Home Home > GIT Browse > SLE12-SP3-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Thumshirn <jthumshirn@suse.de>2019-02-11 16:53:38 +0100
committerJohannes Thumshirn <jthumshirn@suse.de>2019-02-11 16:53:38 +0100
commitcf38b6f60d5c4bce31745ace072cb87c6494d55a (patch)
tree0de1181178a9c75b52325825cc47d5a0a49d0f61
parent56b47a0c581719d3fd8f1cf14621957ac2ede52e (diff)
- nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014).
- Refresh patches.fixes/acpi-nfit-fix-command-supported-detection.patch.
-rw-r--r--patches.fixes/acpi-nfit-fix-command-supported-detection.patch11
-rw-r--r--patches.fixes/nfit-fix-unchecked-dereference-in-acpi_nfit_ctl.patch54
-rw-r--r--series.conf1
3 files changed, 61 insertions, 5 deletions
diff --git a/patches.fixes/acpi-nfit-fix-command-supported-detection.patch b/patches.fixes/acpi-nfit-fix-command-supported-detection.patch
index 799bd56e65..8981d5fc5c 100644
--- a/patches.fixes/acpi-nfit-fix-command-supported-detection.patch
+++ b/patches.fixes/acpi-nfit-fix-command-supported-detection.patch
@@ -64,7 +64,7 @@ Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm,
unsigned int cmd, void *buf, unsigned int buf_len, int *cmd_rc)
{
-@@ -206,16 +232,10 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
+@@ -206,17 +232,11 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
unsigned long cmd_mask, dsm_mask;
u32 offset, fw_status = 0;
acpi_handle handle;
@@ -73,7 +73,8 @@ Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
- int rc, i;
+ int func, rc, i;
- *cmd_rc = -EINVAL;
+ if (cmd_rc)
+ *cmd_rc = -EINVAL;
- func = cmd;
- if (cmd == ND_CMD_CALL) {
- call_pkg = buf;
@@ -82,7 +83,7 @@ Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
if (nvdimm) {
struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
-@@ -223,9 +243,12 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
+@@ -224,9 +244,12 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
if (!adev)
return -ENOTTY;
@@ -97,7 +98,7 @@ Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
dimm_name = nvdimm_name(nvdimm);
cmd_name = nvdimm_cmd_name(cmd);
cmd_mask = nvdimm_cmd_mask(nvdimm);
-@@ -236,6 +259,7 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
+@@ -237,6 +260,7 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
} else {
struct acpi_device *adev = to_acpi_dev(acpi_desc);
@@ -105,7 +106,7 @@ Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
cmd_name = nvdimm_bus_cmd_name(cmd);
cmd_mask = nd_desc->cmd_mask;
dsm_mask = cmd_mask;
-@@ -248,7 +272,13 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
+@@ -249,7 +273,13 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
if (!desc || (cmd && (desc->out_num + desc->in_num == 0)))
return -ENOTTY;
diff --git a/patches.fixes/nfit-fix-unchecked-dereference-in-acpi_nfit_ctl.patch b/patches.fixes/nfit-fix-unchecked-dereference-in-acpi_nfit_ctl.patch
new file mode 100644
index 0000000000..3d2cc720fa
--- /dev/null
+++ b/patches.fixes/nfit-fix-unchecked-dereference-in-acpi_nfit_ctl.patch
@@ -0,0 +1,54 @@
+From: Dave Jiang <dave.jiang@intel.com>
+Date: Wed, 11 Jul 2018 10:10:11 -0700
+Subject: nfit: fix unchecked dereference in acpi_nfit_ctl
+Git-commit: ee6581ceba7f8314b81b2f2a81f1cf3f67c679e2
+Patch-mainline: v4.18-rc5
+References: bsc#1125014
+
+Incremental patch to fix the unchecked dereference in acpi_nfit_ctl.
+Reported by Dan Carpenter:
+
+"acpi/nfit: fix cmd_rc for acpi_nfit_ctl to
+always return a value" from Jun 28, 2018, leads to the following
+Smatch complaint:
+
+ drivers/acpi/nfit/core.c:578 acpi_nfit_ctl()
+ warn: variable dereferenced before check 'cmd_rc' (see line 411)
+
+drivers/acpi/nfit/core.c
+ 410
+ 411 *cmd_rc = -EINVAL;
+ ^^^^^^^^^^^^^^^^^^
+Patch adds unchecked dereference.
+
+Fixes: c1985cefd844 ("acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value")
+
+Signed-off-by: Dave Jiang <dave.jiang@intel.com>
+Acked-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ drivers/acpi/nfit/core.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/acpi/nfit/core.c
++++ b/drivers/acpi/nfit/core.c
+@@ -210,7 +210,8 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
+ const u8 *uuid;
+ int rc, i;
+
+- *cmd_rc = -EINVAL;
++ if (cmd_rc)
++ *cmd_rc = -EINVAL;
+ func = cmd;
+ if (cmd == ND_CMD_CALL) {
+ call_pkg = buf;
+@@ -298,7 +299,8 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc
+ * If we return an error (like elsewhere) then caller wouldn't
+ * be able to rely upon data returned to make calculation.
+ */
+- *cmd_rc = 0;
++ if (cmd_rc)
++ *cmd_rc = 0;
+ return 0;
+ }
+
+
diff --git a/series.conf b/series.conf
index b3e53427b0..4bc254d98d 100644
--- a/series.conf
+++ b/series.conf
@@ -23847,6 +23847,7 @@
patches.suse/sched-fair-Fix-bandwidth-timer-clock-drift-condition.patch
patches.drivers/0004-mmc-dw_mmc-fix-card-threshold-control-configuration.patch
patches.fixes/acpi-nfit-fix-cmd_rc-for-acpi_nfit_ctl-to-always-return-a-value.patch
+ patches.fixes/nfit-fix-unchecked-dereference-in-acpi_nfit_ctl.patch
patches.suse/0001-btrfs-scrub-Don-t-use-inode-page-cache-in-scrub_hand.patch
patches.drivers/cxgb4-assume-flash-part-size-to-be-4MB-if-it-can-t-b.patch
patches.drivers/bnxt_en-Fix-inconsistent-BNXT_FLAG_AGG_RINGS-logic.patch