This patch adds sentinel element to id table to fix following out
of bounds access:
==================================================================
BUG: KASan: out of bounds access in i2c_device_match+0xcc/0xf0 at addr
ffffffc00120ee80
Read of size 1 by task swapper/0/1
page:
ffffffbdc0848380 count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x400(reserved)
page dumped because: kasan: bad access detected
Address belongs to variable sensor_6d1_idt+0x20/0x40
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.1.0-00839-gb91c2a6-dirty #3
Hardware name: Samsung TM2 board (DT)
Call trace:
[<
ffffffc00008bc58>] dump_backtrace+0x0/0x1d8
[<
ffffffc00008be40>] show_stack+0x10/0x20
[<
ffffffc000eee3a4>] dump_stack+0x80/0xd4
[<
ffffffc00021e4f0>] kasan_report_error+0x3e0/0x408
[<
ffffffc00021e9ec>] kasan_report+0x44/0x50
[<
ffffffc00021d8f0>] __asan_load1+0x78/0x80
[<
ffffffc000916b78>] i2c_device_match+0xc8/0xf0
[<
ffffffc0006d9d54>] __driver_attach+0x3c/0xd0
[<
ffffffc0006d6fac>] bus_for_each_dev+0xd4/0x138
[<
ffffffc0006d932c>] driver_attach+0x2c/0x40
[<
ffffffc0006d8dfc>] bus_add_driver+0x214/0x2e8
[<
ffffffc0006dab40>] driver_register+0xb0/0x1c0
[<
ffffffc000917fc0>] i2c_register_driver+0x48/0xc8
[<
ffffffc001795344>] sensor_6d1_load+0x18/0x24
[<
ffffffc000082ae4>] do_one_initcall+0xec/0x240
[<
ffffffc001755e50>] kernel_init_freeable+0x288/0x330
[<
ffffffc000eeab1c>] kernel_init+0xc/0xf0
Memory state around the buggy address:
ffffffc00120ed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fa fa
ffffffc00120ee00: fa fa fa fa 00 00 06 fa fa fa fa fa 00 00 00 00
>
ffffffc00120ee80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
^
ffffffc00120ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc00120ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Change-Id: I9db130c66d2aa884b946e946581e5dc08f8a20ca
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
projects / platform / kernel / linux-exynos.git / commitdiff