From: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
To: Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Mulu He <muluhe@codeaurora.org>,
Tingwei Zhang <tingwei@codeaurora.org>,
Maxime Coquelin <mcoquelin.stm32@gmail.com>,
Alexandre Torgue <alexandre.torgue@st.com>,
linux-stm32@st-md-mailman.stormreply.com,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Mike Leach <mike.leach@linaro.org>, Leo Yan <leo.yan@linaro.org>
Cc: Rajendra Nayak <rnayak@codeaurora.org>,
Vivek Gautam <vivek.gautam@codeaurora.org>,
Sibi Sankar <sibis@codeaurora.org>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org,
Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>,
stable@vger.kernel.org
Subject: [PATCH] stm class: Fix out of bound access from bitmap allocation
Date: Fri, 5 Apr 2019 17:52:56 +0530 [thread overview]
Message-ID: <20190405122256.27840-1-saiprakash.ranjan@codeaurora.org> (raw)
From: Mulu He <muluhe@codeaurora.org>
Bitmap allocation works on array of unsigned longs and
for stm master allocation when the number of software
channels is 32, 4 bytes are allocated and there is a out of
bound access at the first 8 bytes access of bitmap region.
Fixes: 7bd1d4093c2f ("stm class: Introduce an abstraction for System Trace Module devices")
Signed-off-by: Mulu He <muluhe@codeaurora.org>
Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Cc: stable@vger.kernel.org
---
drivers/hwtracing/stm/core.c | 2 +-
drivers/hwtracing/stm/stm.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index 93ce3aa740a9..21a5838f6e67 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -168,7 +168,7 @@ static int stp_master_alloc(struct stm_device *stm, unsigned int idx)
struct stp_master *master;
size_t size;
- size = ALIGN(stm->data->sw_nchannels, 8) / 8;
+ size = ALIGN(stm->data->sw_nchannels, STM_MASTER_SZ) / STM_MASTER_SZ;
size += sizeof(struct stp_master);
master = kzalloc(size, GFP_ATOMIC);
if (!master)
diff --git a/drivers/hwtracing/stm/stm.h b/drivers/hwtracing/stm/stm.h
index 3569439d53bb..10eac550c75f 100644
--- a/drivers/hwtracing/stm/stm.h
+++ b/drivers/hwtracing/stm/stm.h
@@ -12,6 +12,8 @@
#include <linux/configfs.h>
+#define STM_MASTER_SZ sizeof(unsigned long)
+
struct stp_policy;
struct stp_policy_node;
struct stm_protocol_driver;
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
of Code Aurora Forum, hosted by The Linux Foundation
WARNING: multiple messages have this Message-ID (diff)
From: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
To: Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Mulu He <muluhe@codeaurora.org>,
Tingwei Zhang <tingwei@codeaurora.org>,
Maxime Coquelin <mcoquelin.stm32@gmail.com>,
Alexandre Torgue <alexandre.torgue@st.com>,
linux-stm32@st-md-mailman.stormreply.com,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Mike Leach <mike.leach@linaro.org>, Leo Yan <leo.yan@linaro.org>
Cc: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>,
Rajendra Nayak <rnayak@codeaurora.org>,
linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org, Sibi Sankar <sibis@codeaurora.org>,
Vivek Gautam <vivek.gautam@codeaurora.org>,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH] stm class: Fix out of bound access from bitmap allocation
Date: Fri, 5 Apr 2019 17:52:56 +0530 [thread overview]
Message-ID: <20190405122256.27840-1-saiprakash.ranjan@codeaurora.org> (raw)
From: Mulu He <muluhe@codeaurora.org>
Bitmap allocation works on array of unsigned longs and
for stm master allocation when the number of software
channels is 32, 4 bytes are allocated and there is a out of
bound access at the first 8 bytes access of bitmap region.
Fixes: 7bd1d4093c2f ("stm class: Introduce an abstraction for System Trace Module devices")
Signed-off-by: Mulu He <muluhe@codeaurora.org>
Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Cc: stable@vger.kernel.org
---
drivers/hwtracing/stm/core.c | 2 +-
drivers/hwtracing/stm/stm.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index 93ce3aa740a9..21a5838f6e67 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -168,7 +168,7 @@ static int stp_master_alloc(struct stm_device *stm, unsigned int idx)
struct stp_master *master;
size_t size;
- size = ALIGN(stm->data->sw_nchannels, 8) / 8;
+ size = ALIGN(stm->data->sw_nchannels, STM_MASTER_SZ) / STM_MASTER_SZ;
size += sizeof(struct stp_master);
master = kzalloc(size, GFP_ATOMIC);
if (!master)
diff --git a/drivers/hwtracing/stm/stm.h b/drivers/hwtracing/stm/stm.h
index 3569439d53bb..10eac550c75f 100644
--- a/drivers/hwtracing/stm/stm.h
+++ b/drivers/hwtracing/stm/stm.h
@@ -12,6 +12,8 @@
#include <linux/configfs.h>
+#define STM_MASTER_SZ sizeof(unsigned long)
+
struct stp_policy;
struct stp_policy_node;
struct stm_protocol_driver;
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
of Code Aurora Forum, hosted by The Linux Foundation
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2019-04-05 12:22 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-05 12:22 Sai Prakash Ranjan [this message]
2019-04-05 12:22 ` [PATCH] stm class: Fix out of bound access from bitmap allocation Sai Prakash Ranjan
2019-04-05 13:14 ` David Laight
2019-04-05 13:14 ` David Laight
2019-04-05 13:14 ` David Laight
2019-04-07 4:31 ` Sai Prakash Ranjan
2019-04-07 4:31 ` Sai Prakash Ranjan
2019-04-07 4:31 ` Sai Prakash Ranjan
2019-04-08 10:23 ` Robin Murphy
2019-04-08 10:23 ` Robin Murphy
2019-04-08 10:23 ` Robin Murphy
2019-04-08 10:33 ` David Laight
2019-04-08 10:33 ` David Laight
2019-04-08 10:33 ` David Laight
2019-04-08 10:52 ` Robin Murphy
2019-04-08 10:52 ` Robin Murphy
2019-04-08 10:52 ` Robin Murphy
2019-04-08 11:13 ` David Laight
2019-04-08 11:13 ` David Laight
2019-04-08 11:13 ` David Laight
2019-04-16 15:00 ` Alexander Shishkin
2019-04-16 15:00 ` Alexander Shishkin
2019-04-16 15:00 ` Alexander Shishkin
2019-04-17 3:33 ` Sai Prakash Ranjan
2019-04-17 3:33 ` Sai Prakash Ranjan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190405122256.27840-1-saiprakash.ranjan@codeaurora.org \
--to=saiprakash.ranjan@codeaurora.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexandre.torgue@st.com \
--cc=gregkh@linuxfoundation.org \
--cc=leo.yan@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-stm32@st-md-mailman.stormreply.com \
--cc=mathieu.poirier@linaro.org \
--cc=mcoquelin.stm32@gmail.com \
--cc=mike.leach@linaro.org \
--cc=muluhe@codeaurora.org \
--cc=rnayak@codeaurora.org \
--cc=sibis@codeaurora.org \
--cc=stable@vger.kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=tingwei@codeaurora.org \
--cc=vivek.gautam@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.