| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 May 2020 23:47:26 +0200
From: Jens Thoms Toerring <jt@...rring.de>
To: Mark Brown <broonie@...nel.org>, linux-kernel@...r.kernel.org
Subject: [PATCH v2] regmap: fix alignment issues
The assembly and disassembly of data to be sent to or received from a
device invoke functions (regmap_format_XXX() and regmap_parse_XXX())
that extract or insert data items into a buffer. In some cases these
functions are invoked with buffer pointers with odd addresses but try
to directly assign from or to those address. On architectures with
strict alignment requirements this leads to kernel crashes for u16 and
u32 values. The assignments have are replaced by memcpy() calls.
Signed-off-by: Jens Thoms Toerring <jt@...rring.de>
---
drivers/base/regmap/regmap.c | 40 ++++++++++++++++++++++++----------------
1 file changed, 24 insertions(+), 16 deletions(-)
diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index 58cfb32..d495ce1 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -193,15 +193,17 @@ static void regmap_format_8(void *buf, unsigned int val, unsigned int shift)
static void regmap_format_16_be(void *buf, unsigned int val, unsigned int shift)
{
- __be16 *b = buf;
+ __be16 v = cpu_to_be16(val << shift);
- b[0] = cpu_to_be16(val << shift);
+ memcpy(buf, &v, sizeof(v));
}
static void regmap_format_16_native(void *buf, unsigned int val,
unsigned int shift)
{
- *(u16 *)buf = val << shift;
+ u16 v = val << shift;
+
+ memcpy(buf, &v, sizeof(v));
}
static void regmap_format_24(void *buf, unsigned int val, unsigned int shift)
@@ -217,15 +219,17 @@ static void regmap_format_24(void *buf, unsigned int val, unsigned int shift)
static void regmap_format_32_be(void *buf, unsigned int val, unsigned int shift)
{
- __be32 *b = buf;
+ __be32 v = cpu_to_be32(val << shift);
- b[0] = cpu_to_be32(val << shift);
+ memcpy(buf, &v, sizeof(v));
}
static void regmap_format_32_native(void *buf, unsigned int val,
unsigned int shift)
{
- *(u32 *)buf = val << shift;
+ u32 v = val << shift;
+
+ memcpy(buf, &v, sizeof(v));
}
static unsigned int regmap_parse_8(void *buf)
@@ -237,16 +241,18 @@ static unsigned int regmap_parse_8(void *buf)
static unsigned int regmap_parse_16_be(void *buf)
{
- __be16 *b = buf;
+ __be16 v;
- b[0] = be16_to_cpu(b[0]);
-
- return b[0];
+ memcpy(&v, buf, sizeof(v));
+ return be16_to_cpu(v);
}
static unsigned int regmap_parse_16_native(void *buf)
{
- return *(u16 *)buf;
+ u16 v;
+
+ memcpy(&v, buf, sizeof(v));
+ return v;
}
static unsigned int regmap_parse_24(void *buf)
@@ -261,16 +267,18 @@ static unsigned int regmap_parse_24(void *buf)
static unsigned int regmap_parse_32_be(void *buf)
{
- __be32 *b = buf;
-
- b[0] = be32_to_cpu(b[0]);
+ __be32 v;
- return b[0];
+ memcpy(&v, buf, sizeof(v));
+ return be32_to_cpu(v);
}
static unsigned int regmap_parse_32_native(void *buf)
{
- return *(u32 *)buf;
+ u32 v;
+
+ memcpy(&v, buf, sizeof(v));
+ return v;
}
static void regmap_lock_mutex(void *__map)
--
1.9.1
Powered by blists - more mailing lists