xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f901b4bfd03ed234f72f28e27d965569531dc505
android_kernel_xiaomi_sm8450/drivers/i2c/busses
History
Zheyu Ma 9ac541a089 i2c: ismt: Fix an out-of-bounds bug in ismt_access() 
[ Upstream commit 39244cc754829bf707dccd12e2ce37510f5b1f8d ]

When the driver does not check the data from the user, the variable
'data->block[0]' may be very large to cause an out-of-bounds bug.

The following log can reveal it:

[   33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20
[   33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA:  WRITE
[   33.996475] ==================================================================
[   33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b
[   33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485
[   33.999450] Call Trace:
[   34.001849]  memcpy+0x20/0x60
[   34.002077]  ismt_access.cold+0x374/0x214b
[   34.003382]  __i2c_smbus_xfer+0x44f/0xfb0
[   34.004007]  i2c_smbus_xfer+0x10a/0x390
[   34.004291]  i2cdev_ioctl_smbus+0x2c8/0x710
[   34.005196]  i2cdev_ioctl+0x5ec/0x74c

Fix this bug by checking the size of 'data->block[0]' first.

Fixes: 13f35ac14c ("i2c: Adding support for Intel iSMT SMBus 2.0 host controller")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-01-14 10:16:00 +01:00
..
i2c-acorn.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
i2c-ali15x3.c
i2c: Use separate MODULE_AUTHOR() statements for multiple authors
2020-07-04 08:25:13 +02:00
i2c-ali1535.c
i2c: Use separate MODULE_AUTHOR() statements for multiple authors
2020-07-04 08:25:13 +02:00
i2c-ali1563.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
i2c-altera.c
i2c: altera: cleanup spinlock
2020-05-20 15:28:03 +02:00
i2c-amd756-s4882.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-amd756.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-amd8111.c
i2c: busses: Use fallthrough pseudo-keyword
2020-07-23 22:04:08 +02:00
i2c-amd-mp2-pci.c
i2c: amd-mp2-pci: Fix Oops in amd_mp2_pci_init() error handling
2020-04-30 16:11:41 +02:00
i2c-amd-mp2-plat.c
i2c: amd_mp2: handle num is 0 input for i2c_amd_xfer
2020-09-21 11:45:43 +02:00
i2c-amd-mp2.h
i2c: Add drivers for the AMD PCIe MP2 I2C controller
2019-03-25 15:21:17 +01:00
i2c-aspeed.c
i2c: aspeed: Mask IRQ status to relevant bits
2020-09-14 08:55:44 +02:00
i2c-at91-core.c
i2c: at91: Send bus clear command if SDA is down
2020-05-05 16:37:21 +02:00
i2c-at91-master.c
i2c: at91: Initialize dma_buf in at91_twi_xfer()
2022-06-09 10:21:19 +02:00
i2c-at91-slave.c
i2c: at91: added slave mode support
2019-03-24 22:41:51 +01:00
i2c-at91.h
i2c: at91: Move to generic GPIO bus recovery
2020-08-05 11:52:27 +02:00
i2c-au1550.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-axxia.c
i2c: busses: remove duplicate dev_err()
2020-04-18 23:42:14 +02:00
i2c-bcm2835.c
i2c: bcm2835: Avoid clock stretching timeouts
2022-03-08 19:09:29 +01:00
i2c-bcm-iproc.c
i2c: iproc: handle master read request
2021-03-04 11:37:53 +01:00
i2c-bcm-kona.c
i2c: busses: remove duplicate dev_err()
2020-04-18 23:42:14 +02:00
i2c-brcmstb.c
i2c: brcmstb: fix support for DSL and CM variants
2022-02-23 12:01:08 +01:00
i2c-cadence.c
i2c: cadence: Support PEC for SMBus block read
2022-08-21 15:15:49 +02:00
i2c-cbus-gpio.c
i2c: cbus-gpio: set atomic transfer callback
2021-12-08 09:03:23 +01:00
i2c-cht-wc.c
