From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Cyrus-Session-Id: sloti22d1t05-1164045-1517178390-2-10504788484608530220 X-Sieve: CMU Sieve 3.0 X-Spam-known-sender: no X-Spam-score: 0.0 X-Spam-hits: BAYES_00 -1.9, HEADER_FROM_DIFFERENT_DOMAINS 0.001, RCVD_IN_DNSWL_HI -5, T_RP_MATCHES_RCVD -0.01, LANGUAGES en, BAYES_USED global, SA_VERSION 3.4.0 X-Spam-source: IP='209.132.180.67', Host='vger.kernel.org', Country='US', FromHeader='com', MailFrom='org', XOriginatingCountry='US' X-Spam-charsets: plain='iso-8859-1' X-Resolved-to: greg@kroah.com X-Delivered-to: greg@kroah.com X-Mail-from: stable-owner@vger.kernel.org ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=arctest; t=1517178390; b=UNk7C2FizD6bCTo8XqGS+5oIIhuzXjz+sAJaZrdxKDU+c4E DBxNmIp4idU3uxPVaRsUglIDMu1Z3hdCWjGDvsz+YgbR3Gzijl14gb6OYFd218li wiyNoLri9qHy6U5+lO1vQQl6pHYWoRF7fysGPCyw/m0JeLL1RhwxOfut0LzIMjOS tzjyMcrDz0I0a0oQWFiwfGfuQAu/V8PygryXyd/xooe3ygmmx14pPgwDXCeOyhrz Qs4tYU3d60chM4MSqhLc+9aHjxq5vaAv8XNIP6FSm7ltR+cuUNNDNp5Q7AIUdwRg tBBuv1pdBjsAmpW53jU6dFeEWVptT/+gpbbDFvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=from:to:cc:subject:date:message-id :references:in-reply-to:content-type:content-transfer-encoding :mime-version:sender:list-id; s=arctest; t=1517178390; bh=sddD9J ohxNvFR4O03fz5x3fSTOkSoyBc3OJn9882ndE=; b=JzGMkIrColdzD3Gu8rJlAs cdpKkdOOmbgSv1L9TPsdFrk3PYxPDhS8NEc5+y/XVgp2MPL3mmbIy0XnmKUnTz6N hUBJqaR+XYqNx0BhI/DN8XyM6vY3i8qzQfpX/jpxRGTr682D08TdQA9VEws4uGt/ 9YEPTCnOq7qUKQImZWdAaOVZu9VhZGQL6inDePNsLJC3uMtS1CDsjujoi+F7V9ID LHppesxkXEvZIqR6+SXY+Z5wbXBPWo1xp8Ba1u7TY3kI/ffCYa5W4RnHWLVAnekt CPGl0HrWXBr1A9NgUdrGWBJr0YfpIDQu6BtlA4+oZdLdABmR071CpJBTz45cZXxA == ARC-Authentication-Results: i=1; mx1.messagingengine.com; arc=none (no signatures found); dkim=pass (1024-bit rsa key sha256) header.d=microsoft.com header.i=@microsoft.com header.b=Nziw3Dy1 x-bits=1024 x-keytype=rsa x-algorithm=sha256 x-selector=selector1; dmarc=pass (p=reject,has-list-id=yes,d=none) header.from=microsoft.com; iprev=pass policy.iprev=209.132.180.67 (vger.kernel.org); spf=none smtp.mailfrom=stable-owner@vger.kernel.org smtp.helo=vger.kernel.org; x-aligned-from=fail; x-ptr=pass x-ptr-helo=vger.kernel.org x-ptr-lookup=vger.kernel.org; x-return-mx=pass smtp.domain=vger.kernel.org smtp.result=pass smtp_org.domain=kernel.org smtp_org.result=pass smtp_is_org_domain=no header.domain=microsoft.com header.result=pass header_is_org_domain=yes Authentication-Results: mx1.messagingengine.com; arc=none (no signatures found); dkim=pass (1024-bit rsa key sha256) header.d=microsoft.com header.i=@microsoft.com header.b=Nziw3Dy1 x-bits=1024 x-keytype=rsa x-algorithm=sha256 x-selector=selector1; dmarc=pass (p=reject,has-list-id=yes,d=none) header.from=microsoft.com; iprev=pass policy.iprev=209.132.180.67 (vger.kernel.org); spf=none smtp.mailfrom=stable-owner@vger.kernel.org smtp.helo=vger.kernel.org; x-aligned-from=fail; x-ptr=pass x-ptr-helo=vger.kernel.org x-ptr-lookup=vger.kernel.org; x-return-mx=pass smtp.domain=vger.kernel.org smtp.result=pass smtp_org.domain=kernel.org smtp_org.result=pass smtp_is_org_domain=no header.domain=microsoft.com header.result=pass header_is_org_domain=yes Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751938AbeA1W0Z (ORCPT ); Sun, 28 Jan 2018 17:26:25 -0500 Received: from mail-by2nam01on0099.outbound.protection.outlook.com ([104.47.34.99]:35296 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752479AbeA1W0T (ORCPT ); Sun, 28 Jan 2018 17:26:19 -0500 From: Sasha Levin To: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" CC: Geert Uytterhoeven , Linus Walleij , Sasha Levin Subject: [PATCH AUTOSEL for 4.14 024/100] gpio: 74x164: Fix crash during .remove() Thread-Topic: [PATCH AUTOSEL for 4.14 024/100] gpio: 74x164: Fix crash during .remove() Thread-Index: AQHTmIcB6ATLGTIHhE6DkRUnQ8dqlw== Date: Sun, 28 Jan 2018 22:26:13 +0000 Message-ID: <20180128222547.7398-24-alexander.levin@microsoft.com> References: <20180128222547.7398-1-alexander.levin@microsoft.com> In-Reply-To: <20180128222547.7398-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;MW2PR2101MB1004;7:7nv3HnCVdrEUyFbm9qp7UQX8cqAWp//zr9PHXcUxNNGROXayZPZi/CNJAof1MdKfkKsgiv3JCO/HzkL0VOQXNPQeG99GNSuI+VGVHl2dtlAmk3b5r5jFgZiew92B1kFhQQ1is5NKdTmgiua+ONGd8KAlGQknGZp7v7UFGSn17tKMhpBW1LSNeOFr83COT+cx/1VeKiVup8uhERjmF8ozkWxQO6PHUkB1yKB+Z156yRLs9CT9zNtYDQApGbtOXfZs x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 7e25cdb0-7c2e-4b95-648e-08d5669e24eb x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7193020);SRVR:MW2PR2101MB1004; x-ms-traffictypediagnostic: MW2PR2101MB1004: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(185117386973197); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(61425038)(6040501)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231101)(944501161)(6055026)(61426038)(61427038)(6041288)(20161123564045)(20161123560045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011);SRVR:MW2PR2101MB1004;BCL:0;PCL:0;RULEID:;SRVR:MW2PR2101MB1004; x-forefront-prvs: 05669A7924 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(396003)(376002)(39380400002)(39860400002)(366004)(199004)(189003)(2501003)(6486002)(186003)(110136005)(5660300001)(106356001)(97736004)(68736007)(6512007)(5250100002)(316002)(53936002)(66066001)(99286004)(2950100002)(575784001)(86362001)(54906003)(22452003)(6436002)(26005)(102836004)(59450400001)(25786009)(10090500001)(76176011)(8676002)(10290500003)(14454004)(6506007)(86612001)(8936002)(81156014)(2900100001)(81166006)(1076002)(107886003)(478600001)(3280700002)(2906002)(72206003)(7736002)(305945005)(105586002)(36756003)(3846002)(3660700001)(6116002)(4326008)(22906009)(142923001)(217873001);DIR:OUT;SFP:1102;SCL:1;SRVR:MW2PR2101MB1004;H:MW2PR2101MB1034.namprd21.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; x-microsoft-antispam-message-info: 9iCKhKwF5FMnyAV2YDCf5aPVSzE9PLSfF7m4NWkGC/FelKfq3PueEUfk9/lJPl4zZa06Iiummskze6muumKrZA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7e25cdb0-7c2e-4b95-648e-08d5669e24eb X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2018 22:26:13.1910 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR2101MB1004 Sender: stable-owner@vger.kernel.org X-Mailing-List: stable@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-Mailing-List: linux-kernel@vger.kernel.org List-ID: From: Geert Uytterhoeven [ Upstream commit a158531f3c92467df0e93e000d58185acae78a6e ] Commit 7ebc194d0fd4bb0f ("gpio: 74x164: Introduce 'enable-gpios' property") added a new member gpiod_oe to the end of the struct gen_74x164_chip, after the zero-length buffer array. However, this buffer is a flexible array, allocated together with the structure during .probe(). As the buffer is no longer the last member, writing to it corrupts the newly added member after it. During device removal, the corrupted member will be used as a pointer, leading to a crash. This went unnoticed, as the flexible array was declared as "buffer[0]" instead of "buffer[]", and thus did not trigger a "flexible array member not at end of struct" error from gcc. Move the gpiod_oe field up to fix this, and drop the zero from the array size to prevent future similar bugs. Fixes: 7ebc194d0fd4bb0f ("gpio: 74x164: Introduce 'enable-gpios' property") Signed-off-by: Geert Uytterhoeven Reviewed-by: Fabio Estevam Signed-off-by: Linus Walleij Signed-off-by: Sasha Levin --- drivers/gpio/gpio-74x164.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpio/gpio-74x164.c b/drivers/gpio/gpio-74x164.c index 6b535ec858cc..15a1f4b348c4 100644 --- a/drivers/gpio/gpio-74x164.c +++ b/drivers/gpio/gpio-74x164.c @@ -23,6 +23,7 @@ struct gen_74x164_chip { struct gpio_chip gpio_chip; struct mutex lock; + struct gpio_desc *gpiod_oe; u32 registers; /* * Since the registers are chained, every byte sent will make @@ -31,8 +32,7 @@ struct gen_74x164_chip { * register at the end of the transfer. So, to have a logical * numbering, store the bytes in reverse order. */ - u8 buffer[0]; - struct gpio_desc *gpiod_oe; + u8 buffer[]; }; =20 static int __gen_74x164_write_config(struct gen_74x164_chip *chip) --=20 2.11.0