projects / firefly-linux-kernel-4.4.55.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e98896a) | patch
regulator: xz3216: Add a sentinel to xz3216_i2c_id[]
authorHuang, Tao <huangtao@rock-chips.com>
Thu, 7 Jul 2016 13:32:56 +0000 (21:32 +0800)
committerHuang, Tao <huangtao@rock-chips.com>
Thu, 7 Jul 2016 13:37:01 +0000 (21:37 +0800)
commite2d506b7eaf3f6835603118d02bfcd9430138864
tree587c45e9f3559376d2a8eedc5630a7e49fcf5e34tree | snapshot
parente98896aaca21071920ced1c425172254f84bad40commit | diff
regulator: xz3216: Add a sentinel to xz3216_i2c_id[]

This patch fix this bug:
BUG: KASAN: global-out-of-bounds in i2c_device_match+0x64/0xa4 at addr ffffff9009046800
Read of size 1 by task swapper/0/1
Address belongs to variable xz3216_i2c_id+0x20/0x2c0
CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.4.14 #21
Hardware name: Rockchip RK3399 Evaluation Board v2 (Android) (DT)
Call trace:
[<ffffff900808b2d8>] dump_backtrace+0x0/0x288
[<ffffff900808b574>] show_stack+0x14/0x1c
[<ffffff90084c16c4>] dump_stack+0xc4/0x100
[<ffffff900823fdd4>] kasan_report+0x36c/0x49c
[<ffffff900823f2e4>] __asan_load1+0x24/0x50
[<ffffff90088f7924>] i2c_device_match+0x64/0xa4
[<ffffff90086829b8>] __device_attach_driver+0x80/0xd8
[<ffffff900868064c>] bus_for_each_drv+0xf8/0x12c
[<ffffff900868232c>] __device_attach+0x114/0x1a4
[<ffffff9008682b9c>] device_initial_probe+0x10/0x18
[<ffffff9008680904>] bus_probe_device+0x50/0xe8
[<ffffff900867ee14>] device_add+0x5f8/0x774
[<ffffff900867efac>] device_register+0x1c/0x28
[<ffffff90088f7dd0>] i2c_new_device+0x258/0x2a4
[<ffffff90088f853c>] i2c_register_adapter+0x4b4/0x600
[<ffffff90088f8700>] __i2c_add_numbered_adapter+0x78/0x88
[<ffffff90088f8d9c>] i2c_add_adapter+0x50/0xcc
[<ffffff9008900c1c>] rk3x_i2c_probe+0x460/0x4fc
[<ffffff9008684fac>] platform_drv_probe+0x70/0xc8
[<ffffff9008682648>] driver_probe_device+0x16c/0x364
[<ffffff90086828d4>] __driver_attach+0x94/0xc8
[<ffffff9008680010>] bus_for_each_dev+0xe0/0x11c
[<ffffff9008682bd4>] driver_attach+0x30/0x3c
[<ffffff9008680ca8>] bus_add_driver+0x160/0x294
[<ffffff9008683edc>] driver_register+0x10c/0x168
[<ffffff9008685e34>] __platform_driver_register+0x7c/0x88
[<ffffff90095da854>] rk3x_i2c_driver_init+0x18/0x20
[<ffffff90095a4df0>] do_one_initcall+0x168/0x220
[<ffffff90095a5078>] kernel_init_freeable+0x1d0/0x274
[<ffffff9008ec5f40>] kernel_init+0x10/0x108
[<ffffff9008084cd0>] ret_from_fork+0x10/0x40
Memory state around the buggy address:
 ffffff9009046700: fa fa fa fa 00 03 fa fa fa fa fa fa 00 00 00 07
 ffffff9009046780: fa fa fa fa 07 fa fa fa fa fa fa fa 00 00 00 00
>ffffff9009046800: fa fa fa fa 00 01 fa fa fa fa fa fa 00 01 fa fa
                   ^
 ffffff9009046880: fa fa fa fa 04 fa fa fa fa fa fa fa 00 04 fa fa
 ffffff9009046900: fa fa fa fa 00 05 fa fa fa fa fa fa 07 fa fa fa

Change-Id: I624d92b1fefdf87cfb58b9df10db85723b5ed534
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
drivers/regulator/xz3216.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.