i2c: busses: remove duplicate dev_err()
2020-04-18 23:42:14 +02:00
i2c-cpm.c
i2c: cpm: Fix i2c_ram structure
2020-09-27 15:14:16 +02:00
i2c-cros-ec-tunnel.c
i2c: cros-ec-tunnel: Fix ACPI identifier
2020-01-31 09:01:25 +01:00
i2c-davinci.c
i2c: busses: convert to devm_platform_ioremap_resource
2020-04-15 12:09:09 +02:00
i2c-designware-baytrail.c
i2c: designware: Fix spelling typos in the comments
2020-03-21 19:53:08 +01:00
i2c-designware-common.c
i2c: designware: Use standard optional ref clock implementation
2022-06-22 14:13:18 +02:00
i2c-designware-core.h
i2c: designware: Adjust bus speed independently of ACPI
2020-06-23 21:24:33 +02:00
i2c-designware-master.c
i2c: designware: Adjust bus_freq_hz when refuse high speed mode set
2021-04-14 08:42:11 +02:00
i2c-designware-pcidrv.c
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
2022-01-27 10:54:23 +01:00
i2c-designware-platdrv.c
i2c: designware: Use standard optional ref clock implementation
2022-06-22 14:13:18 +02:00
i2c-designware-slave.c
i2c: designware: slave should do WRITE_REQUESTED before WRITE_RECEIVED
2020-11-06 16:02:00 +01:00
i2c-digicolor.c
i2c: busses: Use fallthrough pseudo-keyword
2020-07-23 22:04:08 +02:00
i2c-diolan-u2c.c
i2c: drivers: Use generic definitions for bus frequencies
2020-03-24 22:36:59 +01:00
i2c-dln2.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372
2019-06-05 17:37:10 +02:00
i2c-efm32.c
i2c: efm32: Use devm_platform_get_and_ioremap_resource()
2020-09-29 21:37:46 +02:00
i2c-eg20t.c
i2c: eg20t: use generic power management
2020-08-10 15:47:38 +02:00
i2c-elektor.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-emev2.c
i2c: emev2: add IRQ check
2021-05-14 09:50:37 +02:00
i2c-exynos5.c
i2c: exynos5: Preserve high speed master code
2021-03-04 11:38:20 +01:00
i2c-fsi.c
i2c: fsi: Prevent adding adapters for ports without dts nodes
2020-07-24 21:31:33 +02:00
i2c-gpio.c
i2c: gpio: suppress error on probe defer
2020-03-10 12:31:55 +01:00
i2c-highlander.c
i2c: highlander: add IRQ check
2021-09-15 09:50:36 +02:00
i2c-hix5hd2.c
i2c: hix5hd2: fix IRQ check
2021-09-15 09:50:42 +02:00
i2c-hydra.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-i801.c
i2c: i801: add lis3lv02d's I2C address for Vostro 5568
2022-11-25 17:45:40 +01:00
i2c-ibm_iic.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
i2c-ibm_iic.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
i2c-icy.c
i2c: icy: Fix build with CONFIG_AMIGA_PCMCIA=n
2020-06-07 20:45:24 +02:00
i2c-img-scb.c
i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
2021-05-14 09:50:36 +02:00
i2c-imx-lpi2c.c
i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
2021-05-14 09:50:36 +02:00
i2c-imx.c
i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
2022-12-08 11:23:59 +01:00
i2c-iop3xx.c
i2c: iop3xx: fix deferred probing
2021-09-15 09:50:42 +02:00
i2c-iop3xx.h
Merge branch 'i2c/for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2019-07-15 21:10:39 -07:00
i2c-isch.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
i2c-ismt.c
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
2023-01-14 10:16:00 +01:00
i2c-jz4780.c
i2c: jz4780: add IRQ check
2021-05-14 09:50:37 +02:00
i2c-kempld.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 294
2019-06-05 17:36:38 +02:00
i2c-lpc2k.c
i2c: busses: remove duplicate dev_err()
2020-04-18 23:42:14 +02:00
i2c-meson.c
