brain-hackers_pepepper-mirror/linux-brain
1
0
Fork 0
mirror of https://github.com/brain-hackers/linux-brain.git synced 2024-06-09 07:16:21 +09:00
Code Issues Projects Releases Wiki Activity
8deedce385
linux-brain/drivers
History
Kees Cook 50cf8f1b6c staging: rts5208: Fix get_ms_information() heap buffer size 
[ Upstream commit cbe34165cc1b7d1110b268ba8b9f30843c941639 ]

Fix buf allocation size (it needs to be 2 bytes larger). Found when
__alloc_size() annotations were added to kmalloc() interfaces.

In file included from ./include/linux/string.h:253,
                 from ./include/linux/bitmap.h:10,
                 from ./include/linux/cpumask.h:12,
                 from ./arch/x86/include/asm/paravirt.h:17,
                 from ./arch/x86/include/asm/irqflags.h:63,
                 from ./include/linux/irqflags.h:16,
                 from ./include/linux/rcupdate.h:26,
                 from ./include/linux/rculist.h:11,
                 from ./include/linux/pid.h:5,
                 from ./include/linux/sched.h:14,
                 from ./include/linux/blkdev.h:5,
                 from drivers/staging/rts5208/rtsx_scsi.c:12:
In function 'get_ms_information',
    inlined from 'ms_sp_cmnd' at drivers/staging/rts5208/rtsx_scsi.c:2877:12,
    inlined from 'rtsx_scsi_handler' at drivers/staging/rts5208/rtsx_scsi.c:3247:12:
./include/linux/fortify-string.h:54:29: warning: '__builtin_memcpy' forming offset [106, 107] is out
 of the bounds [0, 106] [-Warray-bounds]
   54 | #define __underlying_memcpy __builtin_memcpy
      |                             ^
./include/linux/fortify-string.h:417:2: note: in expansion of macro '__underlying_memcpy'
  417 |  __underlying_##op(p, q, __fortify_size);   \
      |  ^~~~~~~~~~~~~
./include/linux/fortify-string.h:463:26: note: in expansion of macro '__fortify_memcpy_chk'
  463 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,   \
      |                          ^~~~~~~~~~~~~~~~~~~~
drivers/staging/rts5208/rtsx_scsi.c:2851:3: note: in expansion of macro 'memcpy'
 2851 |   memcpy(buf + i, ms_card->raw_sys_info, 96);
      |   ^~~~~~

Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210818044252.1533634-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-09-22 12:26:33 +02:00
..
accessibility
acpi ACPI: NFIT: Fix support for virtual SPA ranges 2021-08-18 08:56:57 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 10:26:32 +01:00
android binder: add flag to clear buffer on txn complete 2020-12-30 11:51:35 +01:00
ata ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() 2021-09-22 12:26:30 +02:00
atm atm: nicstar: register the interrupt handler in the right place 2021-07-19 08:53:12 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 10:26:30 +01:00
base regmap: fix the offset of register error log 2021-09-15 09:47:26 +02:00
bcma bcma: Fix memory leak for internally-handled cores 2021-09-15 09:47:37 +02:00
block Revert "block: nbd: add sanity check for first_minor" 2021-09-16 12:56:13 +02:00
bluetooth Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. 2021-07-19 08:53:13 +02:00
bus bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act 2021-06-10 13:37:08 +02:00
cdrom cdrom: gdrom: initialize global variable at init time 2021-05-26 12:05:19 +02:00
char tpm_ftpm_tee: Free and unregister TEE shared memory during kexec 2021-08-12 13:21:01 +02:00
clk clk: at91: clk-generated: Limit the requested rate to our range 2021-09-22 12:26:25 +02:00
clocksource clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel 2021-09-15 09:47:29 +02:00
connector
counter counter: 104-quad-8: Return error when invalid mode during ceiling_write 2021-09-15 09:47:34 +02:00
cpufreq cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant 2021-08-26 08:36:16 -04:00
cpuidle
