- Linux-stable-mirror - lists.linaro.org

[PATCH] wifi: ath11k: fix NULL derefence in ath11k_qmi_m3_load()

by Matvey Kovalev

If ab->fw.m3_data points to data, then fw pointer remains null. Further, if m3_mem is not allocated, then fw is dereferenced to be passed to ath11k_err function. Replace fw->size by m3_len. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 7db88b962f06 ("wifi: ath11k: add firmware-2.bin support") Cc: stable(a)vger.kernel.org Signed-off-by: Matvey Kovalev <matvey.kovalev(a)ispras.ru> --- drivers/net/wireless/ath/ath11k/qmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c index 378ac96b861b7..1a42b4abe7168 100644 --- a/drivers/net/wireless/ath/ath11k/qmi.c +++ b/drivers/net/wireless/ath/ath11k/qmi.c @@ -2557,7 +2557,7 @@ static int ath11k_qmi_m3_load(struct ath11k_base *ab) GFP_KERNEL); if (!m3_mem->vaddr) { ath11k_err(ab, "failed to allocate memory for M3 with size %zu\n", - fw->size); + m3_len); ret = -ENOMEM; goto out; } -- 2.43.0.windows.1

2 months, 3 weeks

4
4
0 0

THE HOUSEMAID UNDER CONTRACT

by Léon Hoolans

THE HOUSEMAID UNDER CONTRACT https://a.co/d/eeUOLwk

2 months, 3 weeks

1
0
0 0

Mini GPS Tracker with SOS & Voice Call

by GPS Tracker

2 months, 3 weeks

1
0
0 0

[PATCH] perf/arm-cmn: Fix CMN S3 DTM offset

by Robin Murphy

CMN S3's DTM offset is different between r0px and r1p0, and it turns out this was not a error in the earlier documentation, but does actually exist in the design. Lovely. Cc: stable(a)vger.kernel.org Fixes: 0dc2f4963f7e ("perf/arm-cmn: Support CMN S3") Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> --- drivers/perf/arm-cmn.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c index 50695b95fbfd..6698f0ec94e9 100644 --- a/drivers/perf/arm-cmn.c +++ b/drivers/perf/arm-cmn.c @@ -65,7 +65,7 @@ /* PMU registers occupy the 3rd 4KB page of each node's region */ #define CMN_PMU_OFFSET 0x2000 /* ...except when they don't :( */ -#define CMN_S3_DTM_OFFSET 0xa000 +#define CMN_S3_R1_DTM_OFFSET 0xa000 #define CMN_S3_PMU_OFFSET 0xd900 /* For most nodes, this is all there is */ @@ -233,6 +233,9 @@ enum cmn_revision { REV_CMN700_R1P0, REV_CMN700_R2P0, REV_CMN700_R3P0, + REV_CMNS3_R0P0 = 0, + REV_CMNS3_R0P1, + REV_CMNS3_R1P0, REV_CI700_R0P0 = 0, REV_CI700_R1P0, REV_CI700_R2P0, @@ -425,8 +428,8 @@ static enum cmn_model arm_cmn_model(const struct arm_cmn *cmn) static int arm_cmn_pmu_offset(const struct arm_cmn *cmn, const struct arm_cmn_node *dn) { if (cmn->part == PART_CMN_S3) { - if (dn->type == CMN_TYPE_XP) - return CMN_S3_DTM_OFFSET; + if (cmn->rev >= REV_CMNS3_R1P0 && dn->type == CMN_TYPE_XP) + return CMN_S3_R1_DTM_OFFSET; return CMN_S3_PMU_OFFSET; } return CMN_PMU_OFFSET; -- 2.34.1

