Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-22 12:11:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
A mirror of the official Linux kernel repository just in case
1,090,232 Commits 7 Branches 862 Tags 6.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
26ae2c942b
Go to file
Linus Walleij 26ae2c942b usb: isp1760: Fix out-of-bounds array access 
Running the driver through kasan gives an interesting splat:

  BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c
  Read of size 20 at addr f1db2e64 by task swapper/0/1
  (...)
  isp1760_register from isp1760_plat_probe+0x1d8/0x220
  (...)

This happens because the loop reading the regmap fields for the
different ISP1760 variants look like this:

  for (i = 0; i < HC_FIELD_MAX; i++) { ... }

Meaning it expects the arrays to be at least HC_FIELD_MAX - 1 long.

However the arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[],
isp1763_hc_volatile_ranges[] and isp1763_dc_volatile_ranges[] are
dynamically sized during compilation.

Fix this by putting an empty assignment to the [HC_FIELD_MAX]
and [DC_FIELD_MAX] array member at the end of each array.
This will make the array one member longer than it needs to be,
but avoids the risk of overwriting whatever is inside
[HC_FIELD_MAX - 1] and is simple and intuitive to read. Also
add comments explaining what is going on.

Fixes: 1da9e1c068 ("usb: isp1760: move to regmap for register access")
Cc: stable@vger.kernel.org
Cc: Rui Miguel Silva <rui.silva@linaro.org>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Reviewed-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20220516091424.391209-1-linus.walleij@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-05-19 18:10:59 +02:00
arch arm64: dts: qcom: align DWC3 USB interrupts with DT schema 2022-05-05 22:06:44 +02:00
block bfq: Fix warning in bfqq_request_over_limit() 2022-04-29 06:45:37 -06:00
certs Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
crypto for-5.18/64bit-pi-2022-03-25 2022-03-26 12:01:35 -07:00
Documentation thunderbolt: Changes for v5.19 merge window 2022-05-19 18:00:01 +02:00
drivers usb: isp1760: Fix out-of-bounds array access 2022-05-19 18:10:59 +02:00
fs Driver core fixes for 5.18-rc5 2022-04-30 10:24:21 -07:00
include thunderbolt: Changes for v5.19 merge window 2022-05-19 18:00:01 +02:00
init Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
ipc fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
kernel Networking fixes for 5.18-rc5, including fixes from bluetooth, bpf 2022-04-28 12:34:50 -07:00
lib - A fix to disable PCI/MSI[-X] masking for XEN_HVM guests as that is 2022-05-01 10:03:36 -07:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time 2022-04-27 13:28:48 -07:00
net A fix for a NULL dereference that turns out to be easily triggerable 2022-04-29 14:37:35 -07:00
samples dma-mapping updates for Linux 5.18 2022-03-29 08:50:14 -07:00
scripts objtool: Enable unreachable warnings for CLANG LTO 2022-04-19 21:58:48 +02:00
security hardening updates for v5.18-rc1-fix1 2022-03-31 11:43:01 -07:00
sound Linux 5.18-rc5 2022-05-03 16:35:26 +02:00
tools Linux 5.18-rc5 2022-05-03 16:35:26 +02:00
usr Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
virt Merge branch 'kvm-fixes-for-5.18-rc5' into HEAD 2022-04-29 12:39:34 -04:00
.clang-format genirq/msi: Make interrupt allocation less convoluted 2021-12-16 22:22:20 +01:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap mailmap: update Vasily Averin's email address 2022-04-08 14:20:36 -10:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: replace a Microchip AT91 maintainer 2022-02-09 11:30:01 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Revert "usb: misc: Add onboard_usb_hub driver" 2022-05-03 16:48:13 +02:00
Makefile Linux 5.18-rc5 2022-05-01 13:57:58 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.