mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-19 17:11:03 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/tty/serial
History
Macpaul Lin dada6a43b0 kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() 
This patch is trying to fix KE issue due to
"BUG: KASAN: global-out-of-bounds in param_set_kgdboc_var+0x194/0x198"
reported by Syzkaller scan."

[26364:syz-executor0][name:report8t]BUG: KASAN: global-out-of-bounds in param_set_kgdboc_var+0x194/0x198
[26364:syz-executor0][name:report&]Read of size 1 at addr ffffff900e44f95f by task syz-executor0/26364
[26364:syz-executor0][name:report&]
[26364:syz-executor0]CPU: 7 PID: 26364 Comm: syz-executor0 Tainted: G W 0
[26364:syz-executor0]Call trace:
[26364:syz-executor0][<ffffff9008095cf8>] dump_bacIctrace+Ox0/0x470
[26364:syz-executor0][<ffffff9008096de0>] show_stack+0x20/0x30
[26364:syz-executor0][<ffffff90089cc9c8>] dump_stack+Oxd8/0x128
[26364:syz-executor0][<ffffff90084edb38>] print_address_description +0x80/0x4a8
[26364:syz-executor0][<ffffff90084ee270>] kasan_report+Ox178/0x390
[26364:syz-executor0][<ffffff90084ee4a0>] _asan_report_loadi_noabort+Ox18/0x20
[26364:syz-executor0][<ffffff9008b092ac>] param_set_kgdboc_var+Ox194/0x198
[26364:syz-executor0][<ffffff900813af64>] param_attr_store+Ox14c/0x270
[26364:syz-executor0][<ffffff90081394c8>] module_attr_store+0x60/0x90
[26364:syz-executor0][<ffffff90086690c0>] sysfs_kl_write+Ox100/0x158
[26364:syz-executor0][<ffffff9008666d84>] kernfs_fop_write+0x27c/0x3a8
[26364:syz-executor0][<ffffff9008508264>] do_loop_readv_writev+0x114/0x1b0
[26364:syz-executor0][<ffffff9008509ac8>] do_readv_writev+0x4f8/0x5e0
[26364:syz-executor0][<ffffff9008509ce4>] vfs_writev+0x7c/Oxb8
[26364:syz-executor0][<ffffff900850ba64>] SyS_writev+Oxcc/0x208
[26364:syz-executor0][<ffffff90080883f0>] elO_svc_naked +0x24/0x28
[26364:syz-executor0][name:report&]
[26364:syz-executor0][name:report&]The buggy address belongs to the variable:
[26364:syz-executor0][name:report&] kgdb_tty_line+Ox3f/0x40
[26364:syz-executor0][name:report&]
[26364:syz-executor0][name:report&]Memory state around the buggy address:
[26364:syz-executor0] ffffff900e44f800: 00 00 00 00 00 04 fa fa fa fa fa fa 00 fa fa fa
[26364:syz-executor0] ffffff900e44f880: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa
[26364:syz-executor0]> ffffff900e44f900: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00
[26364:syz-executor0][name:report&]                                       ^
[26364:syz-executor0] ffffff900e44f980: 00 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa
[26364:syz-executor0] ffffff900e44fa00: 04 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa
[26364:syz-executor0][name:report&]
[26364:syz-executor0][name:panic&]Disabling lock debugging due to kernel taint
[26364:syz-executor0]------------[cut here]------------

After checking the source code, we've found there might be an out-of-bounds
access to "config[len - 1]" array when the variable "len" is zero.