2 months, 3 weeks

2
1
0 0

[PATCH 6.6 000/101] 6.6.107-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.107 release. There are 101 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Sep 2025 12:32:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.107-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.107-rc1 Jani Nikula <jani.nikula(a)intel.com> drm/i915/power: fix size for for_each_set_bit() in abox iteration Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix a memory leak in fence cleanup when unloading Buday Csaba <buday.csaba(a)prolan.hu> net: mdiobus: release reset_gpio in mdiobus_unregister_device() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix null pointer dereference in alloc_preauth_hash() Johan Hovold <johan(a)kernel.org> phy: ti-pipe3: fix device leak at unbind Johan Hovold <johan(a)kernel.org> phy: tegra: xusb: fix device and OF node leak at probe Miaoqian Lin <linmq006(a)gmail.com> dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate Stephan Gerhold <stephan.gerhold(a)linaro.org> dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix MIDI2 IN EP max packet size Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix missing UMP group attributes initialization Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix memory leak regression when freeing xhci vdev devices depth first Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Remove unnecessary include from compat.h Xiongfeng Wang <wangxiongfeng2(a)huawei.com> hrtimers: Unconditionally update target CPU base after offline timer migration Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> hrtimer: Remove unused function Andreas Kemnade <akemnade(a)kernel.org> regulator: sy7636a: fix lifecycle of power good gpio Anders Roxell <anders.roxell(a)linaro.org> dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Dan Carpenter <dan.carpenter(a)linaro.org> dmaengine: idxd: Fix double free in idxd_setup_wqs() Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Fix refcount underflow on module unload Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Remove improper idxd_free Hangbin Liu <liuhangbin(a)gmail.com> hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr Hangbin Liu <liuhangbin(a)gmail.com> hsr: use rtnl lock when iterating over ports Murali Karicheri <m-karicheri2(a)ti.com> net: hsr: Add VLAN CTAG filter support Murali Karicheri <m-karicheri2(a)ti.com> net: hsr: Add support for MC filtering at the slave device Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed Michal Schmidt <mschmidt(a)redhat.com> i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path Kohei Enju <enjuk(a)amazon.com> igb: fix link test skipping when interface is admin down Alex Tran <alex.t.tran(a)gmail.com> docs: networking: can: change bcm_msg_head frames member to support flexible array Antoine Tenart <atenart(a)kernel.org> tunnels: reset the GSO metadata before reusing the skb Petr Machata <petrm(a)nvidia.com> net: bridge: Bounce invalid boolopts Stefan Wahren <wahrenst(a)gmx.net> net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() Linus Torvalds <torvalds(a)linux-foundation.org> Disable SLUB_TINY for build testing Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990A w/audio compositions Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in flow control levels init Fabian Vogt <fvogt(a)suse.de> tty: hvc_console: Call hvc_kick in hvc_write unconditionally Paolo Abeni <pabeni(a)redhat.com> Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" Christoffer Sandberg <cs(a)tuxedo.de> Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - avoid enabling unused interrupts Chen Ridong <chenridong(a)huawei.com> kernfs: Fix UAF in polling when open file is released Yang Erkun <yangerkun(a)huawei.com> cifs: fix pagecache leak when do writepages Wei Yang <richard.weiyang(a)gmail.com> mm/khugepaged: fix the address passed to notifier on testing young Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm/khugepaged: convert hpage_collapse_scan_pmd() to use folios Qu Wenruo <wqu(a)suse.com> btrfs: fix corruption reading compressed range when block size is smaller than page size Boris Burkov <boris(a)bur.io> btrfs: use readahead_expand() on compressed extents Quanmin Yan <yanquanmin1(a)huawei.com> mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Quanmin Yan <yanquanmin1(a)huawei.com> mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() Stanislav Fort <stanislav.fort(a)aisle.com> mm/damon/sysfs: fix use-after-free in state_show() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix invalid accesses to ceph_connection_v1_info Alexander Sverdlin <alexander.sverdlin(a)siemens.com> mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing Alexander Dahl <ada(a)thorsis.com> mtd: nand: raw: atmel: Fix comment in timings preparation David Rosca <david.rosca(a)amd.com> drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages David Rosca <david.rosca(a)amd.com> drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time Johan Hovold <johan(a)kernel.org> drm/mediatek: fix potential OF node use-after-free Sang-Heon Jeon <ekffu200098(a)gmail.com> mm/damon/core: set quota->charged_from to jiffies at first charge window Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory Miklos Szeredi <mszeredi(a)redhat.com> fuse: prevent overflow in copy_file_range return value Miklos Szeredi <mszeredi(a)redhat.com> fuse: check if copy_file_range() returns larger than requested size Christophe Kerello <christophe.kerello(a)foss.st.com> mtd: rawnand: stm32_fmc2: fix ECC overwrite Christophe Kerello <christophe.kerello(a)foss.st.com> mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups Chiasheng Lee <chiasheng.lee(a)linux.intel.com> i2c: i801: Hide Intel Birch Stream SoC TCO WDT Mark Tinguely <mark.tinguely(a)oracle.com> ocfs2: fix recursive semaphore deadlock