i2c: meson: Fix wrong speed use from probe
2022-04-08 14:40:22 +02:00
i2c-mlxbf.c
i2c: mlxbf: support lock mechanism
2022-10-26 13:25:22 +02:00
i2c-mlxcpld.c
i2c: mlxcpld: check correct size of maximum RECV_LEN packet
2020-07-04 08:20:38 +02:00
i2c-mpc.c
i2c: mpc: Correct I2C reset procedure
2022-01-27 10:54:21 +01:00
i2c-mt65xx.c
i2c: mediatek: fixing the incorrect register offset
2021-11-18 14:04:22 +01:00
i2c-mt7621.c
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
2022-05-25 09:18:01 +02:00
i2c-mv64xxx.c
i2c: busses: replace spin_lock_irqsave by spin_lock in hard IRQ
2020-09-29 21:40:03 +02:00
i2c-mxs.c
i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK
2020-09-18 23:11:44 +02:00
i2c-nforce2-s4985.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-nforce2.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-nomadik.c
amba: Make the remove callback return void
2022-04-08 14:40:02 +02:00
i2c-npcm7xx.c
i2c: npcm7xx: Fix error handling in npcm_i2c_init()
2022-12-08 11:23:59 +01:00
i2c-nvidia-gpu.c
i2c: nvidia-gpu: Use put_unaligned_be24()
2020-09-21 12:05:40 +02:00
i2c-ocores.c
i2c: ocores: convert to use i2c_new_client_device()
2020-01-15 20:39:26 +01:00
i2c-octeon-core.c
i2c: octeon: check correct size of maximum RECV_LEN packet
2021-01-27 11:55:09 +01:00
i2c-octeon-core.h
i2c: octeon: Prevent error message on bus error
2018-03-02 11:11:15 +01:00
i2c-octeon-platdrv.c
i2c: busses: convert to devm_platform_ioremap_resource
2020-04-15 12:09:09 +02:00
i2c-omap.c
i2c: omap: fix reference leak when pm_runtime_get_sync fails
2021-05-14 09:50:37 +02:00
i2c-opal.c
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
i2c-owl.c
Merge branch 'i2c/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2020-10-21 10:54:05 -07:00
i2c-parport.c
i2c: convert SMBus alert setup function to return an ERRPTR
2020-03-10 12:19:52 +01:00
i2c-pasemi.c
i2c: pasemi: Wait for write xfers to finish
2022-04-20 09:23:30 +02:00
i2c-pca-isa.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-pca-platform.c
i2c: busses: convert to devm_platform_get_and_ioremap_resource
2020-04-15 12:12:52 +02:00
i2c-piix4.c
i2c: piix4: Fix adapter not be removed in piix4_remove()
2022-11-10 18:14:24 +01:00
i2c-pmcmsp.c
Merge branch 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2020-02-07 12:54:13 -08:00
i2c-pnx.c
i2c: Use separate MODULE_AUTHOR() statements for multiple authors
2020-07-04 08:25:13 +02:00
i2c-powermac.c
i2c: powermac: use true,false for bool variable
2020-04-30 16:18:30 +02:00
i2c-pxa-pci.c
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
2023-01-14 10:15:59 +01:00
i2c-pxa.c
i2c: pxa: don't error out if there's no pinctrl
2020-06-03 22:37:37 +02:00
i2c-qcom-cci.c
i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter
2022-10-30 09:41:15 +01:00
i2c-qcom-geni.c
i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops
2021-06-10 13:39:29 +02:00
i2c-qup.c
i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
2020-12-02 16:42:09 +01:00
i2c-rcar.c
i2c: rcar: fix PM ref counts in probe error paths
2022-06-09 10:21:20 +02:00
i2c-riic.c
i2c: drivers: Use generic definitions for bus frequencies
2020-03-24 22:36:59 +01:00
i2c-rk3x.c
i2c: rk3x: Handle a spurious start completion interrupt flag
2021-12-17 10:14:40 +01:00
i2c-robotfuzz-osif.c
i2c: robotfuzz-osif: fix control-request directions
2021-06-30 08:47:25 -04:00
