Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp6285332rdb; Mon, 1 Jan 2024 17:07:35 -0800 (PST) X-Google-Smtp-Source: AGHT+IEbW88J6hMg4M8SSZ/j/bhhsNbQl9Lru22Cy2hXxerE6w7E2xa64WHfUpOaIaKqMLUinrU+ X-Received: by 2002:a17:90a:39cc:b0:28a:b563:502f with SMTP id k12-20020a17090a39cc00b0028ab563502fmr8403154pjf.6.1704157655121; Mon, 01 Jan 2024 17:07:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704157655; cv=none; d=google.com; s=arc-20160816; b=HH+s+QYGI+kYiSNqwztb73e76bnC0MMrKs9vLSyQxCe5hQ6LyQmf5PTJ4LRk371l6a O5wEB7chDcH7ODeIdFnCZ3CCQmQETvjiGJJFlQtCZyDjUDYkJ0QDZ4Lg15tq3ybxr1RO JZbyCmyEH+ojQ1qY5E8cunaUPFsp907aNMwmpNdkD6FJMu/Bo9VT8iqkR3kKwHRzYA7W WH14D4uI//+hKrSuDKFgHX7MCK3v0mXK7jEcRpgqjr3Fxvyy8kjWjZfe2H8/4+EfDtlK 6Fq7dHJP78S4fkZ/IQaU8mwbvHb1dOIbn4Z9PePQSjLSvLvYfahyqJKey97dUKrVtDsg OGiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-id:precedence:message-id:date :subject:cc:to:from:dkim-signature; bh=GFYxP6M9En/LfjFXyPIaCGUIynVC1Pp2AH5m72mqAtU=; fh=8oQed1a9TPaHshR1MtBmE8C3AW1jdI5MFAMZKcAqSr0=; b=sT6/pGDV6/kVpGsxMJ3c/ELOXDqMdOaRaoWfBAZtLR4q7qLRI4WIC0PneVAPon0nNG OUoDjgSJgAkIZjUEzIutaZP60q6GdsrUz43CYqGiUqI58phJt25+XusxsXdm/kFjXIHv iZCiBFP5yytvMeiVk0+g38zGjRvE3TyPSINwYcyrfl4spHKqdOX3X0O6E2Q3w8T/5vXE gr1tG/k8q82MwcBdUhBSqfUfA0G0RgQBKZgOuN+bIPZR7LkIq8gZ6dFi6slNhI6kQ1US zhVDI3E3KJOB1k6fZ/v1vP8u+aHjQLWZn4V3CjsZo8g7VgprfxDHAHozSyQmgM7O0PYQ 7h/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=i+LU5KJO; spf=pass (google.com: domain of linux-kernel+bounces-13964-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13964-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id x6-20020a17090a970600b0028c395fbd01si14895500pjo.12.2024.01.01.17.07.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jan 2024 17:07:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-13964-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=i+LU5KJO; spf=pass (google.com: domain of linux-kernel+bounces-13964-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13964-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 391C3281DA5 for ; Tue, 2 Jan 2024 01:07:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D7015A38; Tue, 2 Jan 2024 01:07:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="i+LU5KJO" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 878EA381; Tue, 2 Jan 2024 01:07:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-6d9b51093a0so4912001b3a.0; Mon, 01 Jan 2024 17:07:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704157644; x=1704762444; darn=vger.kernel.org; h=message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GFYxP6M9En/LfjFXyPIaCGUIynVC1Pp2AH5m72mqAtU=; b=i+LU5KJO6lcJxqi+1GnTiDl/OHjo4BM+ZObBsQRvk1Kg+jG1Ko+45Shr8IuMvjym27 ukUJCW5Fue4ka1QM+q3McHG9CeOLAtJ6qcsVU0FkNJwXJbSUm3PP3uEykUXkHZFdqSHe caVj+U7uX6UGF9ziXfuTs9swNqW2EbcpH4BHQnNXyA0JgpKOA2IKwO4jvYhl8zgb8iHH U0vMxssTWzPHhmWHNwZQI5g+2WabNz6D+7FDaY/ANzpwCf+92hVnxIxoAxEaDDi0qbJq