in fiemap call Krister Johansen <kjlx(a)templeofstupid.com> mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN Nathan Chancellor <nathan(a)kernel.org> compiler-clang.h: define __SANITIZE_*__ macros only when undefined Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "SUNRPC: Don't allow waiting for exiting tasks" Salah Triki <salah.triki(a)gmail.com> EDAC/altera: Delete an inappropriate dma_free_coherent() call Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Set synthesized TSA CPUID flags Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Maintain real-time response in rcu_tasks_postscan() Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Eliminate deadlocks involving do_exit() and RCU tasks Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() deadlocks wangzijie <wangzijie1(a)honor.com> proc: fix type confusion in pde_set_flags() Kuniyuki Iwashima <kuniyu(a)google.com> tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. Peilin Ye <yepeilin(a)google.com> bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_cf: Deny all sampling events by counter PMU Pu Lehui <pulehui(a)huawei.com> tracing: Silence warning when chunk allocation fails in trace_pid_write Jonathan Curley <jcurley(a)purestorage.com> NFSv4/flexfiles: Fix layout merge mirror check. Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.2: Serialise O_DIRECT i/o and copy range Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.2: Serialise O_DIRECT i/o and clone range Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.2: Serialise O_DIRECT i/o and fallocate() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Serialise O_DIRECT i/o and truncate() Max Kellermann <max.kellermann(a)ionos.com> fs/nfs/io: make nfs_start_io_*() killable Vladimir Riabchun <ferr.lambarginio(a)gmail.com> ftrace/samples: Fix function size computation Luo Gengkun <luogengkun(a)huaweicloud.com> tracing: Fix tracing_marker may trigger page fault during preempt_disable Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't clear capabilities that won't be reset Justin Worrell <jworrell(a)gmail.com> SUNRPC: call xs_sock_process_cmsg for all cmsg Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read Mimi Zohar <zohar(a)linux.ibm.com> ima: limit the number of ToMToU integrity violations Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Fix link frequency validation Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() Ada Couprie Diaz <ada.coupriediaz(a)arm.com> kasan: fix GCC mem-intrinsic prefix with sw tags Harry Yoo <harry.yoo(a)oracle.com> mm: introduce and use {pgd,p4d}_populate_kernel() Yeoreum Yun <yeoreum.yun(a)arm.com> kunit: kasan_test: disable fortify string checker on kasan_strings() test ------------- Diffstat: .../bindings/serial/brcm,bcm7271-uart.yaml | 2 +- Documentation/networking/can.rst | 2 +- Makefile | 4 +- arch/riscv/include/asm/compat.h | 1 - arch/s390/kernel/perf_cpum_cf.c | 4 +- arch/x86/kvm/cpuid.c | 5 + drivers/dma/dw/rzn1-dmamux.c | 15 +- drivers/dma/idxd/init.c | 39 ++--- drivers/dma/qcom/bam_dma.c | 8 +- drivers/dma/ti/edma.c | 4 +- drivers/edac/altera_edac.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 - drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 60 ++++---- drivers/gpu/drm/i915/display/intel_display_power.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 11 +- drivers/i2c/busses/i2c-i801.c | 2 +- drivers/input/misc/iqs7222.c | 3 + drivers/input/serio/i8042-acpipnpio.h | 14 ++ drivers/media/i2c/imx214.c | 27 ++-- drivers/mtd/nand/raw/atmel/nand-controller.c | 18 ++- drivers/mtd/nand/raw/stm32_fmc2_nand.c | 46 +++--- drivers/net/can/xilinx_can.c | 16 +-- drivers/net/ethernet/freescale/fec_main.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 5 +- drivers/net/phy/mdio_bus.c | 4 +- drivers/phy/tegra/xusb-tegra210.c | 6 +- drivers/phy/ti/phy-ti-pipe3.c | 13 ++ drivers/regulator/sy7636a-regulator.c | 7 +- drivers/tty/hvc/hvc_console.c | 6 +- drivers/tty/serial/sc16is7xx.c | 14 +- drivers/usb/gadget/function/f_midi2.c | 11 +- drivers/usb/gadget/udc/dummy_hcd.c | 8 +- drivers/usb/host/xhci-mem.c | 2 +- drivers/usb/serial/option.c | 17 +++ fs/btrfs/extent_io.c | 78 ++++++++-- fs/fuse/file.c | 5 +- fs/kernfs/file.c | 54 ++++--- fs/nfs/client.c | 2 + fs/nfs/direct.c | 21 ++- fs/nfs/file.c | 14 +- fs/nfs/flexfilelayout/flexfilelayout.c | 21 +-- fs/nfs/inode.c | 4 +- fs/nfs/internal.h | 17 ++- fs/nfs/io.c | 55 ++++--- fs/nfs/nfs42proc.c | 2 + fs/nfs/nfs4file.c | 2 + fs/nfs/nfs4proc.c | 6 +- fs/nfsd/nfs4proc.c | 4 + fs/nfsd/vfs.c | 13 +- fs/ocfs2/extent_map.c | 10 +- fs/proc/generic.c | 3 +- fs/smb/client/file.c | 16 ++- fs/smb/server/connection.h | 11 ++ fs/smb/server/mgmt/user_session.c | 4 +- fs/smb/server/smb2pdu.c | 14 +- include/linux/compiler-clang.h | 31 +++- include/linux/pgalloc.h | 29 ++++ include/linux/pgtable.h | 13 +- include/net/sock.h | 40 +++++- kernel/bpf/helpers.c | 7 +- kernel/rcu/tasks.h | 107 ++++++++++---- kernel/time/hrtimer.c | 50 ++----- kernel/trace/trace.c | 10 +- mm/Kconfig | 2 +- mm/damon/core.c | 4 + mm/damon/lru_sort.c | 3 + mm/damon/reclaim.c | 3 + mm/damon/sysfs.c | 14 +- mm/kasan/init.c | 12 +- mm/kasan/kasan_test.c | 1 + mm/khugepaged.c | 22 +-- mm/memory-failure.c | 7 +- mm/percpu.c | 6 +- mm/sparse-vmemmap.c | 6 +- net/bridge/br.c | 7 + net/can/j1939/bus.c | 5 +- net/can/j1939/socket.c | 3 + net/ceph/messenger.c | 7 +- net/core/sock.c | 5 + net/hsr/hsr_device.c | 158 ++++++++++++++++++++- net/hsr/hsr_main.c | 4 +- net/hsr/hsr_main.h | 3 + net/ipv4/ip_tunnel_core.c | 6 + net/ipv4/tcp_bpf.c | 5 +- net/mptcp/sockopt.c | 11 +- net/sunrpc/sched.c | 2 - net/sunrpc/xprtsock.c | 6 +- samples/ftrace/ftrace-direct-modify.c | 2 +- scripts/Makefile.kasan | 12 +- security/integrity/ima/ima_main.c | 16 ++- security/integrity/integrity.h | 3 +- 93 files changed, 976 insertions(+), 403 deletions(-)

