forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Jiri Slaby 150d35bf70 tty: rocket, avoid OOB access 
commit 7127d24372 upstream.

init_r_port can access pc104 array out of bounds. pc104 is a 2D array
defined to have 4 members. Each member has 8 submembers.
* we can have more than 4 (PCI) boards, i.e. [board] can be OOB
* line is not modulo-ed by anything, so the first line on the second
  board can be 4, on the 3rd 12 or alike (depending on previously
  registered boards). It's zero only on the first line of the first
  board. So even [line] can be OOB, quite soon (with the 2nd registered
  board already).

This code is broken for ages, so just avoid the OOB accesses and don't
try to fix it as we would need to find out the correct line number. Use
the default: RS232, if we are out.

Generally, if anyone needs to set the interface types, a module parameter
is past the last thing that should be used for this purpose. The
parameters' description says it's for ISA cards anyway.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: stable <stable@vger.kernel.org>
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Link: https://lore.kernel.org/r/20200417105959.15201-2-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-29 16:31:30 +02:00
..
accessibility
acpi x86: ACPI: fix CPU hotplug deadlock 2020-04-23 10:30:20 +02:00
amba
android
ata libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set 2020-04-17 10:48:52 +02:00
atm fore200e: Fix incorrect checks of NULL pointer dereference 2020-02-24 08:34:42 +01:00
auxdisplay
base firmware: fix a double abort case with fw_load_sysfs_fallback 2020-04-17 10:48:42 +02:00
bcma bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA 2020-01-27 14:51:09 +01:00
block virtio-blk: improve virtqueue error to BLK_STS 2020-04-29 16:31:16 +02:00
bluetooth Bluetooth: btusb: fix PM leak in error case of setup 2020-01-09 10:19:04 +01:00
bus bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads 2020-04-17 10:48:37 +02:00
cdrom cdrom: respect device capabilities during opening action 2020-01-04 19:13:12 +01:00
char tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() 2020-04-29 16:31:29 +02:00
clk clk: tegra: Fix Tegra PMC clock out parents 2020-04-23 10:30:17 +02:00
clocksource clocksource/drivers/bcm2835_timer: Fix memory leak of timer 2020-02-24 08:34:37 +01:00
connector
cpufreq cpufreq: powernv: Fix use-after-free 2020-04-17 10:48:52 +02:00
cpuidle
crypto crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static 2020-04-29 16:31:07 +02:00
dax
dca
devfreq Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" 2020-03-05 16:42:18 +01:00
dio
dma dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() 2020-03-11 14:15:12 +01:00
dma-buf
edac EDAC/amd64: Set grain per DIMM 2020-03-11 14:14:45 +01:00
eisa
extcon extcon: axp288: Add wakeup support 2020-04-13 10:45:03 +02:00
firewire net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:19:09 +01:00
firmware efi/x86: Ignore the memory attributes table on i386 2020-04-17 10:48:41 +02:00
fmc
fpga
fsi fsi: sbefifo: Don't fail operations when in SBE IPL state 2020-01-27 14:51:00 +01:00
gnss
gpio gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model 2020-04-02 15:28:23 +02:00
gpu drm/amd/display: Not doing optimize bandwidth if flip pending. 2020-04-29 16:31:15 +02:00
hid HID: google: add moonball USB id 2020-03-20 11:55:59 +01:00
hsi
hv x86/Hyper-V: Report crash data in die() when panic_on_oops is set 2020-04-23 10:30:17 +02:00
hwmon hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() 2020-03-11 14:15:12 +01:00
hwspinlock
hwtracing intel_th: pci: Add Elkhart Lake CPU support 2020-03-25 08:06:11 +01:00
i2c i2c: st: fix missing struct parameter description 2020-04-17 10:48:38 +02:00
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:34:49 +01:00
idle
iio iio: xilinx-xadc: Make sure not exceed maximum samplerate 2020-04-29 16:31:26 +02:00
infiniband net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2020-04-29 16:31:17 +02:00
input Input: i8042 - add Acer Aspire 5738z to nomux list 2020-04-17 10:48:52 +02:00
iommu iommu/amd: Fix the configuration of GCR3 table root pointer 2020-04-23 10:30:22 +02:00
ipack
irqchip irqchip/mbigen: Free msi_desc on device teardown 2020-04-23 10:30:13 +02:00
isdn
leds leds: pca963x: Fix open-drain initialization 2020-02-24 08:34:35 +01:00
lightnvm lightnvm: pblk: fix lock order in pblk_rb_tear_down_check 2020-01-27 14:50:45 +01:00
macintosh macintosh: windfarm: fix MODINFO regression 2020-03-18 07:14:21 +01:00