crypto crypto: mxs-dcp - Use sg_mapping_iter to copy data 2021-09-22 12:26:26 +02:00
dax device-dax/core: Fix memory leak when rmmod dax.ko 2020-12-30 11:51:46 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:44:20 +02:00
dio
dma dmaengine: imx-sdma: remove duplicated sdma_load_context 2021-09-22 12:26:21 +02:00
dma-buf dma-buf/sync_file: Don't leak fences on merge failure 2021-07-25 14:35:15 +02:00
edac EDAC/i10nm: Fix NVDIMM detection 2021-09-15 09:47:30 +02:00
eisa
extcon extcon: intel-mrfld: Sync hardware and software state on init 2021-07-19 08:53:16 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 14:47:43 +02:00
firmware firmware: arm_scmi: Add delayed response status check 2021-08-08 09:04:08 +02:00
fpga fpga: stratix10-soc: Add missing fpga_mgr_free() call 2021-07-19 08:53:15 +02:00
fsi fsi/sbefifo: Fix reset timeout 2021-07-14 16:53:42 +02:00
gnss
gpio gpio: tqmx86: really make IRQ optional 2021-08-12 13:20:57 +02:00
gpu drm/display: fix possible null-pointer dereference in dcn10_set_clock() 2021-09-22 12:26:32 +02:00
greybus
hid HID: i2c-hid: Fix Elan touchpad regression 2021-09-22 12:26:25 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:44:25 +02:00
hv hv_utils: Fix passing zero to 'PTR_ERR' warning 2021-07-14 16:53:16 +02:00
hwmon hwmon: (max31790) Fix fan speed reporting for fan7..12 2021-07-14 16:53:23 +02:00
hwspinlock
hwtracing intel_th: Wait until port is in reset before programming it 2021-07-20 16:10:46 +02:00
i2c i2c: mt65xx: fix IRQ check 2021-09-15 09:47:36 +02:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:44:15 +02:00
ide scsi: ide: Do not set the RQF_PREEMPT flag for sense requests 2021-01-12 20:16:09 +01:00
idle
iio iio: dac: ad5624r: Fix incorrect handling of an optional regulator. 2021-09-22 12:26:27 +02:00
infiniband RDMA/efa: Remove double QP type assignment 2021-09-22 12:26:23 +02:00
input Input: hideep - fix the uninitialized use in hideep_nvm_unlock() 2021-07-20 16:10:45 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:46:37 +02:00
iommu iommu: Check if group is NULL before remove device 2021-08-26 08:36:15 -04:00
ipack ipack: tpci200: fix memory leak in the tpci200_register 2021-08-26 08:36:21 -04:00
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:44:20 +02:00
isdn mISDN: fix possible use-after-free in HFC_cleanup() 2021-07-19 08:53:08 +02:00
leds leds: trigger: audio: Add an activate callback to ensure the initial brightness is set 2021-09-15 09:47:33 +02:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:47:53 +01:00
macintosh
mailbox
mcb
md dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() 2021-09-22 12:26:21 +02:00
media media: tegra-cec: Handle errors of clk_prepare_enable() 2021-09-22 12:26:31 +02:00
memory memory: fsl_ifc: fix leak of private memory on probe failure 2021-07-20 16:10:52 +02:00
memstick memstick: rtsx_usb_ms: fix UAF 2021-07-14 16:53:13 +02:00
message
mfd mfd: cpcap: Fix cpcap dmamask not set warnings 2021-07-20 16:10:43 +02:00
misc VMCI: fix NULL pointer dereference when unmapping queue pair 2021-09-22 12:26:21 +02:00
mmc mmc: moxart: Fix issue with uninitialized dma_slave_config 2021-09-15 09:47:36 +02:00
mtd mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards 2021-08-26 08:36:12 -04:00
mux
net net/mlx5: Fix variable type to match 64bit 2021-09-22 12:26:32 +02:00
nfc nfc: nfcsim: fix use after free during module unload 2021-08-04 12:27:38 +02:00
ntb
nubus
nvdimm libnvdimm/region: Fix label activation vs errors 2021-08-18 08:56:57 +02:00
nvme nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data 2021-09-22 12:26:33 +02:00
nvmem nvmem: core: add a missing of_node_put 2021-07-19 08:53:16 +02:00
of of: Fix truncation of memory sizes on 32-bit platforms 2021-07-14 16:53:45 +02:00
opp opp: Don't print an error if required-opps is missing 2021-09-22 12:26:33 +02:00
oprofile
parisc
parport
pci PCI: Use pci_update_current_state() in pci_enable_device_flags() 2021-09-22 12:26:26 +02:00
pcmcia pcmcia: i82092: fix a null pointer dereference bug 2021-08-12 13:21:03 +02:00
perf drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe() 2021-07-14 16:53:14 +02:00
phy phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe() 2021-07-14 16:53:46 +02:00
pinctrl pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() 2021-09-22 12:26:24 +02:00
platform platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call 2021-09-22 12:26:25 +02:00
pnp
power power: supply: max17042: handle fails of reading status register 2021-09-22 12:26:21 +02:00
powercap
pps
ps3 powerpc/ps3: use dma_mapping_error() 2020-12-30 11:51:26 +01:00
ptp ptp_pch: Restore dependency on PCI 2021-08-26 08:36:17 -04:00
pwm pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped 2021-07-28 13:30:53 +02:00
rapidio rapidio: handle create_workqueue() failure 2021-05-26 12:05:17 +02:00
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:24:18 +02:00
regulator regulator: vctrl: Avoid lockdep warning in enable/disable ops 2021-09-15 09:47:29 +02:00
remoteproc remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() 2020-12-30 11:51:24 +01:00
reset reset: reset-zynqmp: Fixed the argument data type 2021-09-12 08:56:39 +02:00
rpmsg rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() 2021-05-19 10:08:25 +02:00
rtc rtc: tps65910: Correct driver module alias 2021-09-22 12:26:19 +02:00
s390 s390/cio: add dev_busid sysfs entry for each subchannel 2021-09-15 09:47:27 +02:00
sbus
scsi scsi: qedf: Fix error codes in qedf_alloc_global_queues() 2021-09-22 12:26:24 +02:00
sfi
sh
siox
slimbus slimbus: ngd: reset dma setup during runtime pm 2021-08-26 08:36:21 -04:00
soc soc: aspeed: p2a-ctrl: Fix boundary check for mmap 2021-09-22 12:26:20 +02:00
soundwire soundwire: stream: Fix test for DP prepare complete 2021-07-14 16:53:45 +02:00
spi spi: spi-zynq-qspi: use wait_for_completion_timeout to make zynq_qspi_exec_mem_op not interruptible 2021-09-15 09:47:30 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 10:26:49 +01:00
ssb ssb: Fix error return code in ssb_bus_scan() 2021-07-14 16:53:29 +02:00
staging staging: rts5208: Fix get_ms_information() heap buffer size 2021-09-22 12:26:33 +02:00
target scsi: target: avoid per-loop XCOPY buffer allocations 2021-09-22 12:26:25 +02:00
tc
tee tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag 2021-08-15 13:08:02 +02:00
thermal thermal/core: Correct function name thermal_zone_device_unregister() 2021-07-25 14:35:12 +02:00
thunderbolt thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue 2021-06-03 08:59:03 +02:00
tty serial: sh-sci: fix break handling for sysrq 2021-09-22 12:26:33 +02:00
uio uio_hv_generic: Fix a memory leak in error handling paths 2021-05-26 12:05:17 +02:00
usb usb: gadget: composite: Allow bMaxPower=0 if self-powered 2021-09-22 12:26:28 +02:00
vfio vfio: Use config not menuconfig for VFIO_NOIOMMU 2021-09-22 12:26:23 +02:00
vhost vringh: Use wiov->used to check for read/write desc order 2021-09-03 10:08:15 +02:00
video video: fbdev: riva: Error out if 'pixclock' equals zero 2021-09-22 12:26:29 +02:00
virt virt: vbox: Do not use wait_event_interruptible when called from kernel context 2021-03-04 10:26:10 +01:00
virtio virtio_pci: Support surprise removal of virtio pci device 2021-09-03 10:08:15 +02:00
visorbus visorbus: fix error return code in visorchipset_init() 2021-07-14 16:53:42 +02:00
vlynq
vme
w1 w1: ds2438: fixing bug that would always get page0 2021-07-20 16:10:41 +02:00
watchdog Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" 2021-08-08 09:04:08 +02:00
xen xen/events: Fix race in set_evtchn_to_irq 2021-08-18 08:57:01 +02:00
zorro
Kconfig
Makefile