Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3931172imm; Mon, 8 Oct 2018 11:53:29 -0700 (PDT) X-Google-Smtp-Source: ACcGV6245/BGCMWQihp3U3R+snI/lIBmAbBHfS/qMBrh4TE8SPxYw9sDE0Y+3NfKYRQLz1947nx7 X-Received: by 2002:a62:18d3:: with SMTP id 202-v6mr20879589pfy.143.1539024809658; Mon, 08 Oct 2018 11:53:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539024809; cv=none; d=google.com; s=arc-20160816; b=rTXpPjeCMZ/TzI4qWs8ThqV5Z4C9gUnTu+M7VELd1i7yXnf1kkP5TO8KaPGCHB7ePp DMNPJb0+ybzz6cR6e+zeXBp9cK7X1lqWeUQ5vRN54FapojDjpNXPPafyrpE4+BqgcDbu YnbtUzIlFUvJ3tAKJ0RYoCwQ7rMpKX/PC8DCg2aDAwWJMvlpTup/YXP9/j0zroiBtTXz beC/MYqgepkP8vyp68kx2U4xabb/AN5dYOGKBAiGMv+BSfg3XBhAlu3omPyOw9HqXLRy 8I3P1rtUtnTeoAupCb7TFBcTbgxJTFkNngP9wByoCu8We93y4X1iUL0EzASpCtCXZYTO V9yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=3alkEOXvoeQhMOFagMzObXQxc5H+rBA0tBwUxN5j1sc=; b=dqckk8nAzIFTiNq7HdE4H+sPe0o9vDfPOA/cJBvcjbNzaXjOp8je06Mqz+JHF0MAeZ iSr5SbRVuGa0UM563cz7qGYVg9x0rkLEv4mR/D3xgHCVm7S2S9YdrjhiS4QL7mQDVv7r sI/9BMcWU1BawskQi2T4BKXqQjYQKvpQ+GzeTB4EejHwWfXXN90HK03/jglStvAhTQgN XGRNlbSrKK/cDGQlHXkxCn15r3VQ4o3qgZsyGdpThc9jniAkucvI494bwaMqIF/5DJVT 0Xh415jIWAkIj+Wtm383ptU2XneR9xBq/9HW/pKBm6tye5DgU73GYpG3Bmxz4EjzeWMR ekGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=atMMzeMr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o18-v6si19327969pfj.25.2018.10.08.11.53.14; Mon, 08 Oct 2018 11:53:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=atMMzeMr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732667AbeJICGN (ORCPT + 99 others); Mon, 8 Oct 2018 22:06:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:56472 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728203AbeJICGN (ORCPT ); Mon, 8 Oct 2018 22:06:13 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BA4E6204FD; Mon, 8 Oct 2018 18:53:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539024785; bh=xcOoiDSiWjaV57vzMPQTMGab1X+3cwHU6eHzDKhHkT0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=atMMzeMrQ/M1utv3PSF52Qk0fthgV3/LHH6bVMEAsqAJ1q42uoEs7H2wZYUJDQhCR zWSZAqu7dy4PisJGLAhHttQPCOuuEmyaMOnFT4G2hXS026vwPDx+hNsG0iRWJaf+b0 LV5bb6nvnNB73P034ZxOLdRl+Y0+MT3OigkMULvc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Rishabh Bhatnagar , Bjorn Andersson , "Rafael J. Wysocki" Subject: [PATCH 4.18 153/168] firmware: Always initialize the fw_priv list object Date: Mon, 8 Oct 2018 20:32:13 +0200 Message-Id: <20181008175625.856811105@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20181008175620.043587728@linuxfoundation.org> References: <20181008175620.043587728@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Bjorn Andersson commit 7012040576c6ae25a47035659ee48673612c2c27 upstream. When freeing the fw_priv the item is taken off the list. This causes an oops in the FW_OPT_NOCACHE case as the list object is not initialized. Make sure to initialize the list object regardless of this flag. Fixes: 422b3db2a503 ("firmware: Fix security issue with request_firmware_into_buf()") Cc: stable@vger.kernel.org Cc: Rishabh Bhatnagar Signed-off-by: Bjorn Andersson Reviewed-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman --- drivers/base/firmware_loader/main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -226,8 +226,11 @@ static int alloc_lookup_fw_priv(const ch } tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp && !(opt_flags & FW_OPT_NOCACHE)) - list_add(&tmp->list, &fwc->head); + if (tmp) { + INIT_LIST_HEAD(&tmp->list); + if (!(opt_flags & FW_OPT_NOCACHE)) + list_add(&tmp->list, &fwc->head); + } spin_unlock(&fwc->lock); *fw_priv = tmp;