From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Fabrice Gasnier <fabrice.gasnier@foss.st.com>,
William Breathitt Gray <vilhelm.gray@gmail.com>,
Stable@vger.kernel.org,
Jonathan Cameron <Jonathan.Cameron@huawei.com>
Subject: [PATCH 5.4 47/60] counter: stm32-timer-cnt: fix ceiling write max value
Date: Mon, 22 Mar 2021 13:28:35 +0100 [thread overview]
Message-ID: <20210322121923.943439617@linuxfoundation.org> (raw)
In-Reply-To: <20210322121922.372583154@linuxfoundation.org>
From: Fabrice Gasnier <fabrice.gasnier@foss.st.com>
commit e4c3e133294c0a292d21073899b05ebf530169bd upstream.
The ceiling value isn't checked before writing it into registers. The user
could write a value higher than the counter resolution (e.g. 16 or 32 bits
indicated by max_arr). This makes most significant bits to be truncated.
Fix it by checking the max_arr to report a range error [1] to the user.
[1] https://lkml.org/lkml/2021/2/12/358
Fixes: ad29937e206f ("counter: Add STM32 Timer quadrature encoder")
Signed-off-by: Fabrice Gasnier <fabrice.gasnier@foss.st.com>
Acked-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1614696235-24088-1-git-send-email-fabrice.gasnier@foss.st.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/counter/stm32-timer-cnt.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/counter/stm32-timer-cnt.c
+++ b/drivers/counter/stm32-timer-cnt.c
@@ -25,6 +25,7 @@ struct stm32_timer_cnt {
struct regmap *regmap;
struct clk *clk;
u32 ceiling;
+ u32 max_arr;
};
/**
@@ -189,6 +190,9 @@ static ssize_t stm32_count_ceiling_write
if (ret)
return ret;
+ if (ceiling > priv->max_arr)
+ return -ERANGE;
+
/* TIMx_ARR register shouldn't be buffered (ARPE=0) */
regmap_update_bits(priv->regmap, TIM_CR1, TIM_CR1_ARPE, 0);
regmap_write(priv->regmap, TIM_ARR, ceiling);
@@ -366,6 +370,7 @@ static int stm32_timer_cnt_probe(struct
priv->regmap = ddata->regmap;
priv->clk = ddata->clk;
priv->ceiling = ddata->max_arr;
+ priv->max_arr = ddata->max_arr;
priv->counter.name = dev_name(dev);
priv->counter.parent = dev;
next prev parent reply other threads:[~2021-03-22 12:49 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-22 12:27 [PATCH 5.4 00/60] 5.4.108-rc1 review Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 01/60] ASoC: ak4458: Add MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 02/60] ASoC: ak5558: " Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 03/60] ALSA: dice: fix null pointer dereference when node is disconnected Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 04/60] ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 05/60] ALSA: hda: generic: Fix the micmute led init state Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 06/60] ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 07/60] Revert "PM: runtime: Update device status before letting suppliers suspend" Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 08/60] s390/vtime: fix increased steal time accounting Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 09/60] ARM: 9030/1: entry: omit FP emulation for UND exceptions taken in kernel mode Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 10/60] ARM: 9044/1: vfp: use undef hook for VFP support detection Greg Kroah-Hartman
2021-03-22 12:27 ` [PATCH 5.4 11/60] btrfs: fix race when cloning extent buffer during rewind of an old root Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 12/60] btrfs: fix slab cache flags for free space tree bitmap Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 13/60] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 14/60] ASoC: SOF: Intel: unregister DMIC device on probe error Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 15/60] ASoC: SOF: intel: fix wrong poll bits in dsp power down Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 16/60] ASoC: simple-card-utils: Do not handle device clock Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 17/60] afs: Stop listxattr() from listing "afs.*" attributes Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 18/60] nvme: fix Write Zeroes limitations Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 19/60] nvme-tcp: fix possible hang when failing to set io queues Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 20/60] nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 21/60] nvmet: dont check iosqes,iocqes for discovery controllers Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 22/60] nfsd: Dont keep looking up unhashed files in the nfsd file cache Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 23/60] NFSD: Repair misuse of sv_lock in 5.10.16-rt30 Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 24/60] svcrdma: disable timeouts on rdma backchannel Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 25/60] vfio: IOMMU_API should be selected Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 26/60] sunrpc: fix refcount leak for rpc auth modules Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 27/60] net/qrtr: fix __netdev_alloc_skb call Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 28/60] kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL again Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 29/60] riscv: Correct SPARSEMEM configuration Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 30/60] scsi: lpfc: Fix some error codes in debugfs Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 31/60] scsi: myrs: Fix a double free in myrs_cleanup() Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 32/60] counter: stm32-timer-cnt: Report count function when SLAVE_MODE_DISABLED Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 33/60] nvme-rdma: fix possible hang when failing to set io queues Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 34/60] usb-storage: Add quirk to defeat Kindles automatic unload Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 35/60] usbip: Fix incorrect double assignment to udc->ud.tcp_rx Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 36/60] USB: replace hardcode maximum usb string length by definition Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 37/60] usb: gadget: configfs: Fix KASAN use-after-free Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 38/60] usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 39/60] iio:adc:stm32-adc: Add HAS_IOMEM dependency Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 40/60] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 41/60] iio: adis16400: Fix an error code in adis16400_initial_setup() Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 42/60] iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 43/60] iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 44/60] iio: hid-sensor-humidity: Fix alignment issue of timestamp channel Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 45/60] iio: hid-sensor-prox: Fix scale not correct issue Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 46/60] iio: hid-sensor-temperature: Fix issues of timestamp channel Greg Kroah-Hartman
2021-03-22 12:28 ` Greg Kroah-Hartman [this message]
2021-03-22 12:28 ` [PATCH 5.4 48/60] PCI: rpadlpar: Fix potential drc_name corruption in store functions Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 49/60] perf/x86/intel: Fix a crash caused by zero PEBS status Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 50/60] x86/ioapic: Ignore IRQ2 again Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 51/60] kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 52/60] x86: Move TS_COMPAT back to asm/thread_info.h Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 53/60] x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 54/60] ext4: find old entry again if failed to rename whiteout Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 55/60] ext4: do not try to set xattr into ea_inode if value is empty Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 56/60] ext4: fix potential error in ext4_do_update_inode Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 57/60] efi: use 32-bit alignment for efi_guid_t literals Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 58/60] firmware/efi: Fix a use after bug in efi_mem_reserve_persistent Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 59/60] genirq: Disable interrupts for force threaded handlers Greg Kroah-Hartman
2021-03-22 12:28 ` [PATCH 5.4 60/60] x86/apic/of: Fix CPU devicetree-node lookups Greg Kroah-Hartman
2021-03-22 14:35 ` [PATCH 5.4 00/60] 5.4.108-rc1 review Jon Hunter
2021-03-22 18:01 ` Florian Fainelli
2021-03-22 21:53 ` Guenter Roeck
2021-03-23 0:51 ` Samuel Zou
2021-03-23 10:20 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210322121923.943439617@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Jonathan.Cameron@huawei.com \
--cc=fabrice.gasnier@foss.st.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vilhelm.gray@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).