projects
/
platform
/
kernel
/
linux-exynos.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
276885f
)
extcon: max77843: add guard element in array
author
Seung-Woo Kim
<sw0312.kim@samsung.com>
Tue, 1 Sep 2015 07:42:44 +0000
(16:42 +0900)
committer
Seung-Woo Kim
<sw0312.kim@samsung.com>
Wed, 14 Dec 2016 04:47:58 +0000
(13:47 +0900)
This patch adds guard element in cable array to check last element.
This fixes following out of bounds access:
==================================================================
BUG: KASan: out of bounds access in extcon_dev_register+0xc0/0x978 at addr
ffffffc001bcc440
Read of size 8 by task swapper/0/1
page:
ffffffbdc086f300
count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x400(reserved)
page dumped because: kasan: bad access detected
Address belongs to variable max77843_extcon_cable+0x60/0xf00
CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.1.0-00839-gb91c2a6-dirty #3
Hardware name: Samsung TM2 board (DT)
Call trace:
[<
ffffffc00008bc58
>] dump_backtrace+0x0/0x1d8
[<
ffffffc00008be40
>] show_stack+0x10/0x20
[<
ffffffc000eee3a4
>] dump_stack+0x80/0xd4
[<
ffffffc00021e4f0
>] kasan_report_error+0x3e0/0x408
[<
ffffffc00021e9ec
>] kasan_report+0x44/0x50
[<
ffffffc00021d2dc
>] __asan_load8+0x94/0xb0
[<
ffffffc000a78904
>] extcon_dev_register+0xbc/0x978
[<
ffffffc000a791f8
>] devm_extcon_dev_register+0x38/0x90
[<
ffffffc000a7cab8
>] max77843_muic_probe+0x1e0/0x5f0
[<
ffffffc0006dc724
>] platform_drv_probe+0x64/0xf8
[<
ffffffc0006d9ae8
>] driver_probe_device+0x1f0/0x3a8
[<
ffffffc0006d9de0
>] __driver_attach+0xc8/0xd0
[<
ffffffc0006d6fac
>] bus_for_each_dev+0xd4/0x138
[<
ffffffc0006d932c
>] driver_attach+0x2c/0x40
[<
ffffffc0006d8dfc
>] bus_add_driver+0x214/0x2e8
[<
ffffffc0006dab40
>] driver_register+0xb0/0x1c0
[<
ffffffc0006dc618
>] __platform_driver_register+0xa8/0xb8
[<
ffffffc00179f6c0
>] max77843_muic_init+0x14/0x20
[<
ffffffc000082ae4
>] do_one_initcall+0xec/0x240
[<
ffffffc001755e50
>] kernel_init_freeable+0x288/0x330
[<
ffffffc000eeab1c
>] kernel_init+0xc/0xf0
Memory state around the buggy address:
ffffffc001bcc300
: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc001bcc380
: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
>
ffffffc001bcc400
: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
^
ffffffc001bcc480
: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc001bcc500
: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
drivers/extcon/extcon-max77843.c
patch
|
blob
|
history
diff --git
a/drivers/extcon/extcon-max77843.c
b/drivers/extcon/extcon-max77843.c
index
85d4e20
..
f6fcaeb
100644
(file)
--- a/
drivers/extcon/extcon-max77843.c
+++ b/
drivers/extcon/extcon-max77843.c
@@
-149,6
+149,7
@@
static const char *max77843_extcon_cable[] = {
[MAX77843_CABLE_JIG_USB_OFF] = "JIG-USB-OFF",
[MAX77843_CABLE_JIG_UART_ON] = "JIG-UART-ON",
[MAX77843_CABLE_JIG_UART_OFF] = "JIG-UART-OFF",
+ NULL,
};
struct max77843_muic_irq {