The config passed in by pad wakeup is 1, when num_configs is 1,
Configuration [1] should not be fetched, which will be detected
by KASAN as a memory out of bounds condition. Modify to get
configs[1] when num_configs is 2.
Fixes: f60c9eac54af ("gpio: mxc: enable pad wakeup on i.MX8x platforms")
Signed-off-by: Xiaolei Wang <[email protected]>
---
Changes since v3:
- update commit log, delete call trace
drivers/pinctrl/freescale/pinctrl-scu.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/freescale/pinctrl-scu.c b/drivers/pinctrl/freescale/pinctrl-scu.c
index ea261b6e7458..3b252d684d72 100644
--- a/drivers/pinctrl/freescale/pinctrl-scu.c
+++ b/drivers/pinctrl/freescale/pinctrl-scu.c
@@ -90,7 +90,7 @@ int imx_pinconf_set_scu(struct pinctrl_dev *pctldev, unsigned pin_id,
struct imx_sc_msg_req_pad_set msg;
struct imx_sc_rpc_msg *hdr = &msg.hdr;
unsigned int mux = configs[0];
- unsigned int conf = configs[1];
+ unsigned int conf;
unsigned int val;
int ret;
@@ -115,6 +115,7 @@ int imx_pinconf_set_scu(struct pinctrl_dev *pctldev, unsigned pin_id,
* Set mux and conf together in one IPC call
*/
WARN_ON(num_configs != 2);
+ conf = configs[1];
val = conf | BM_PAD_CTL_IFMUX_ENABLE | BM_PAD_CTL_GP_ENABLE;
val |= mux << BP_PAD_CTL_IFMUX;
--
2.25.1
> Subject: [v4][PATCH] pinctrl: freescale: Fix a memory out of bounds when
> num_configs is 1
>
> The config passed in by pad wakeup is 1, when num_configs is 1,
> Configuration [1] should not be fetched, which will be detected by KASAN as
> a memory out of bounds condition. Modify to get configs[1] when
> num_configs is 2.
>
> Fixes: f60c9eac54af ("gpio: mxc: enable pad wakeup on i.MX8x platforms")
> Signed-off-by: Xiaolei Wang <[email protected]>
Reviewed-by: Peng Fan <[email protected]>
On 5/5/23 8:53 AM, Peng Fan wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
>> Subject: [v4][PATCH] pinctrl: freescale: Fix a memory out of bounds when
>> num_configs is 1
>>
>> The config passed in by pad wakeup is 1, when num_configs is 1,
>> Configuration [1] should not be fetched, which will be detected by KASAN as
>> a memory out of bounds condition. Modify to get configs[1] when
>> num_configs is 2.
>>
>> Fixes: f60c9eac54af ("gpio: mxc: enable pad wakeup on i.MX8x platforms")
>> Signed-off-by: Xiaolei Wang <[email protected]>
> Reviewed-by: Peng Fan <[email protected]>
Can someone help merge this patch?
thanks
xiaolei
On Fri, May 5, 2023 at 1:38 AM Xiaolei Wang <[email protected]> wrote:
> The config passed in by pad wakeup is 1, when num_configs is 1,
> Configuration [1] should not be fetched, which will be detected
> by KASAN as a memory out of bounds condition. Modify to get
> configs[1] when num_configs is 2.
>
> Fixes: f60c9eac54af ("gpio: mxc: enable pad wakeup on i.MX8x platforms")
> Signed-off-by: Xiaolei Wang <[email protected]>
> ---
> Changes since v3:
> - update commit log, delete call trace
Patch applied.
Right now I have applied it for the merge window for kernel v6.5,
tell me if it is really urgent and should rather go in for fixes.
Yours,
Linus Walleij