a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fbcd7193c0
android_kernel_samsung_a7y1.../drivers
History
Stephan Gerhold fbcd7193c0 NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error 
[ Upstream commit a71a29f50de1ef97ab55c151a1598eb12dde379d ]

I2C communication errors (-EREMOTEIO) during the IRQ handler of nxp-nci
result in a NULL pointer dereference at the moment:

    BUG: kernel NULL pointer dereference, address: 0000000000000000
    Oops: 0002 [#1] PREEMPT SMP NOPTI
    CPU: 1 PID: 355 Comm: irq/137-nxp-nci Not tainted 5.4.0-rc6 #1
    RIP: 0010:skb_queue_tail+0x25/0x50
    Call Trace:
     nci_recv_frame+0x36/0x90 [nci]
     nxp_nci_i2c_irq_thread_fn+0xd1/0x285 [nxp_nci_i2c]
     ? preempt_count_add+0x68/0xa0
     ? irq_forced_thread_fn+0x80/0x80
     irq_thread_fn+0x20/0x60
     irq_thread+0xee/0x180
     ? wake_threads_waitq+0x30/0x30
     kthread+0xfb/0x130
     ? irq_thread_check_affinity+0xd0/0xd0
     ? kthread_park+0x90/0x90
     ret_from_fork+0x1f/0x40

Afterward the kernel must be rebooted to work properly again.

This happens because it attempts to call nci_recv_frame() with skb == NULL.
However, unlike nxp_nci_fw_recv_frame(), nci_recv_frame() does not have any
NULL checks for skb, causing the NULL pointer dereference.

Change the code to call only nxp_nci_fw_recv_frame() in case of an error.
Make sure to log it so it is obvious that a communication error occurred.
The error above then becomes:

    nxp-nci_i2c i2c-NXP1001:00: NFC: Read failed with error -121
    nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
    nxp-nci_i2c i2c-NXP1001:00: NFC: Read failed with error -121

