lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 3 May 2023 22:14:00 +0300
From:   andy.shevchenko@...il.com
To:     Xiaolei Wang <xiaolei.wang@...driver.com>
Cc:     aisheng.dong@....com, festevam@...il.com, shawnguo@...nel.org,
        ping.bai@....com, kernel@...gutronix.de, linus.walleij@...aro.org,
        shenwei.wang@....com, bartosz.golaszewski@...aro.org,
        peng.fan@....com, linux-gpio@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [v2][PATCH] pinctrl: freescale: Fix a memory out of bounds when
 num_configs is 1

Wed, May 03, 2023 at 09:21:27AM +0800, Xiaolei Wang kirjoitti:
> The config passed in by pad wakeup is 1, When num_configs is 1,
> configs[1] should not be obtained, which will generate the
> following memory out-of-bounds situation:
> 
> BUG: KASAN: stack out of bounds in imx_pinconf_set_scu+0x9c/0x160
>   Read size 8 at address ffff8000104c7558 by task sh/664
>   CPU: 3 PID: 664 Communication: sh Tainted: G WC 6.1.20 #1
>      Hardware name: Freescale i.MX8QM MEK (DT)
>   Call trace:
>     dump_backtrace.part.0+0xe0/0xf0
>     show stack+0x18/0x30
>     dump_stack_lvl+0x64/0x80
>     print report +0x154/0x458
>     kasan_report+0xb8/0x100
>     __asan_load8+0x80/0xac
>     imx_pinconf_set_scu+0x9c/0x160
>     imx_pinconf_set+0x6c/0x214
>     pinconf_set_config+0x68/0x90
>     pinctrl_gpio_set_config+0x138/0x170
>     gpiochip_generic_config+0x44/0x60
>     mxc_gpio_set_pad_wakeup+0x100/0x140
>     mxc_gpio_noirq_suspend+0x50/0x74
>     pm_generic_suspend_noirq+0x4c/0x70
>     genpd_finish_suspend+0x174/0x260
>     genpd_suspend_noirq+0x14/0x20
>     dpm_run_callback.constprop.0+0x48/0xec
>     __device_suspend_noirq+0x1a8/0x370
>     dpm_noirq_suspend_devices+0x1cc/0x320
>     dpm_suspend_noirq+0x7c/0x11c
>     suspend_devices_and_enter+0x27c/0x760
>     pm_suspend+0x36c/0x3e0

I have already pointed out to the documentation in which you may find what to
do to make above better. 

> Fixes: f60c9eac54af ("gpio: mxc: enable pad wakeup on i.MX8x platforms")
> Signed-off-by: Xiaolei Wang <xiaolei.wang@...driver.com>
> ---

Where is the changelog?

-- 
With Best Regards,
Andy Shevchenko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