i2c-s3c2410.c
i2c: s3c2410: fix IRQ check
2021-09-15 09:50:42 +02:00
i2c-scmi.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372
2019-06-05 17:37:10 +02:00
i2c-sh7760.c
i2c: sh7760: fix IRQ error path
2021-05-14 09:50:39 +02:00
i2c-sh_mobile.c
i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E
2021-06-03 09:00:39 +02:00
i2c-sibyte.c
i2c: Use separate MODULE_AUTHOR() statements for multiple authors
2020-07-04 08:25:13 +02:00
i2c-simtec.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 235
2019-06-19 17:09:07 +02:00
i2c-sirf.c
i2c: Use separate MODULE_AUTHOR() statements for multiple authors
2020-07-04 08:25:13 +02:00
i2c-sis96x.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-sis630.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-sis5595.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-sprd.c
i2c: sprd: fix reference leak when pm_runtime_get_sync fails
2021-05-14 09:50:37 +02:00
i2c-st.c
Merge branch 'i2c/for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2020-04-02 15:54:13 -07:00
i2c-stm32.c
i2c: stm32: Simplify with dev_err_probe()
2020-09-21 11:45:43 +02:00
i2c-stm32.h
i2c: stm32: Use the correct style for SPDX License Identifier
2019-08-14 14:56:54 +02:00
i2c-stm32f4.c
i2c: stm32: Simplify with dev_err_probe()
2020-09-21 11:45:43 +02:00
i2c-stm32f7.c
i2c: stm32f7: stop dma transfer in case of NACK
2021-12-08 09:03:23 +01:00
i2c-stu300.c
i2c: busses: convert to devm_platform_ioremap_resource
2020-04-15 12:09:09 +02:00
i2c-sun6i-p2wi.c
i2c: busses: remove duplicate dev_err()
2020-04-18 23:42:14 +02:00
i2c-synquacer.c
i2c: synquacer: fix deferred probing
2021-09-15 09:50:41 +02:00
i2c-taos-evm.c
i2c: taos-evm: convert to use i2c_new_client_device()
2020-01-15 20:39:41 +01:00
i2c-tegra-bpmp.c
i2c: bpmp-tegra: Ignore unknown I2C_M flags
2021-01-27 11:54:50 +01:00
i2c-tegra.c
i2c: tegra: Allocate DMA memory for DMA engine
2022-11-25 17:45:40 +01:00
i2c-thunderx-pcidrv.c
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
2022-06-06 08:42:40 +02:00
i2c-tiny-usb.c
i2c: tiny-usb: Correct I2C fault codes.
2020-01-06 15:40:43 +01:00
i2c-uniphier-f.c
i2c: busses: remove duplicate dev_err()
2020-04-18 23:42:14 +02:00
i2c-uniphier.c
i2c: busses: remove duplicate dev_err()
2020-04-18 23:42:14 +02:00
i2c-versatile.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
i2c-via.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157
2019-05-30 11:26:37 -07:00
i2c-viapro.c
i2c: busses: Use fallthrough pseudo-keyword
2020-07-23 22:04:08 +02:00
i2c-viperboard.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
i2c-wmt.c
i2c: drivers: Use generic definitions for bus frequencies
2020-03-24 22:36:59 +01:00
i2c-xgene-slimpro.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13
2019-05-21 11:28:45 +02:00
i2c-xiic.c
i2c: xiic: Add platform module alias
2022-11-10 18:14:23 +01:00
i2c-xlp9xx.c
i2c: xlp9xx: fix main IRQ check
2021-09-15 09:50:44 +02:00
i2c-xlr.c
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
2021-11-18 14:04:25 +01:00
i2c-zx2967.c
i2c: busses: convert to devm_platform_ioremap_resource
2020-04-15 12:09:09 +02:00
Kconfig
i2c: qup: allow COMPILE_TEST
2022-03-08 19:09:30 +01:00
Makefile
i2c: mlxbf: I2C SMBus driver for Mellanox BlueField SoC
2020-09-27 19:58:38 +02:00
scx200_acb.c
i2c: busses: Use fallthrough pseudo-keyword
2020-07-23 22:04:08 +02:00