pZCokvpF29sL3FuGQSKCfcwQlZd9WBBaM6A/wBfeV5l/s/GOXcdrjKRvI1LtDWtWEa/o J8Zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704157644; x=1704762444; h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GFYxP6M9En/LfjFXyPIaCGUIynVC1Pp2AH5m72mqAtU=; b=YzgrW4QmdpM9FTezNqOBbYdqKFXdEMmtuZD7H/yXnU9+5f6/5T5C0gL4oeCl6qkLCK P+2l09tqV8bWMEL49eDrzkFOlI90XxkmEsUCSkgUk1uP7uOVdos4wOb24y0u82lj8tfI X8LCfFFJmPR+NBi73XXrY0kGoABcV6dI1De023eM24KiKcjny9FCIMLxu0JRNmoOzKl4 YuhH0JcOl/UKT7h5YkbcqbMVwUMPdrbjJfAj025mWz326yze657bIg5ZLgZyUh+aSFkM 1LW4SeJSVmk0wlflj33NRj4LO1/hl6BJ+nZixvkRHKMgc2RZvSN02TPee96jI5q+mICz 4A6Q== X-Gm-Message-State: AOJu0YxsQs/4Ymoc0VbmQSzVW1B+2qs/NBHn5XxXo+DNIfXpIuWSXnzV dqWvOJY395E4iFbHqXjmV6Q= X-Received: by 2002:a05:6a20:13cd:b0:190:8b2b:1959 with SMTP id ho13-20020a056a2013cd00b001908b2b1959mr17538719pzc.46.1704157643615; Mon, 01 Jan 2024 17:07:23 -0800 (PST) Received: from localhost.localdomain ([154.220.3.115]) by smtp.gmail.com with ESMTPSA id b1-20020aa78101000000b006d9ecb8e956sm11591683pfi.173.2024.01.01.17.07.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Jan 2024 17:07:23 -0800 (PST) From: zhouzhouyi@gmail.com To: songqiang1304521@gmail.com, jic23@kernel.org, lars@metafoo.de, linux-iio@vger.kernel.org, linux-kernel@vger.kernel.org Cc: "zhili.liu" Subject: [PATCH v3] iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Date: Tue, 2 Jan 2024 09:07:11 +0800 Message-Id: <1704157631-3814-1-git-send-email-zhouzhouyi@gmail.com> X-Mailer: git-send-email 1.7.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: From: "zhili.liu" Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to prevent out of bound access. Fixes: 121354b2eceb ("iio: magnetometer: Add driver support for PNI RM3100") Suggested-by: Zhouyi Zhou Signed-off-by: zhili.liu --- drivers/iio/magnetometer/rm3100-core.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/iio/magnetometer/rm3100-core.c b/drivers/iio/magnetometer/rm3100-core.c index 69938204456f..12c2e3b0aeb6 100644 --- a/drivers/iio/magnetometer/rm3100-core.c +++ b/drivers/iio/magnetometer/rm3100-core.c @@ -530,6 +530,7 @@ int rm3100_common_probe(struct device *dev, struct regmap *regmap, int irq) struct rm3100_data *data; unsigned int tmp; int ret; + int samp_rate_index; indio_dev = devm_iio_device_alloc(dev, sizeof(*data)); if (!indio_dev) @@ -586,8 +587,14 @@ int rm3100_common_probe(struct device *dev, struct regmap *regmap, int irq) ret = regmap_read(regmap, RM3100_REG_TMRC, &tmp); if (ret < 0) return ret; + + samp_rate_index = tmp - RM3100_TMRC_OFFSET; + if (samp_rate_index < 0 || samp_rate_index >= RM3100_SAMP_NUM) { + dev_err(dev, "The value read from RM3100_REG_TMRC is invalid!\n"); + return -EINVAL; + } /* Initializing max wait time, which is double conversion time. */ - data->conversion_time = rm3100_samp_rates[tmp - RM3100_TMRC_OFFSET][2] + data->conversion_time = rm3100_samp_rates[samp_rate_index][2] * 2; /* Cycle count values may not be what we want. */ -- 2.34.1