On Mon 01 Oct 11:18 PDT 2018, Luis Chamberlain wrote:
On Mon, Oct 01, 2018 at 03:27:03PM +0200, Niklas Cassel wrote:
On Thu, Sep 20, 2018 at 12:34:15AM -0700, Bjorn Andersson wrote:
On Wed 19 Sep 22:22 PDT 2018, Greg Kroah-Hartman wrote:
On Wed, Sep 19, 2018 at 06:09:38PM -0700, Bjorn Andersson wrote:
When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized.
Make sure to initialize the list object regardless of this flag.
Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable@vger.kernel.org Cc: Rishabh Bhatnagar rishabhb@codeaurora.org Signed-off-by: Bjorn Andersson bjorn.andersson@linaro.org
drivers/base/firmware_loader/main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
Is this being triggered by some hardware somewhere today? Or is this just a fix found by code inspection?
Hi Greg,
Yes, I found this issue while attempting to load the firmware and boot one of the DSPs on one of my Qualcomm dev boards after v4.19-rc4 and it can be reproduced on the upstream Dragonboard 820c.
I still see this issue on v4.19-rc6.
It would be nice if this fix gets merged before v4.19 gets released.
This is the first I hear of this and this patch, so you should re-send it and I can review it. Also please Cc Rishabh.
Rishabh, had you heard of this and can you confirm as well as 422b3db2a503 was your commit?
Thanks Luis,
It seems like Greg did pick the patch yesterday [1], so hopefully he sends himself a pull request this week for inclusion in v4.19-rc7.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/log/?h=...
Regards, Bjorn