From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Xiaolei Wang <xiaolei.wang@windriver.com>,
Mark Brown <broonie@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.15 29/45] regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
Date: Wed, 21 Sep 2022 17:46:19 +0200 [thread overview]
Message-ID: <20220921153647.853857884@linuxfoundation.org> (raw)
In-Reply-To: <20220921153646.931277075@linuxfoundation.org>
From: Xiaolei Wang <xiaolei.wang@windriver.com>
[ Upstream commit 78e1e867f44e6bdc72c0e6a2609a3407642fb30b ]
The pfuze_chip::regulator_descs is an array of size
PFUZE100_MAX_REGULATOR, the pfuze_chip::pfuze_regulators
is the pointer to the real regulators of a specific device.
The number of real regulator is supposed to be less than
the PFUZE100_MAX_REGULATOR, so we should use the size of
'regulator_num * sizeof(struct pfuze_regulator)' in memcpy().
This fixes the out of bounds access bug reported by KASAN.
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Link: https://lore.kernel.org/r/20220825111922.1368055-1-xiaolei.wang@windriver.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/pfuze100-regulator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/regulator/pfuze100-regulator.c b/drivers/regulator/pfuze100-regulator.c
index aa55cfca9e40..a9a0bd918d1e 100644
--- a/drivers/regulator/pfuze100-regulator.c
+++ b/drivers/regulator/pfuze100-regulator.c
@@ -763,7 +763,7 @@ static int pfuze100_regulator_probe(struct i2c_client *client,
((pfuze_chip->chip_id == PFUZE3000) ? "3000" : "3001"))));
memcpy(pfuze_chip->regulator_descs, pfuze_chip->pfuze_regulators,
- sizeof(pfuze_chip->regulator_descs));
+ regulator_num * sizeof(struct pfuze_regulator));
ret = pfuze_parse_regulators_dt(pfuze_chip);
if (ret)
--
2.35.1
next prev parent reply other threads:[~2022-09-21 15:57 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-21 15:45 [PATCH 5.15 00/45] 5.15.70-rc1 review Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 01/45] drm/tegra: vic: Fix build warning when CONFIG_PM=n Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 02/45] arm64: kexec_file: use more system keyrings to verify kernel image signature Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 03/45] serial: atmel: remove redundant assignment in rs485_config Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 04/45] tty: serial: atmel: Preserve previous USART mode if RS485 disabled Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 05/45] of: fdt: fix off-by-one error in unflatten_dt_nodes() Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 06/45] pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 07/45] pinctrl: qcom: sc8180x: Fix wrong pin numbers Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 08/45] pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH Greg Kroah-Hartman
2022-09-21 15:45 ` [PATCH 5.15 09/45] pinctrl: sunxi: Fix name for A100 R_PIO Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 10/45] NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 11/45] gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 12/45] drm/meson: Correct OSD1 global alpha value Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 13/45] drm/meson: Fix OSD1 RGB to YCbCr coefficient Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 14/45] block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 15/45] parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 16/45] of/device: Fix up of_dma_configure_id() stub Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 17/45] cifs: revalidate mapping when doing direct writes Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 18/45] cifs: dont send down the destination address to sendmsg for a SOCK_STREAM Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 19/45] cifs: always initialize struct msghdr smb_msg completely Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 20/45] parisc: Allow CONFIG_64BIT with ARCH=parisc Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 21/45] tools/include/uapi: Fix <asm/errno.h> for parisc and xtensa Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 22/45] drm/amdgpu: Dont enable LTR if not supported Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 23/45] drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 24/45] drm/amdgpu: move nbio sdma_doorbell_range() into sdma " Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 25/45] binder: remove inaccurate mmap_assert_locked() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 26/45] video: fbdev: i740fb: Error out if pixclock equals zero Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 27/45] arm64: dts: juno: Add missing MHU secure-irq Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 28/45] ASoC: nau8824: Fix semaphore unbalance at error paths Greg Kroah-Hartman
2022-09-21 15:46 ` Greg Kroah-Hartman [this message]
2022-09-21 15:46 ` [PATCH 5.15 30/45] scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 31/45] rxrpc: Fix local destruction being repeated Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 32/45] rxrpc: Fix calc of resend age Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 33/45] wifi: mac80211_hwsim: check length for virtio packets Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 34/45] ALSA: hda/sigmatel: Keep power up while beep is enabled Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 35/45] ALSA: hda/tegra: Align BDL entry to 4KB boundary Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 36/45] net: usb: qmi_wwan: add Quectel RM520N Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 37/45] afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 38/45] MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 39/45] drm/panfrost: devfreq: set opp to the recommended one to configure regulator Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 40/45] mksysmap: Fix the mismatch of L0 symbols in System.map Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 41/45] video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 42/45] net: Find dst with sks xfrm policy not ctl_sk Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 43/45] KVM: SEV: add cache flush to solve SEV cache incoherency issues Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 44/45] cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() Greg Kroah-Hartman
2022-09-21 15:46 ` [PATCH 5.15 45/45] ALSA: hda/sigmatel: Fix unused variable warning for beep power change Greg Kroah-Hartman
2022-09-21 22:55 ` [PATCH 5.15 00/45] 5.15.70-rc1 review Shuah Khan
2022-09-22 4:05 ` Bagas Sanjaya
2022-09-22 10:00 ` Naresh Kamboju
2022-09-22 10:35 ` Sudip Mukherjee (Codethink)
2022-09-22 12:35 ` Sudip Mukherjee
2022-09-23 11:21 ` Greg Kroah-Hartman
2022-09-22 15:21 ` Florian Fainelli
2022-09-22 16:43 ` Guenter Roeck
2022-09-23 11:21 ` Greg Kroah-Hartman
2022-09-23 1:51 ` Ron Economos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220921153647.853857884@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=broonie@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=xiaolei.wang@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox