Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp993655imm; Sun, 2 Sep 2018 06:15:08 -0700 (PDT) X-Google-Smtp-Source: ANB0Vda7nELtaqGazLo4AxSZf8lN31i/xQrqA8P7biDwbbn4NL16eiKWWuhgzCa5954gB3oShk5G X-Received: by 2002:a17:902:aa8f:: with SMTP id d15-v6mr23936405plr.64.1535894108173; Sun, 02 Sep 2018 06:15:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535894108; cv=none; d=google.com; s=arc-20160816; b=iYYLIGt8uCNhOSza2r0ku8EJ6PY4Wc96dMaqxd11sEay6rRVH5uV+LhLc2wGXW/1/d Su2oZyTd0rwyeitkpFLsBkUYQwfWRTKtQ7vSj1nMCIvx/CrVHIBy70K/tsRI7kKGeq6v YdBWYPUzOHdHAqks46jVFoUg/+xKH5PfgyxZVlHWXXdL2wf+LDGbNjCD6Sv1sCnwQMg/ FMFl9DRyLNmiV8Y2PrQ1+194UQbny7FMlyq38JfUY8iMY1296RuBLsPoTo/h79cgMM27 Cn6P+tLoo9bhnfkc9MlAFe7Xm4w4dcA6UI8EYd2NhT1xjtW95VSnjUJ3eIPc9Klt32RT Z5ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :spamdiagnosticmetadata:spamdiagnosticoutput:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=k4hGtOgAvvRJ3VcNGnk8zMauL17VTf9wpCwVPQSalNM=; b=fEX5vw4/2/N6KA9BwvjDO9ujuRrPfZgW85LLsNdNKXDjwIaCvxn1zmiW8JyYSHkq6O Ig1WPOC2CD8PUxiOUxSgwuJ//OUl8nQtUlBVhX+U7rzif5lilKDe48N4eG64Pv3UAcRp Lj0iu/5Oj1XT6w/qR9MK98gu0vkGbYsFFY9bnDbg9hEr6OeoRD2qmmvr7Ya8z27w205k P52pntSkkGLtbvkdKuXpcMUca8MX2TT/d74CbEZ3FhnUM9Hm47pT1r63i3Qa9DD0m1qe 2Ipjoi9jCxN13TTeqRJf5/82fo4K6eF2ChCj8qckfYHmj3DtEANJ9aNk7D0nMc3W5B98 nzyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=ihIM+65R; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 23-v6si15057492pgr.493.2018.09.02.06.14.53; Sun, 02 Sep 2018 06:15:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=ihIM+65R; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729344AbeIBRXe (ORCPT + 99 others); Sun, 2 Sep 2018 13:23:34 -0400 Received: from mail-sn1nam02on0134.outbound.protection.outlook.com ([104.47.36.134]:59648 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727049AbeIBRXe (ORCPT ); Sun, 2 Sep 2018 13:23:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k4hGtOgAvvRJ3VcNGnk8zMauL17VTf9wpCwVPQSalNM=; b=ihIM+65RDX+HP5F8QIcVHwOdSYcZBjWUlxspQbB7B4w4H7471LCPAYBbpznZO/8a04UudLkCftFSlbKXdgBxRdvuwxoxMvTXcbJJclCDtHaDhxiDtdIkpMlQ0UUko/eJIR4pFTnqPZ+eEBa6VfM6UiwcuoWeVV5zLrJvUsxt1gE= Received: from CY4PR21MB0776.namprd21.prod.outlook.com (10.173.192.22) by CY4PR21MB0503.namprd21.prod.outlook.com (10.172.122.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1122.2; Sun, 2 Sep 2018 13:07:45 +0000 Received: from CY4PR21MB0776.namprd21.prod.outlook.com ([fe80::7c3a:eea8:1391:1611]) by CY4PR21MB0776.namprd21.prod.outlook.com ([fe80::7c3a:eea8:1391:1611%7]) with mapi id 15.20.1143.000; Sun, 2 Sep 2018 13:07:45 +0000 From: Sasha Levin To: "stable@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: Anton Vasilyev , Linus Walleij , Sasha Levin Subject: [PATCH AUTOSEL 4.14 51/89] gpio: ml-ioh: Fix buffer underwrite on probe error path Thread-Topic: [PATCH AUTOSEL 4.14 51/89] gpio: ml-ioh: Fix buffer underwrite on probe error path Thread-Index: AQHUQr3dQ3MApJnmQkuxF2uSKO1jCg== Date: Sun, 2 Sep 2018 13:07:13 +0000 Message-ID: <20180902064918.183387-51-alexander.levin@microsoft.com> References: <20180902064918.183387-1-alexander.levin@microsoft.com> In-Reply-To: <20180902064918.183387-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;CY4PR21MB0503;6:KsUfivkK7L4vKGgG1950lnYd3h6H5hdW4leBl1KqgvRDXTkUUX0klJaPeabLycYk9AE9vpR6e2UNAPyFfdu3ZgXZl+mOmkFjsxr3gUyGXTSpjyR8IqU+TiqKN2umsyfSlgBOsemVmRZ84lQrvn947p1HLs9OiMTNL37VRsms/h/cImf+JzYrKFLvRkZDstMSDXJYxRux1EA5lbru3Bw5EvlGUHfOj1Hhrdz7ahByURAFsd9XOS8AX903V/KeL+MeuoZygywhaX/vTUjLgzNPniyPtS10x7bTc997JdUasqq22Kn+RzQYPE4WgXxcmx+8Pl2oQNFx90lEv6Rri2iXHZDiwasPk2cL1GSEL1EUhJ35wvNpcyxBwxJlRR6wJRzZZ38gMmFzt0KOHRtyBN7EGdcego3vIQ5DOZxGjHMPLQguFn7VRBCH6TKR0xI3InhwN6KgxEHpQa/ZKLwBk1zg/Q==;5:z6AmmYJb6y0MBeWHMrElIbONEv8GYYGJ+2fc2Xqd6exEFWGxFyHrzDp64k3p3Tx7ER2Xg23CqSDA0lCS2vRhIVM6jYPqBsdm7PD7BoCsR8FeHEtuTY5NjcoxQS7cFCaaTwRIYdQ98N6eGrwzw4Dmo7wg4JyxEIyhEoxrqmLfFE0=;7:B/bAkOb3qJKzh8gKSP/WbmINOSV74UcPk3HNr8YU/UsZJBRXFFuO5flM9aKMcS83myqVL8g55ONRUiP4iTOSdugnKOPZsfUbi342BCd8xFsxRPjHoFnCv5eqQhCMe4yUPU/5lAAXNs/sXMO86L7dmZbmui+TsAiLl9r32o/4oyuyVeFFRjOrGcX3AnbKDpfwOgKK6PWTIT5E+Uv9USocXk0X92t8JxIB32s4LW5gNGv6tmHC3+Z1qhuwDZ7ILT8L x-ms-office365-filtering-correlation-id: f791c73e-e5ad-4194-d1bc-08d610d512f4 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(7020095)(4652040)(4534165)(4627221)(201703031133081)(201702281549075)(5600074)(711020)(4618075)(2017052603328)(7193020);SRVR:CY4PR21MB0503; x-ms-traffictypediagnostic: CY4PR21MB0503: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(93006095)(93001095)(10201501046)(3231340)(944501410)(52105095)(2018427008)(3002001)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699049)(76991033);SRVR:CY4PR21MB0503;BCL:0;PCL:0;RULEID:;SRVR:CY4PR21MB0503; x-forefront-prvs: 078310077C x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(396003)(39860400002)(136003)(376002)(346002)(366004)(189003)(199004)(105586002)(8936002)(102836004)(6346003)(68736007)(2900100001)(6116002)(217873002)(186003)(36756003)(81156014)(81166006)(1076002)(99286004)(26005)(5660300001)(4477795004)(66066001)(6666003)(8676002)(54906003)(256004)(316002)(305945005)(22452003)(3846002)(10090500001)(7736002)(110136005)(14444005)(106356001)(2906002)(6506007)(10290500003)(2501003)(478600001)(2616005)(72206003)(6512007)(53936002)(86362001)(86612001)(107886003)(6436002)(14454004)(76176011)(486006)(25786009)(476003)(97736004)(446003)(11346002)(6486002)(4326008)(5250100002);DIR:OUT;SFP:1102;SCL:1;SRVR:CY4PR21MB0503;H:CY4PR21MB0776.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-message-info: X1mxJlxudkK9jOUZd5BGmcjYb7YsSZRwF/ttM/XoiFI3Peet+34sl3dVq90ab9YVAuwwvjy19ymeYVvoYpOgt4dduYRfMENqGebmU6yacRn010C6YyDnZ62xQmUAUCeTbasnYZqDDYNWtN//IkevC06osxuL3zqnzqCD1Ac5JB9I3ne45hzEj1xWtMJv9x7QPROcFgDVgoUJ519OCMprnVfK+9MFuA3ZP+ZJ1gx2OOgsMX3EuDeU9wWL0gN08YsX+khydduV+HGFTzeIz4nA1KGfLnL94sUBAcresfwbDQ92dpCQzaYzGmVLsvUjutYMAdDFcGqSS7GbzhnJiHGOZxTuUI9Wpb4w/Z7lLnrpLJ8= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: f791c73e-e5ad-4194-d1bc-08d610d512f4 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Sep 2018 13:07:13.2961 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0503 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Anton Vasilyev [ Upstream commit 4bf4eed44bfe288f459496eaf38089502ef91a79 ] If ioh_gpio_probe() fails on devm_irq_alloc_descs() then chip may point to any element of chip_save array, so reverse iteration from pointer chip may become chip_save[-1] and gpiochip_remove() will operate with wrong memory. The patch fix the error path of ioh_gpio_probe() to correctly bypass chip_save array. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Anton Vasilyev Signed-off-by: Linus Walleij Signed-off-by: Sasha Levin --- drivers/gpio/gpio-ml-ioh.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-ml-ioh.c b/drivers/gpio/gpio-ml-ioh.c index 4b80e996d976..1022fe8d09c7 100644 --- a/drivers/gpio/gpio-ml-ioh.c +++ b/drivers/gpio/gpio-ml-ioh.c @@ -497,9 +497,10 @@ static int ioh_gpio_probe(struct pci_dev *pdev, return 0; =20 err_gpiochip_add: + chip =3D chip_save; while (--i >=3D 0) { - chip--; gpiochip_remove(&chip->gpio); + chip++; } kfree(chip_save); =20 --=20 2.17.1