superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Linux kernel source tree
1,136,978 Commits
1 Branch
913 Tags
8.3 GiB
C 97.1%
Assembly 1%
Shell 0.6%
Rust 0.4%
Python 0.4%
Other 0.3%
 
 
 
 
 
 
Go to file
Zheyu Ma 39244cc754 i2c: ismt: Fix an out-of-bounds bug in ismt_access() 
When the driver does not check the data from the user, the variable
'data->block[0]' may be very large to cause an out-of-bounds bug.

The following log can reveal it:

[   33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20
[   33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA:  WRITE
[   33.996475] ==================================================================
[   33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b
[   33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485
[   33.999450] Call Trace:
[   34.001849]  memcpy+0x20/0x60
[   34.002077]  ismt_access.cold+0x374/0x214b
[   34.003382]  __i2c_smbus_xfer+0x44f/0xfb0
[   34.004007]  i2c_smbus_xfer+0x10a/0x390
[   34.004291]  i2cdev_ioctl_smbus+0x2c8/0x710
[   34.005196]  i2cdev_ioctl+0x5ec/0x74c

Fix this bug by checking the size of 'data->block[0]' first.

Fixes: 13f35ac14c ("i2c: Adding support for Intel iSMT SMBus 2.0 host controller")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
 		2022-12-07 21:27:08 +01:00
Documentation dt-bindings: i2c: qcom-geni: document I2C Master Hub serial I2C engine 2022-12-05 09:30:00 +01:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
arch - Rename a perf memory level event define to denote it is of CXL type 2022-10-30 09:49:18 -07:00
block block-6.1-2022-10-28 2022-10-29 18:06:52 -07:00
certs certs: make system keyring depend on built-in x509 parser 2022-09-24 04:31:18 +09:00
crypto treewide: use get_random_bytes() when possible 2022-10-11 17:42:58 -06:00
drivers i2c: ismt: Fix an out-of-bounds bug in ismt_access() 2022-12-07 21:27:08 +01:00
fs 3 cifs/smb3 fixes (also for stable) 2022-10-30 09:40:04 -07:00
include Merge branch 'i2c/client_device_id_helper-immutable' into i2c/for-mergewindow 2022-11-14 20:51:06 +01:00
init init: Kconfig: fix spelling mistake "satify" -> "satisfy" 2022-10-20 21:27:22 -07:00
io_uring io_uring: unlock if __io_run_local_work locked inside 2022-10-27 09:52:12 -06:00
ipc ipc/msg.c: fix percpu_counter use after free 2022-10-28 13:37:22 -07:00
kernel - Rename a perf memory level event define to denote it is of CXL type 2022-10-30 09:49:18 -07:00
lib 23 hotfixes. 2022-10-29 17:49:33 -07:00
mm mmap: fix remap_file_pages() regression 2022-10-28 13:37:23 -07:00
net kcm: do not sense pfmemalloc status in kcm_sendpage() 2022-10-27 11:25:13 -07:00
rust Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
samples VFIO updates for v6.1-rc1 2022-10-12 14:46:48 -07:00
scripts Kbuild fixes for v6.1 2022-10-16 11:12:22 -07:00
security selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() 2022-10-19 09:55:53 -04:00
sound ALSA: aoa: Fix I2S device accounting 2022-10-27 08:53:08 +02:00
tools Char/Misc fixes for 6.1-rc3 2022-10-30 11:22:33 -07:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt kvm: Add support for arch compat vm ioctls 2022-10-22 05:15:23 -04:00
.clang-format PCI/DOE: Add DOE mailbox support functions 2022-07-19 15:38:04 -07:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap mailmap: update email for Qais Yousef 2022-10-20 21:27:21 -07:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS drm for 5.20/6.0 2022-08-03 19:52:08 -07:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS dt-bindings: i2c: add entry for hisilicon,ascend910-i2c 2022-11-02 21:23:52 +01:00
Makefile Linux 6.1-rc3 2022-10-30 15:19:28 -07:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.