hdmitx: fix KASAN Bug in store_valid_mode [1/1]
PD#172926: hdmitx: fix KASAN Bug in store_valid_mode
==================================================================
BUG: KASAN: slab-out-of-bounds in store_valid_mode+0x48/0x70
Read of size 32 at addr
ffffffc04a64ef80 by task systemcontrol/2924
CPU: 1 PID: 2924 Comm: systemcontrol Tainted: G O 4.9.113 #7
Hardware name: Amlogic (DT)
Call trace:
[<
ffffff900908ecc0>] dump_backtrace+0x0/0x368
[<
ffffff900908f0cc>] show_stack+0x24/0x30
[<
ffffff900963bdb0>] dump_stack+0xa0/0xc8
[<
ffffff90092ba140>] print_address_description+0x68/0x258
[<
ffffff90092ba694>] kasan_report+0x264/0x338
[<
ffffff90092b8fdc>] check_memory_region+0x12c/0x1c0
[<
ffffff90092b90c4>] __asan_loadN+0x14/0x20
[<
ffffff9009c0c250>] store_valid_mode+0x48/0x70
[<
ffffff9009757104>] dev_attr_store+0x4c/0x68
[<
ffffff90093973b0>] sysfs_kf_write+0x98/0xb8
[<
ffffff9009396134>] kernfs_fop_write+0x12c/0x270
[<
ffffff90092c9870>] __vfs_write+0xd8/0x268
[<
ffffff90092cae30>] vfs_write+0xd8/0x240
[<
ffffff90092ccd74>] SyS_write+0xc4/0x148
[<
ffffff9009083f00>] el0_svc_naked+0x34/0x38
Allocated by task 2924:
save_stack_trace_tsk+0x0/0x268
save_stack_trace+0x24/0x30
kasan_kmalloc+0xd8/0x188
__kmalloc+0x14c/0x2e8
kernfs_fop_write+0x1d0/0x270
__vfs_write+0xd8/0x268
vfs_write+0xd8/0x240
SyS_write+0xc4/0x148
el0_svc_naked+0x34/0x38
Freed by task 2746:
save_stack_trace_tsk+0x0/0x268
save_stack_trace+0x24/0x30
kasan_slab_free+0x88/0x188
kfree+0x80/0x280
selinux_cred_free+0x34/0x50
security_cred_free+0x48/0x70
put_cred_rcu+0x38/0x110
rcu_process_callbacks+0x3b4/0x950
__do_softirq+0x210/0x5ec
The buggy address belongs to the object at
ffffffc04a64ef80
which belongs to the cache kmalloc-64 of size 64
The buggy address is located 0 bytes inside of
64-byte region [
ffffffc04a64ef80,
ffffffc04a64efc0)
The buggy address belongs to the page:
page:
ffffffbf01299380 count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x7ab1600000080(slab)
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffffffc04a64ee80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
ffffffc04a64ef00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>
ffffffc04a64ef80: 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffffffc04a64f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc04a64f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Change-Id: I553bd648453385788899fadf0da9f17817891db2
Signed-off-by: Zongdong Jiao <zongdong.jiao@amlogic.com>
projects / platform / kernel / linux-amlogic.git / commit