2 months, 3 weeks

10
111
0 0

I found something you might like / J'ai trouvé quelque chose qui pourrait vous plaire

by LK LK

We sell 13,120 Ultra Targeted Emails and with these Emails you can successfully sell your ebook, your training or any other digital product today https://vlykohda.mychariow.com/eng Nous vendons 13 120 Emails Ultra Ciblés et grâce à ces Emails tu peux vendre avec succès ton ebook, ta formation ou tout autre produit digital dès aujourd’hui https://vlykohda.mychariow.com/149

2 months, 3 weeks

1
0
0 0

[PATCH] nvdimm: ndtest: Add check for devm_kcalloc() allocations in ndtest_probe()

by Guangshuo Li

devm_kcalloc() may fail. ndtest_probe() allocates three DMA address arrays (dcr_dma, label_dma, dimm_dma) and later unconditionally uses them in ndtest_nvdimm_init(), which can lead to a NULL pointer dereference on allocation failure. Add NULL checks for all three allocations and return -ENOMEM if any allocation fails. Fixes: 9399ab61ad82 ("ndtest: Add dimms to the two buses") Cc: stable(a)vger.kernel.org Signed-off-by: Guangshuo Li <lgs201920130244(a)gmail.com> --- tools/testing/nvdimm/test/ndtest.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/testing/nvdimm/test/ndtest.c b/tools/testing/nvdimm/test/ndtest.c index 68a064ce598c..516f304bb0b9 100644 --- a/tools/testing/nvdimm/test/ndtest.c +++ b/tools/testing/nvdimm/test/ndtest.c @@ -855,6 +855,11 @@ static int ndtest_probe(struct platform_device *pdev) p->dimm_dma = devm_kcalloc(&p->pdev.dev, NUM_DCR, sizeof(dma_addr_t), GFP_KERNEL); + if (!p->dcr_dma || !p->label_dma || !p->dimm_dma) { + pr_err("%s: failed to allocate DMA address arrays\n", __func__); + return -ENOMEM; + } + rc = ndtest_nvdimm_init(p); if (rc) goto err; -- 2.43.0

2 months, 3 weeks

2
1
0 0

Gratulujeme, nabidka daru

by Kristine Charity Services

2 months, 3 weeks

1
0
0 0

[PATCH] powerpc/smp: Add check for kcalloc() in parse_thread_groups()

by Guangshuo Li

As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array(). Fixes: 790a1662d3a26 ("powerpc/smp: Parse ibm,thread-groups with multiple properties") Cc: stable(a)vger.kernel.org Signed-off-by: Guangshuo Li <lgs201920130244(a)gmail.com> --- arch/powerpc/kernel/smp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c index 5ac7084eebc0..fa0cd3f7a93c 100644 --- a/arch/powerpc/kernel/smp.c +++ b/arch/powerpc/kernel/smp.c @@ -822,6 +822,10 @@ static int parse_thread_groups(struct device_node *dn, count = of_property_count_u32_elems(dn, "ibm,thread-groups"); thread_group_array = kcalloc(count, sizeof(u32), GFP_KERNEL); + if (!thread_group_array) { + ret = -ENOMEM; + goto out_free; + } ret = of_property_read_u32_array(dn, "ibm,thread-groups", thread_group_array, count); if (ret) -- 2.43.0

2 months, 3 weeks

2
1
0 0

Dostal si moju poslednu spravu?

by Dr Leonard Valentinovic Blavatnik.

2 months, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror