mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-30 01:46:30 -05:00
64 lines
2.5 KiB
Diff
64 lines
2.5 KiB
Diff
From 9f261e5dfe101bbe35043822a89bffa78e080b3b Mon Sep 17 00:00:00 2001
|
|
From: "Se Wang (Patrick) Oh" <sewango@codeaurora.org>
|
|
Date: Wed, 2 Sep 2015 21:07:47 -0700
|
|
Subject: arm64: Fix out of bound access to compat_hwcap_str
|
|
|
|
As compat_hwcap_str[] doesn't end with 'NULL', c_show()
|
|
tries to read the next element even after the end of the
|
|
array. So add 'NULL' at the end of compat_hwcap_str[].
|
|
Below is the KASan report for referencing.
|
|
|
|
BUG: KASan: out of bounds access in c_show+0x110/0x248 at addr ffffffc0011f6370
|
|
Read of size 8 by task pool-1-thread-1/10526
|
|
page:ffffffbac14b39c0 count:1 mapcount:0 mapping: (null) index:0x0
|
|
flags: 0x400(reserved)
|
|
page dumped because: kasan: bad access detected
|
|
Address belongs to variable compat_hwcap_str+0xb0/0xe0
|
|
CPU: 0 PID: 10526 Comm: pool-1-thread-1 Tainted: G B W 3.18.18-ga7b28e9-11552-ge4a827f #1
|
|
Hardware name: Qualcomm Technologies, Inc. MSM 8996 v2 + PMI8994 MTP (DT)
|
|
Call trace:
|
|
[<ffffffc000089ec4>] dump_backtrace+0x0/0x1c4
|
|
[<ffffffc00008a098>] show_stack+0x10/0x1c
|
|
[<ffffffc0011a7c58>] dump_stack+0x74/0xc8
|
|
[<ffffffc00020e94c>] kasan_report_error+0x2b0/0x408
|
|
[<ffffffc00020eb80>] kasan_report+0x34/0x40
|
|
[<ffffffc00020db14>] __asan_load8+0x84/0x90
|
|
[<ffffffc000088ae8>] c_show+0x10c/0x248
|
|
[<ffffffc000245bb8>] traverse+0x1a8/0x320
|
|
[<ffffffc000245dc8>] seq_lseek+0x98/0x148
|
|
[<ffffffc00028f4e0>] proc_reg_llseek+0xa0/0xd8
|
|
[<ffffffc000217d1c>] vfs_llseek+0x5c/0x70
|
|
[<ffffffc000218b0c>] SyS_lseek+0x48/0x80
|
|
[<ffffffc000218b50>] compat_SyS_lseek+0xc/0x18
|
|
Memory state around the buggy address:
|
|
ffffffc0011f6200: 00 00 fa fa fa fa fa fa 00 03 fa fa fa fa fa fa
|
|
ffffffc0011f6280: 04 fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
|
|
>ffffffc0011f6300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa
|
|
^
|
|
ffffffc0011f6380: fa fa fa fa 00 00 00 00 00 00 fa fa fa fa fa fa
|
|
ffffffc0011f6400: 02 fa fa fa fa fa fa fa 00 00 00 02 fa fa fa fa
|
|
|
|
Change-Id: I5e2098f9a7a676c47a01baf10de3ac1c86265e69
|
|
Signed-off-by: Se Wang (Patrick) Oh <sewango@codeaurora.org>
|
|
---
|
|
arch/arm64/kernel/setup.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c
|
|
index 58e7c14..1da40ef 100644
|
|
--- a/arch/arm64/kernel/setup.c
|
|
+++ b/arch/arm64/kernel/setup.c
|
|
@@ -488,7 +488,8 @@ static const char *compat_hwcap_str[] = {
|
|
"idivt",
|
|
"vfpd32",
|
|
"lpae",
|
|
- "evtstrm"
|
|
+ "evtstrm",
|
|
+ NULL
|
|
};
|
|
|
|
static const char *compat_hwcap2_str[] = {
|
|
--
|
|
cgit v1.1
|
|
|