lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <415e6876-9304-9493-369e-d5eca0238bea@gmail.com>
Date:   Thu, 23 Jun 2022 12:03:43 +0300
From:   Matti Vaittinen <mazziesaccount@...il.com>
To:     Aidan MacDonald <aidanmacdonald.0x0@...il.com>, broonie@...nel.org
Cc:     agross@...nel.org, bjorn.andersson@...aro.org,
        srinivas.kandagatla@...aro.org, bgoswami@...eaurora.org,
        gregkh@...uxfoundation.org, rafael@...nel.org,
        cw00.choi@...sung.com, krzysztof.kozlowski@...aro.org,
        b.zolnierkie@...sung.com, myungjoo.ham@...sung.com,
        michael@...le.cc, linus.walleij@...aro.org, brgl@...ev.pl,
        tglx@...utronix.de, maz@...nel.org, lee.jones@...aro.org,
        mani@...nel.org, cristian.ciocaltea@...il.com, wens@...e.org,
        tharvey@...eworks.com, rjones@...eworks.com,
        mazziesaccount@...il.com, orsonzhai@...il.com,
        baolin.wang7@...il.com, zhang.lyra@...il.com,
        jernej.skrabec@...il.com, samuel@...lland.org, lgirdwood@...il.com,
        perex@...ex.cz, tiwai@...e.com, linux-kernel@...r.kernel.org,
        linux-gpio@...r.kernel.org, linux-actions@...ts.infradead.org,
        linux-arm-msm@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-sunxi@...ts.linux.dev,
        alsa-devel@...a-project.org
Subject: Re: [PATCH 02/49] regmap-irq: Fix offset/index mismatch in
 read_sub_irq_data()

On 6/20/22 23:05, Aidan MacDonald wrote:
> We need to divide the sub-irq status register offset by register
> stride to get an index for the status buffer to avoid an out of
> bounds write when the register stride is greater than 1.
> 
> Fixes: a2d21848d921 ("regmap: regmap-irq: Add main status register support")
> Signed-off-by: Aidan MacDonald <aidanmacdonald.0x0@...il.com>
> ---
>   drivers/base/regmap/regmap-irq.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
> index 4f785bc7981c..a6db605707b0 100644
> --- a/drivers/base/regmap/regmap-irq.c
> +++ b/drivers/base/regmap/regmap-irq.c
> @@ -387,6 +387,7 @@ static inline int read_sub_irq_data(struct regmap_irq_chip_data *data,
>   		subreg = &chip->sub_reg_offsets[b];
>   		for (i = 0; i < subreg->num_regs; i++) {
>   			unsigned int offset = subreg->offset[i];
> +			unsigned int index = offset / map->reg_stride;
>   
>   			if (chip->not_fixed_stride)
>   				ret = regmap_read(map,
> @@ -395,7 +396,7 @@ static inline int read_sub_irq_data(struct regmap_irq_chip_data *data,
>   			else
>   				ret = regmap_read(map,
>   						chip->status_base + offset,
> -						&data->status_buf[offset]);
> +						&data->status_buf[index]);
>   
>   			if (ret)
>   				break;

Reviewed-by: Matti Vaittinen <mazziesaccount@...il.com>

-- 
Matti Vaittinen
Linux kernel developer at ROHM Semiconductors
Oulu Finland

~~ When things go utterly wrong vim users can always type :help! ~~

Discuss - Estimate - Plan - Report and finally accomplish this:
void do_work(int time) __attribute__ ((const));

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