From: Yang Yingliang <yangyingliang@huawei.com>
To: <linux-kernel@vger.kernel.org>
Cc: <broonie@kernel.org>, <lgirdwood@gmail.com>
Subject: [PATCH] regulator: rt5759: fix OOB in validate_desc()
Date: Wed, 16 Nov 2022 17:29:43 +0800 [thread overview]
Message-ID: <20221116092943.1668326-1-yangyingliang@huawei.com> (raw)
I got the following OOB report:
BUG: KASAN: slab-out-of-bounds in validate_desc+0xba/0x109
Read of size 8 at addr ffff888107db8ff0 by task python3/253
Call Trace:
<TASK>
dump_stack_lvl+0x67/0x83
print_report+0x178/0x4b0
kasan_report+0x90/0x190
validate_desc+0xba/0x109
gpiod_set_value_cansleep+0x40/0x5a
regulator_ena_gpio_ctrl+0x93/0xfc
_regulator_do_enable.cold.61+0x89/0x163
set_machine_constraints+0x140a/0x159c
regulator_register.cold.73+0x762/0x10cd
devm_regulator_register+0x57/0xb0
rt5759_probe+0x3a0/0x4ac [rt5759_regulator]
The desc used in validate_desc() is passed from 'reg_cfg.ena_gpiod',
which is not initialized. Fix this by initializing 'reg_cfg' to 0.
Fixes: 7b36ddb208bd ("regulator: rt5759: Add support for Richtek RT5759 DCDC converter")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
drivers/regulator/rt5759-regulator.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/regulator/rt5759-regulator.c b/drivers/regulator/rt5759-regulator.c
index 6b96899eb27e..8488417f4b2c 100644
--- a/drivers/regulator/rt5759-regulator.c
+++ b/drivers/regulator/rt5759-regulator.c
@@ -243,6 +243,7 @@ static int rt5759_regulator_register(struct rt5759_priv *priv)
if (priv->chip_type == CHIP_TYPE_RT5759A)
reg_desc->uV_step = RT5759A_STEP_UV;
+ memset(®_cfg, 0, sizeof(reg_cfg));
reg_cfg.dev = priv->dev;
reg_cfg.of_node = np;
reg_cfg.init_data = of_get_regulator_init_data(priv->dev, np, reg_desc);
--
2.25.1
next reply other threads:[~2022-11-16 9:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 9:29 Yang Yingliang [this message]
2022-11-16 13:14 ` [PATCH] regulator: rt5759: fix OOB in validate_desc() Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221116092943.1668326-1-yangyingliang@huawei.com \
--to=yangyingliang@huawei.com \
--cc=broonie@kernel.org \
--cc=lgirdwood@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.