AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-22 09:54:43 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
971,184 Commits 1 Branch 0 Tags 2 GiB
C 97.7%
Assembly 1.2%
Shell 0.3%
Makefile 0.3%
Python 0.2%
Other 0.1%
231d8c46b1
Go to file
Kees Cook 231d8c46b1 spi: dw: Avoid stack content exposure 
[ Upstream commit 386f771aad15dd535f2368b4adc9958c0160edd4 ]

Since "data" is u32, &data is a "u32 *" type, which means pointer math
will move in u32-sized steps. This was meant to be a byte offset, so
cast &data to "char *" to aim the copy into the correct location.

Seen with -Warray-bounds (and found by Coverity):

In file included from ./include/linux/string.h:269,
                 from ./arch/powerpc/include/asm/paca.h:15,
                 from ./arch/powerpc/include/asm/current.h:13,
                 from ./include/linux/mutex.h:14,
                 from ./include/linux/notifier.h:14,
                 from ./include/linux/clk.h:14,
                 from drivers/spi/spi-dw-bt1.c:12:
In function 'memcpy',
    inlined from 'dw_spi_bt1_dirmap_copy_from_map' at drivers/spi/spi-dw-bt1.c:87:3:
./include/linux/fortify-string.h:20:29: warning: '__builtin_memcpy' offset 4 is out of the bounds [0, 4] of object 'data' with type 'u32' {aka 'unsigned int'} [-Warray-bounds]
   20 | #define __underlying_memcpy __builtin_memcpy
      |                             ^
./include/linux/fortify-string.h:191:9: note: in expansion of macro '__underlying_memcpy'
  191 |  return __underlying_memcpy(p, q, size);
      |         ^~~~~~~~~~~~~~~~~~~
drivers/spi/spi-dw-bt1.c: In function 'dw_spi_bt1_dirmap_copy_from_map':
drivers/spi/spi-dw-bt1.c:77:6: note: 'data' declared here
   77 |  u32 data;
      |      ^~~~

Addresses-Coverity: CID 1497771 Out-of-bounds access
Fixes: abf0090753 ("spi: dw: Add Baikal-T1 SPI Controller glue driver")
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Acked-by: Serge Semin <fancer.lancer@gmail.com>
Link: https://lore.kernel.org/r/20210211203714.1929862-1-keescook@chromium.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-03-04 11:38:07 +01:00
arch powerpc/kuap: Restore AMR after replaying soft interrupts 2021-03-04 11:38:06 +01:00
block bsg: free the request before return error code 2021-03-04 11:37:42 +01:00
certs certs: Fix blacklist flag type confusion 2021-03-04 11:37:59 +01:00
crypto crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() 2021-03-04 11:37:49 +01:00
Documentation watch_queue: Drop references to /dev/watch_queue 2021-03-04 11:37:59 +01:00
drivers spi: dw: Avoid stack content exposure 2021-03-04 11:38:07 +01:00
fs isofs: release buffer head before return 2021-03-04 11:38:00 +01:00
include regulator: bd718x7, bd71828, Fix dvs voltage levels 2021-03-04 11:38:07 +01:00
init fgraph: Initialize tracing_graph_pause at task creation 2021-02-10 09:29:16 +01:00
ipc ipc: adjust proc_ipc_sem_dointvec definition to match prototype 2020-09-05 12:14:29 -07:00
kernel tracepoint: Do not fail unregistering a probe due to memory failure 2021-03-04 11:38:03 +01:00
lib udp: fix skb_copy_and_csum_datagram with odd segment sizes 2021-02-17 11:02:28 +01:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm mm: provide a saner PTE walking API for modules 2021-02-26 10:13:01 +01:00
net tty: convert tty_ldisc_ops 'read()' function to take a kernel pointer 2021-03-04 11:37:36 +01:00
samples watch_queue: Drop references to /dev/watch_queue 2021-03-04 11:37:59 +01:00
scripts scripts/recordmcount.pl: support big endian for ARCH sh 2021-02-26 10:13:02 +01:00
security certs: Fix blacklist flag type confusion 2021-03-04 11:37:59 +01:00
sound ASoC: simple-card-utils: Fix device module clock 2021-03-04 11:37:51 +01:00
tools perf symbols: Use (long) for iterator for bfd symbols 2021-03-04 11:38:07 +01:00
usr
virt KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() 2021-02-26 10:13:01 +01:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore .gitignore: docs: ignore sphinx_*/ directories 2020-09-10 10:44:31 -06:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild
Kconfig
MAINTAINERS Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-12-10 15:30:13 -08:00
Makefile Linux 5.10.19 2021-02-26 10:14:35 +01:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.