Fixes: 6be88670fc59 ("NFC: nxp-nci_i2c: Add I2C support to NXP NCI driver")
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-04-07 12:44:04 +02:00
..
accessibility A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
acpi ACPI / APEI: Switch estatus pool to use vmalloc memory 2020-04-07 12:43:08 +02:00
amba A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
android ANDROID: binder: synchronize_rcu() when using POLLFREE. 2020-04-07 08:06:59 +02:00
ata ata: ep93xx: Use proper enums for directions 2020-04-07 12:32:33 +02:00
atm atm: zatm: Fix empty body Clang warnings 2020-04-07 12:35:08 +02:00
auxdisplay A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
base x86/bugs: Add ITLB_MULTIHIT bug infrastructure 2020-04-07 12:00:26 +02:00
battery A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
battery_v2 A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bcma A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
block drbd: fix print_st_err()'s prototype to match the definition 2020-04-07 12:42:27 +02:00
bluetooth Bluetooth: Fix invalid-free in bcsp_close() 2020-04-07 12:36:50 +02:00
bts A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
bus A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ccic A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cdrom cdrom: Fix race condition in cdrom_sysctl_register 2020-04-06 14:51:44 +02:00
char hwrng: stm32 - fix unbalanced pm_runtime_enable 2020-04-07 12:43:44 +02:00
clk clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume 2020-04-07 12:40:49 +02:00
clocksource A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
connector A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cpufreq cpufreq: Add NULL checks to show() and store() methods of cpufreq 2020-04-07 12:37:15 +02:00
cpuidle A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
crypto crypto: mxs-dcp - Fix AES issues 2020-04-07 12:32:55 +02:00
dca A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
devfreq A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
dio A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
dma dmaengine: ioat: fix prototype of ioat_enumerate_channels 2020-04-07 12:32:47 +02:00
dma-buf A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
edac EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec 2020-04-06 19:55:33 +02:00
eisa A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
extcon extcon: arizona: Disable mic detect if running when driver is removed 2020-04-06 18:19:23 +02:00
fingerprint A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
firewire A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
firmware gsmi: Fix bug in append_to_eventlog sysfs handler 2020-04-07 12:34:33 +02:00
five A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
fmc A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
fpga A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
gator A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
gpio gpio: syscon: Fix possible NULL ptr usage 2020-04-07 12:33:18 +02:00
gps A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
gpu drm/i915/cmdparser: Fix jump whitelist clearing 2020-04-07 11:59:34 +02:00
gud A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hid HID: core: check whether Usage Page item is after Usage ID items 2020-04-07 12:43:42 +02:00
hsi A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hv A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hwmon hwmon: (pwm-fan) Silence error on probe deferral 2020-04-07 12:33:24 +02:00
hwspinlock A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hwtracing stm class: Fix a double free of stm_source_device 2020-04-06 21:33:50 +02:00
i2c i2c: riic: Clear NACK in tend isr 2020-04-07 07:41:06 +02:00
ide A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
idle A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
iio iio: dac: mcp4922: fix error handling in mcp4922_write_raw 2020-04-07 12:26:37 +02:00
infiniband RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer 2020-04-07 12:42:09 +02:00
input parisc: Fix HP SDC hpa address output 2020-04-07 12:41:10 +02:00
iommu iommu/amd: Move iommu_init_pci() to .init section 2020-04-06 20:50:24 +02:00
ipack A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
irqchip irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices 2020-04-07 07:36:50 +02:00
isdn mISDN: Fix type of switch control variable in ctrl_teimanager 2020-04-07 12:35:21 +02:00
leds leds: leds-lp5562 allow firmware files up to the maximum length 2020-04-07 07:37:48 +02:00
lguest A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
lightnvm A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
macintosh macintosh/windfarm_smu_sat: Fix debug output 2020-04-07 12:35:02 +02:00
mailbox mailbox: handle failed named mailbox channel request 2020-04-06 20:13:46 +02:00
mcb A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
md dm: use blk_set_queue_dying() in __dm_destroy() 2020-04-07 12:36:54 +02:00
media media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE 2020-04-07 12:43:22 +02:00
memory memory: tegra: Fix integer overflow on tick value calculation 2020-04-06 18:14:02 +02:00
memstick memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' 2020-04-07 09:27:02 +02:00
message A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mfd mfd: max8997: Enale irq-wakeup unconditionally 2020-04-07 12:35:27 +02:00
misc mei: bus: prefix device names on bus with the bus name 2020-04-07 12:43:20 +02:00
mmc mmc: block: Fix tag condition with packed writes 2020-04-07 12:37:02 +02:00
motor A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
mtd mtd: Remove a debug trace in mtdpart.c 2020-04-07 12:43:14 +02:00
muic A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
net slip: Fix use-after-free Read in slip_open 2020-04-07 12:43:32 +02:00
nfc NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error 2020-04-07 12:44:04 +02:00
ntb ntb: intel: fix return value for ndev_vec_mask() 2020-04-07 12:36:03 +02:00
nubus A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
nvdimm libnvdimm/btt: Fix a kmemdup failure check 2020-04-06 16:43:30 +02:00
nvme A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
nvmem nvmem: core: return error code instead of NULL from nvmem_device_get 2020-04-07 12:27:36 +02:00
of of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC 2020-04-07 12:27:09 +02:00
oprofile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
parisc parisc: Disable HP HSC-PCI Cards to prevent kernel crash 2020-04-07 07:39:52 +02:00
parport parport: Fix mem leak in parport_register_dev_model 2020-04-06 19:16:22 +02:00
pci PCI: keystone: Use quirk to limit MRRS for K2G 2020-04-07 12:36:44 +02:00
pcmcia A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
perf A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
phy phy: renesas: rcar-gen2: Fix memory leak at error paths 2020-04-06 20:06:04 +02:00
pinctrl pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 2020-04-07 12:41:49 +02:00
platform platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer 2020-04-07 12:43:46 +02:00
pnp A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
power PM / AVS: SmartReflex: NULL check before some freeing functions is not needed 2020-04-07 12:41:14 +02:00
powercap A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pps drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl 2020-04-06 20:26:27 +02:00
ps3 A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ptp A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pwm pwm: Clear chip_data in pwm_put() 2020-04-07 12:43:26 +02:00
rapidio A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ras A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
regulator regulator: tps65910: fix a missing check of return value 2020-04-07 12:42:28 +02:00
remoteproc A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
reset A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
rpmsg A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
rtc rtc: s35390a: Change buf's type to u8 in s35390a_init 2020-04-07 12:35:19 +02:00
s390 s390/qeth: invoke softirqs after napi_schedule() 2020-04-07 12:28:24 +02:00
sbus A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
scsi scsi: libsas: Check SMP PHY control function result 2020-04-07 12:43:10 +02:00
security/samsung/icdrv A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sensorhub A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sensors A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sfi A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sh A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sn A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
soc soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher 2020-04-06 19:02:13 +02:00
spi spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch 2020-04-07 12:36:46 +02:00
spmi A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ssb ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit 2020-04-06 18:15:20 +02:00
staging staging: rtl8192e: fix potential use after free 2020-04-07 12:43:16 +02:00
switch A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
target scsi: target: core: Do not overwrite CDB byte 1 2020-04-07 09:29:07 +02:00
tc A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tee A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
thermal thermal: rcar_thermal: Prevent hardware access during system suspend 2020-04-07 12:35:31 +02:00
thunderbolt thunderbolt: Use 32-bit writes when writing ring producer/consumer 2020-04-07 09:27:58 +02:00
trace A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
tty serial: ifx6x60: add missed pm_runtime_disable 2020-04-07 12:44:00 +02:00
uh A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
uio A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
usb usb: gadget: u_serial: add missing port entry locking 2020-04-07 12:43:52 +02:00
uwb A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vfio vfio/pci: Fix potential memory leak in vfio_msi_cap_len 2020-04-07 12:29:30 +02:00
vhost vhost: make sure log_num < in_num 2020-04-06 21:35:05 +02:00
video backlight: lm3639: Unconditionally call led_classdev_unregister 2020-04-07 12:33:07 +02:00
virt drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl 2020-04-06 17:01:49 +02:00
virtio A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vision A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vlynq A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vme A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
w1 w1: fix the resume command API 2020-04-06 18:15:45 +02:00
watchdog watchdog: bcm2835_wdt: Fix module autoload 2020-04-06 21:33:14 +02:00
xen xen/pciback: Check dev_data before using it 2020-04-07 12:41:44 +02:00
zorro A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Kconfig A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Makefile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30