mailbox mailbox: qcom-apcs: fix max_register value 2020-01-27 14:51:14 +01:00
mcb
md dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() 2020-04-17 10:48:54 +02:00
media media: ti-vpe: cal: fix disable_irqs to only the intended target 2020-04-17 10:48:45 +02:00
memory memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20 2020-01-27 14:50:13 +01:00
memstick
message scsi: mptfusion: Fix double fetch bug in ioctl 2020-01-23 08:21:28 +01:00
mfd mfd: dln2: Fix sanity checking for endpoints 2020-04-17 10:48:55 +02:00
misc misc: echo: Remove unnecessary parentheses and simplify check for zero 2020-04-17 10:48:55 +02:00
mmc mmc: sdhci-tegra: Fix busy detection by enabling MMC_CAP_NEED_RSP_BUSY 2020-04-02 15:28:10 +02:00
mtd mtd: phram: fix a double free issue in error path 2020-04-23 10:30:24 +02:00
mux
net mlxsw: Fix some IS_ERR() vs NULL bugs 2020-04-29 16:31:23 +02:00
nfc NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() 2020-04-02 15:28:12 +02:00
ntb ntb_hw_switchtec: potential shift wrapping bug in switchtec_ntb_init_sndev() 2020-01-27 14:50:55 +01:00
nubus
nvdimm libnvdimm: Out of bounds read in __nd_ioctl() 2020-04-23 10:30:22 +02:00
nvme nvme: fix deadlock caused by ANA update wrong locking 2020-04-29 16:31:12 +02:00
nvmem nvmem: imx-ocotp: Change TIMING calculation to u-boot algorithm 2020-01-27 14:50:58 +01:00
of of: overlay: kmemleak in dup_and_fixup_symbol_prop() 2020-04-23 10:30:14 +02:00
opp OPP: Fix missing debugfs supply directory for OPPs 2020-01-27 14:50:04 +01:00
oprofile
parisc
parport
pci PCI/ASPM: Allow re-enabling Clock PM 2020-04-29 16:31:16 +02:00
pcmcia
perf drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer 2020-03-25 08:06:07 +01:00
phy phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval 2020-03-11 14:15:10 +01:00
pinctrl pinctrl: core: Remove extra kref_get which blocks hogs being freed 2020-03-18 07:14:23 +01:00
platform platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table 2020-04-02 15:28:23 +02:00
pnp
power power: supply: axp288_fuel_gauge: Broaden vendor check for Intel Compute Sticks. 2020-04-23 10:30:22 +02:00
powercap
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:21:35 +01:00
pwm pwm: bcm2835: Dynamically allocate base 2020-04-29 16:31:14 +02:00
rapidio drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() 2020-01-27 14:50:31 +01:00
ras
regulator regulator: rk808: Lower log level on optional GPIOs being not available 2020-02-24 08:34:40 +01:00
remoteproc remoteproc: Initialize rproc_class before use 2020-02-24 08:34:50 +01:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:34:44 +01:00
rpmsg rpmsg: glink: Remove chunk size word align warning 2020-04-13 10:45:16 +02:00
rtc rtc: 88pm860x: fix possible race condition 2020-04-23 10:30:18 +02:00
s390 s390/cio: avoid duplicated 'ADD' uevents 2020-04-29 16:31:13 +02:00
sbus
scsi scsi: smartpqi: fix call trace in device discovery 2020-04-29 16:31:16 +02:00
sfi
sh
siox
slimbus
sn
soc soc: imx: gpc: fix power up sequencing 2020-04-23 10:30:17 +02:00
soundwire
spi spi/zynqmp: remove entry that causes a cs glitch 2020-03-25 08:06:06 +01:00
spmi
ssb
staging erofs: correct the remaining shrink objects 2020-04-17 10:48:49 +02:00
target scsi: target: fix hang when multiple threads try to destroy the same iscsi session 2020-04-21 09:03:11 +02:00
tc
tee tee: optee: Fix compilation issue with nommu 2020-02-05 14:43:50 +00:00
thermal thermal: brcmstb_thermal: Do not use DT coefficients 2020-03-05 16:42:22 +01:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 16:38:44 +01:00
tty tty: rocket, avoid OOB access 2020-04-29 16:31:30 +02:00
uio uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() 2020-02-24 08:34:37 +01:00
usb USB: hub: Fix handling of connect changes during sleep 2020-04-29 16:31:27 +02:00
uwb
vfio vfio/mdev: Fix aborting mdev child device removal if one fails 2020-01-27 14:50:46 +01:00
vhost vhost: Check docket sk_family instead of call getname 2020-03-05 16:42:18 +01:00
video fbdev: potential information leak in do_fb_ioctl() 2020-04-23 10:30:22 +02:00
virt
virtio virtio_balloon: prevent pfn array overflow 2020-02-24 08:34:54 +01:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:34:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:34:47 +01:00
w1
watchdog watchdog: reset last_hw_keepalive time at start 2020-04-29 16:31:09 +02:00
xen xenbus: req->err should be updated before req->state 2020-03-25 08:06:08 +01:00
zorro
Kconfig
Makefile