* [PATCH] regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
@ 2022-04-21 9:03 Wei Yongjun
2022-04-21 9:24 ` Adam Ward
2022-04-21 15:54 ` Mark Brown
0 siblings, 2 replies; 3+ messages in thread
From: Wei Yongjun @ 2022-04-21 9:03 UTC (permalink / raw)
To: linux-kernel
Cc: Wei Yongjun, Support Opensource, Liam Girdwood, Mark Brown,
Adam Ward, Hulk Robot
KASAN report slab-out-of-bounds in __regmap_init as follows:
BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841
Read of size 1 at addr ffff88803678cdf1 by task xrun/9137
CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88
print_report.cold+0xcd/0x69b mm/kasan/report.c:313
kasan_report+0x8e/0xc0 mm/kasan/report.c:491
__regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841
__devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266
__devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394
da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039
i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563
This happend when da9121 device is probe by da9121_i2c_id, but with
invalid dts. Thus, chip->subvariant_id is set to -EINVAL, and later
da9121_assign_chip_model() will access 'regmap' without init it.
Fix it by return -EINVAL from da9121_assign_chip_model() if
'chip->subvariant_id' is invalid.
Fixes: f3fbd5566f6a ("regulator: da9121: Add device variants")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
---
drivers/regulator/da9121-regulator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/da9121-regulator.c b/drivers/regulator/da9121-regulator.c
index eb9df485bd8a..76e0e23bf598 100644
--- a/drivers/regulator/da9121-regulator.c
+++ b/drivers/regulator/da9121-regulator.c
@@ -1030,6 +1030,8 @@ static int da9121_assign_chip_model(struct i2c_client *i2c,
chip->variant_id = DA9121_TYPE_DA9142;
regmap = &da9121_2ch_regmap_config;
break;
+ default:
+ return -EINVAL;
}
/* Set these up for of_regulator_match call which may want .of_map_modes */
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [PATCH] regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
2022-04-21 9:03 [PATCH] regulator: da9121: Fix uninit-value in da9121_assign_chip_model() Wei Yongjun
@ 2022-04-21 9:24 ` Adam Ward
2022-04-21 15:54 ` Mark Brown
1 sibling, 0 replies; 3+ messages in thread
From: Adam Ward @ 2022-04-21 9:24 UTC (permalink / raw)
To: Wei Yongjun, linux-kernel
Cc: Support Opensource, Liam Girdwood, Mark Brown, Adam Ward, Hulk Robot
On 21 April 2022 10:04, Wei Yongjun wrote:
> This happend when da9121 device is probe by da9121_i2c_id, but with
> invalid dts. Thus, chip->subvariant_id is set to -EINVAL, and later
> da9121_assign_chip_model() will access 'regmap' without init it.
>
> Fix it by return -EINVAL from da9121_assign_chip_model() if
> 'chip->subvariant_id' is invalid.
>
> Fixes: f3fbd5566f6a ("regulator: da9121: Add device variants")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: Adam Ward <Adam.Ward.Opensource@diasemi.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
2022-04-21 9:03 [PATCH] regulator: da9121: Fix uninit-value in da9121_assign_chip_model() Wei Yongjun
2022-04-21 9:24 ` Adam Ward
@ 2022-04-21 15:54 ` Mark Brown
1 sibling, 0 replies; 3+ messages in thread
From: Mark Brown @ 2022-04-21 15:54 UTC (permalink / raw)
To: linux-kernel, weiyongjun1
Cc: support.opensource, lgirdwood, Adam.Ward.opensource, hulkci
On Thu, 21 Apr 2022 09:03:35 +0000, Wei Yongjun wrote:
> KASAN report slab-out-of-bounds in __regmap_init as follows:
>
> BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841
> Read of size 1 at addr ffff88803678cdf1 by task xrun/9137
>
> CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
> Call Trace:
> <TASK>
> dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88
> print_report.cold+0xcd/0x69b mm/kasan/report.c:313
> kasan_report+0x8e/0xc0 mm/kasan/report.c:491
> __regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841
> __devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266
> __devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394
> da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039
> i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563
>
> [...]
Applied to
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git for-next
Thanks!
[1/1] regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
commit: bab76514aca36bc513224525d5598da676938218
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying
to this mail.
Thanks,
Mark
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-04-21 15:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-21 9:03 [PATCH] regulator: da9121: Fix uninit-value in da9121_assign_chip_model() Wei Yongjun
2022-04-21 9:24 ` Adam Ward
2022-04-21 15:54 ` Mark Brown
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).