lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAK8P3a0+RKdNj4q3GTh26jrwBkF-BgWiEUuFB4xbh8gZj4Q4-g@mail.gmail.com>
Date:   Wed, 18 Nov 2020 09:14:23 +0100
From:   Arnd Bergmann <arnd@...nel.org>
To:     Nishanth Menon <nm@...com>
Cc:     Naresh Kamboju <naresh.kamboju@...aro.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        linux-mm <linux-mm@...ck.org>, lkft-triage@...ts.linaro.org,
        linux-mmc <linux-mmc@...r.kernel.org>,
        Linus Walleij <linus.walleij@...aro.org>,
        Arnd Bergmann <arnd@...db.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ulf Hansson <ulf.hansson@...aro.org>,
        Linux-OMAP <linux-omap@...r.kernel.org>,
        Liam Girdwood <lgirdwood@...il.com>,
        Mark Brown <broonie@...nel.org>
Subject: Re: [arm] BUG: KASAN: slab-out-of-bounds in memcmp+0x30/0x5c

On Wed, Nov 18, 2020 at 12:24 AM Nishanth Menon <nm@...com> wrote:
> On 16:25-20201117, Arnd Bergmann wrote:
>
> Yes, this was indeed a bug that has been around for some time now :(
>
> I tested with a variant of the above (did'nt like that
> oinfo was being assigned an invalid address)
> Boot log: https://pastebin.ubuntu.com/p/nZfz3HF8N6/ (with the same
> config as in the report): Would you prefer to me to send the following
> as a formal patch?

Awesome, thanks for the new patch and testing it!

Yes, please send this as a proper patch to have it picked up
into the regulator tree as a bugfix.

Reported-by: Naresh Kamboju <naresh.kamboju@...aro.org>
Reviewed-by: Arnd Bergmann <arnd@...db.de>

> diff --git a/drivers/regulator/ti-abb-regulator.c b/drivers/regulator/ti-abb-regulator.c
> index 3e60bff76194..9f0a4d50cead 100644
> --- a/drivers/regulator/ti-abb-regulator.c
> +++ b/drivers/regulator/ti-abb-regulator.c
> @@ -342,8 +342,17 @@ static int ti_abb_set_voltage_sel(struct regulator_dev *rdev, unsigned sel)
>                 return ret;
>         }
>
> -       /* If data is exactly the same, then just update index, no change */
>         info = &abb->info[sel];
> +       /*
> +        * When Linux kernel is starting up, we are'nt sure of the
> +        * Bias configuration that bootloader has configured.
> +        * So, we get to know the actual setting the first time
> +        * we are asked to transition.
> +        */
> +       if (abb->current_info_idx == -EINVAL)
> +               goto just_set_abb;
> +
> +       /* If data is exactly the same, then just update index, no change */
>         oinfo = &abb->info[abb->current_info_idx];
>         if (!memcmp(info, oinfo, sizeof(*info))) {
>                 dev_dbg(dev, "%s: Same data new idx=%d, old idx=%d\n", __func__,
> @@ -351,6 +360,7 @@ static int ti_abb_set_voltage_sel(struct regulator_dev *rdev, unsigned sel)
>                 goto out;
>         }
>
> +just_set_abb:
>         ret = ti_abb_set_opp(rdev, abb, info);
>
>  out:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