Signed-off-by: Macpaul Lin <macpaul@gmail.com>
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-12-06 15:59:07 +01:00
..
8250 tty: serial: 8250_mtk: always resume the device in probe. 2018-12-05 11:31:21 +01:00
cpm_uart mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
jsm tty: serial: jsm: remove redundant pointer ch 2018-07-13 15:36:32 +02:00
21285.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
altera_jtaguart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
altera_uart.c serial: altera: set RRDY flag also without irq 2018-02-28 13:30:09 +01:00
amba-pl010.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
amba-pl011.c tty: pl011: Avoid spuriously stuck-off interrupts 2018-05-14 13:41:05 +02:00
amba-pl011.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
apbuart.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
apbuart.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ar933x_uart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
arc_uart.c serial: arc_uart: Fix out-of-bounds access through DT alias 2018-02-28 15:29:59 +01:00
atmel_serial.c tty/serial: atmel: add ISO7816 support 2018-10-02 13:38:55 -07:00
atmel_serial.h tty/serial: atmel: add ISO7816 support 2018-10-02 13:38:55 -07:00
bcm63xx_uart.c MIPS changes for 4.15 2017-11-15 11:36:08 -08:00
clps711x.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
digicolor-usart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
dz.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
dz.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
earlycon-arm-semihost.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
earlycon.c earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon 2018-05-14 13:41:05 +02:00
efm32-uart.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
fsl_lpuart.c serial: fsl_lpuart: Remove the alias node dependence 2018-10-10 13:16:48 +02:00
icom.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
icom.h tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
ifx6x60.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ifx6x60.h tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
imx.c Merge 4.19-rc6 into tty-next 2018-09-30 08:11:09 -07:00
ioc3_serial.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
ioc4_serial.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
ip22zilog.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
ip22zilog.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig tty/serial: atmel: Change the driver to work under at91-usart MFD 2018-09-10 16:12:43 +01:00
kgdb_nmi.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
kgdboc.c kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() 2018-12-06 15:59:07 +01:00
lantiq.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
lpc32xx_hs.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
Makefile TTY/Serial driver patches for 4.17-rc1 2018-04-04 18:43:49 -07:00
max310x.c serial: max310x: Check the clock readiness 2018-06-28 21:07:54 +09:00
max3100.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
mcf.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
men_z135_uart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
meson_uart.c tty: serial: meson: fix typo in the "stop bit" register definition 2017-11-28 15:32:33 +01:00
mpc52xx_uart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
mps2-uart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
mpsc.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
msm_serial.c tty: serial: msm_serial: Add __maybe_unused to suspend/resume callbacks 2018-05-14 13:41:05 +02:00
mux.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
mvebu-uart.c serial: mvebu-uart: Fix reporting of effective CSIZE to userspace 2018-09-18 15:22:15 +02:00
mxs-auart.c serial: mxs-auart: Fix potential infinite loop 2018-09-18 16:07:24 +02:00
netx-serial.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
omap-serial.c tty: omap-serial: Fix initial on-boot RTS GPIO level 2018-01-09 16:45:17 +01:00
owl-uart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
pch_uart.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
pic32_uart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
pic32_uart.h tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
pmac_zilog.c tty: serial: remove set but not used variable 'error' 2018-09-20 13:33:15 +02:00
pmac_zilog.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pnx8xxx_uart.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
pxa.c serial: pxa: Fix an error handling path in 'serial_pxa_probe()' 2018-06-28 21:07:54 +09:00
qcom_geni_serial.c TTY/Serial patches for 4.20-rc1 2018-10-29 10:42:20 -07:00
rp2.c treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
sa1100.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
samsung.c serial: samsung: Enable baud clock for UART reset procedure in resume 2018-09-18 16:07:24 +02:00
samsung.h tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
sb1250-duart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
sc16is7xx.c sc16is7xx: Fix for "Unexpected interrupt: 8" 2018-09-18 16:07:25 +02:00
sccnxp.c headers: separate linux/mod_devicetable.h from linux/platform_device.h 2018-07-07 17:52:26 +02:00
serial-tegra.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
serial_core.c TTY/Serial patches for 4.20-rc1 2018-10-29 10:42:20 -07:00
serial_ks8695.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
serial_mctrl_gpio.c gpiolib: Pass array info to get/set array functions 2018-09-13 11:16:54 +02:00
serial_mctrl_gpio.h tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
serial_txx9.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
sh-sci.c TTY/Serial fixes for 4.20-rc2 2018-11-10 13:32:14 -06:00
sh-sci.h serial: sh-sci: Support for HSCIF RX sampling point adjustment 2018-04-23 10:08:18 +02:00
sirfsoc_uart.c serial: sirf: Fix out-of-bounds access through DT alias 2018-02-28 15:30:00 +01:00
sirfsoc_uart.h tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
sn_console.c TTY: sn_console: Replace spin_is_locked() with spin_trylock() 2018-10-04 11:06:35 -07:00
sprd_serial.c serial: sprd: Fix the indentation issue 2018-09-18 16:07:24 +02:00
st-asc.c tty: serial: simplify getting .drvdata 2018-04-22 17:29:43 +02:00
stm32-usart.c serial: stm32: fix initialization of RS485 mode 2018-03-15 17:39:43 +01:00
stm32-usart.h serial: stm32: add support for RS485 hardware control mode 2018-03-14 13:35:37 +01:00
suncore.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
sunhv.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
sunsab.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
sunsab.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sunsu.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
sunzilog.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
sunzilog.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
timbuart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
timbuart.h tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
uartlite.c tty: serial: uartlite: Use dynamic array for console port 2018-09-18 16:07:24 +02:00
ucc_uart.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
vr41xx_siu.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
vt8500_serial.c tty: serial: Remove redundant license text 2017-11-08 13:08:12 +01:00
xilinx_uartps.c of: base: Change logic in of_alias_get_alias_list() 2018-10-15 16:16:06 +02:00
zs.c tty: add SPDX identifiers to all remaining files in drivers/tty/ 2017-11-08 13:08:12 +01:00
zs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00