evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/base
History
Vidyakumar Athota fba97387be ASoC: soundwire: fix out of boundary access issues 
In soundwire read/write commands, register value is defined
as 8 bit but it is accessed through 32 bit pointer which
may cause out of boundary memory access. Fix this issue by
typecast appropriately.

BUG: KASan: out of bounds access in swrm_read+0x1dc/0x30c at
addr ffffffc089871880
Write of size 4 by task kworker/u8:5/236
==addr ffffffc089871880
[<ffffffc00081d174>] swrm_read+0x1d8/0x30c
[<ffffffc000819808>] swr_read+0x5c/0x74
[<ffffffc000741e58>] regmap_swr_read+0xd8/0x11c
[<ffffffc00073a350>] _regmap_raw_read+0x210/0x314
[<ffffffc00073a4b0>] _regmap_bus_read+0x5c/0xb4
[<ffffffc000739548>] _regmap_read+0xe0/0x1ec
[<ffffffc0007396b8>] regmap_read+0x64/0xa8
[<ffffffc000dc9dd4>] snd_soc_component_read+0x34/0x70
[<ffffffc000dc9f44>] snd_soc_read+0x6c/0x94
Memory state around the buggy address:
 ffffffc089871780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffffffc089871800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc

Change-Id: I3c56dffb4ca197e8fc23d54a44282a60254dd001
Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
2016-08-14 23:06:47 -07:00
..
power Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
regmap ASoC: soundwire: fix out of boundary access issues 2016-08-14 23:06:47 -07:00
attribute_container.c
base.h
bus.c
cacheinfo.c cpu/cacheinfo: Fix teardown path 2015-09-17 06:06:54 -07:00
class.c class_find_device: fix reference to argument "match" 2015-09-29 15:23:14 +02:00
component.c
container.c
core.c of: to support binding numa node to specified device in devicetree 2015-10-17 22:11:50 -07:00
cpu.c sched: Add tunables for static cpu and cluster cost 2016-03-23 20:02:27 -07:00
dd.c dd: Invoke one probe retry cycle after every initcall level 2016-03-01 13:00:26 -08:00
devcoredump.c
devres.c devm: make allocations numa aware by default 2015-10-09 17:00:33 -04:00
devtmpfs.c
dma-coherent.c
dma-contiguous.c driver core update for 4.4-rc1 2015-11-04 21:50:37 -08:00
dma-mapping.c common: dma-mapping: Store page array in vm_struct 2016-03-22 11:03:43 -07:00
dma-removed.c mm/memblock: disable local irqs while late memblock changes 2016-05-31 15:26:50 -07:00
driver.c
firmware.c
firmware_class.c firmware_class: fix direct firmware loading API support 2016-03-23 21:24:26 -07:00
hypervisor.c
init.c
isa.c
Kconfig
Makefile drivers: Add dma removed ops 2016-03-22 11:03:40 -07:00
map.c
memory.c drivers/base/memory.c: prohibit offlining of memory blocks with missing sections 2015-12-12 10:15:34 -08:00
module.c
node.c Revert "mm: Check if section present during memory block (un)registering" 2015-10-13 10:57:25 -07:00
pinctrl.c drivers/pinctrl: Add the concept of an "init" state 2015-10-27 11:24:23 +01:00
platform-msi.c irqdomain/msi: Use fwnode instead of of_node 2015-10-13 19:01:25 +02:00
platform.c base/platform: Fix platform drivers with no probe callback 2016-02-17 12:30:55 -08:00
property.c device property: ACPI: Remove unused DMA APIs 2015-11-07 01:29:22 +01:00
soc.c base: soc: siplify ida usage 2015-10-04 19:42:22 +01:00
syscore.c power: Adds functionality to log the last suspend abort reason. 2016-02-16 13:53:38 -08:00
topology.c
transport_class.c