
caif
can can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it 2019-02-06 19:43:04 +01:00
cris
dsa net: dsa: mv88e6xxx: Fix u64 statistics 2019-03-23 08:44:23 +01:00
ethernet net/mlx4_core: Change the error print to info print 2019-06-11 12:23:43 +02:00
fddi
fjes fjes: Fix wrong netdevice feature flags 2017-12-20 10:04:55 +01:00
hamradio net: hamradio: use eth_broadcast_addr 2018-08-24 13:26:55 +02:00
hippi hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close 2018-02-25 11:03:42 +01:00
hyperv hv_netvsc: use skb_get_hash() instead of a homegrown implementation 2017-03-26 12:13:18 +02:00
ieee802154 ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem 2018-08-24 13:26:58 +02:00
ipvlan ipvlan: disallow userns cap_net_admin to change global mode/flags 2019-03-23 08:44:31 +01:00
irda irda: fix overly long udelay() 2018-06-06 16:46:21 +02:00
phy mdio_bus: Fix use-after-free on device_register fails 2019-03-23 08:44:30 +01:00
plip
ppp ppp: deflate: Fix possible crash in deflate_init 2019-06-11 12:23:43 +02:00
slip slip: make slhc_free() silently accept an error pointer 2019-05-16 19:44:51 +02:00
team team: fix possible recursive locking when add slaves 2019-05-16 19:44:52 +02:00
usb usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set 2019-05-16 19:44:56 +02:00
vmxnet3 vmxnet3: ensure that adapter is in proper state during force_close 2018-04-13 19:50:04 +02:00
wan drivers: net: lmc: fix case value for target abort error 2018-09-05 09:18:36 +02:00
wimax net: wimax/i2400m: fix NULL-deref at probe 2017-12-20 10:04:54 +01:00
wireless cw1200: fix missing unlock on error in cw1200_hw_scan() 2019-05-16 19:45:07 +02:00
xen-netback xen-netback: fix occasional leak of grant ref mappings under memory pressure 2019-03-23 08:44:22 +01:00
dummy.c
eql.c
geneve.c geneve: avoid use-after-free of skb->data 2016-12-10 19:07:24 +01:00
ifb.c
Kconfig vmxnet3: prevent building with 64K pages 2018-02-25 11:03:42 +01:00
LICENSE.SRC
loopback.c net: introduce device min_header_len 2017-02-18 16:39:27 +01:00
macvlan.c macvlan: Only deliver one copy of the frame to the macvlan interface 2017-12-20 10:05:01 +01:00
macvtap.c tun/tap: sanitize TUNSETSNDBUF input 2017-11-18 11:11:05 +01:00
Makefile
mdio.c
mii.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c rapidio/rionet: do not free skb before reading its length 2018-12-13 09:21:26 +01:00
sb1000.c
Space.c
sungem_phy.c
tun.c tun: forbid iface creation with rtnl ops 2018-12-17 21:55:09 +01:00
veth.c veth: set peer GSO values 2018-03-22 09:23:29 +01:00
virtio_net.c virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS 2018-05-30 07:49:11 +02:00
vrf.c vrf: Fix use after free and double free in vrf_finish_output 2018-04-13 19:50:27 +02:00
vxlan.c vxlan: Don't call gro_cells_destroy() before device is unregistered 2019-04-03 06:23:25 +02:00
xen-netfront.c xen/netfront: tolerate frags with no data 2019-01-13 10:05:28 +01:00