NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Kernel Source and devicetree for NOTHING Phone(3a) and Phone(3a)Pro
1139853 commits 1 branch 0 tags 2.6 GiB
Find a file
ChiYuan Huang b0f25ca1ff regulator: core: Use different devices for resource allocation and DT lookup 
[ Upstream commit 8f3cbcd6b440032ebc7f7d48a1689dcc70a4eb98 ]

Following by the below discussion, there's the potential UAF issue
between regulator and mfd.
https://lore.kernel.org/all/20221128143601.1698148-1-yangyingliang@huawei.com/

From the analysis of Yingliang

CPU A				|CPU B
mt6370_probe()			|
  devm_mfd_add_devices()	|
				|mt6370_regulator_probe()
				|  regulator_register()
				|    //allocate init_data and add it to devres
				|    regulator_of_get_init_data()
i2c_unregister_device()		|
  device_del()			|
    devres_release_all()	|
      // init_data is freed	|
      release_nodes()		|
				|  // using init_data causes UAF
				|  regulator_register()

It's common to use mfd core to create child device for the regulator.
In order to do the DT lookup for init data, the child that registered
the regulator would pass its parent as the parameter. And this causes
init data resource allocated to its parent, not itself. The issue happen
when parent device is going to release and regulator core is still doing
some operation of init data constraint for the regulator of child device.

To fix it, this patch expand 'regulator_register' API to use the
different devices for init data allocation and DT lookup.

Reported-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: ChiYuan Huang <cy_huang@richtek.com>
Link: https://lore.kernel.org/r/1670311341-32664-1-git-send-email-u0084500@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-31 13:33:04 +01:00
arch x86/apic: Handle no CONFIG_X86_X2APIC on systems with x2APIC enabled by BIOS 2022-12-31 13:32:58 +01:00
block blk-mq: fix possible memleak when register 'hctx' failed 2022-12-31 13:33:03 +01:00
certs certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
crypto crypto: tcrypt - Fix multibuffer skcipher speed test mem leak 2022-12-31 13:32:34 +01:00
Documentation dt-bindings: mfd: qcom,spmi-pmic: Drop PWM reg dependency 2022-12-31 13:32:52 +01:00
drivers regulator: core: Use different devices for resource allocation and DT lookup 2022-12-31 13:33:04 +01:00
fs nfs: fix possible null-ptr-deref when parsing param 2022-12-31 13:33:04 +01:00
include regulator: core: Use different devices for resource allocation and DT lookup 2022-12-31 13:33:04 +01:00
init init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash 2022-11-22 22:42:38 +09:00
io_uring io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() 2022-12-07 06:45:20 -07:00
ipc ipc: fix memory leak in init_mqueue_fs() 2022-12-31 13:32:01 +01:00
kernel bpf: Prevent decl_tag from being referenced in func_proto arg 2022-12-31 13:33:03 +01:00
lib test_firmware: fix memory leak in test_firmware_init() 2022-12-31 13:32:40 +01:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
net ethtool: avoiding integer overflow in ethtool_phys_id() 2022-12-31 13:33:03 +01:00
rust Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
samples samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() 2022-12-31 13:32:42 +01:00
scripts - Handle different output of readelf on different distros running 2022-11-27 12:08:17 -08:00
security apparmor: Fix memleak in alloc_ns() 2022-12-31 13:32:31 +01:00
sound ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table 2022-12-31 13:33:03 +01:00
tools selftests/bpf: Fix conflicts with built-in functions in bpf_iter_ksym 2022-12-31 13:33:04 +01:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt Merge branch 'kvm-dwmw2-fixes' into HEAD 2022-11-23 18:59:45 -05:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
Makefile Linux 6.1.1 2022-12-21 17:48:12 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.