android_kernel_xiaomi_sm8450

History

Andrey Ryabinin 6e1d8ea909 platform/x86: wmi: fix off-by-one write in wmi_dev_probe() wmi_dev_probe() allocates one byte less than necessary, thus subsequent sprintf() call writes trailing zero past the end of the 'buf': BUG: KASAN: slab-out-of-bounds in vsnprintf+0xda4/0x1240 Write of size 1 at addr ffff880423529caf by task kworker/1:1/32 Call Trace: dump_stack+0xb3/0x14d print_address_description+0xd7/0x380 kasan_report+0x166/0x2b0 vsnprintf+0xda4/0x1240 sprintf+0x9b/0xd0 wmi_dev_probe+0x1c3/0x400 driver_probe_device+0x5d1/0x990 bus_for_each_drv+0x109/0x190 __device_attach+0x217/0x360 bus_probe_device+0x1ad/0x260 deferred_probe_work_func+0x10f/0x5d0 process_one_work+0xa8b/0x1dc0 worker_thread+0x20d/0x17d0 kthread+0x311/0x3d0 ret_from_fork+0x3a/0x50 Allocated by task 32: kasan_kmalloc+0xa0/0xd0 __kmalloc+0x14f/0x3e0 wmi_dev_probe+0x182/0x400 driver_probe_device+0x5d1/0x990 bus_for_each_drv+0x109/0x190 __device_attach+0x217/0x360 bus_probe_device+0x1ad/0x260 deferred_probe_work_func+0x10f/0x5d0 process_one_work+0xa8b/0x1dc0 worker_thread+0x20d/0x17d0 kthread+0x311/0x3d0 ret_from_fork+0x3a/0x50 Increment allocation size to fix this. Fixes: `44b6b76611` ("platform/x86: wmi: create userspace interface for drivers") Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>		2018-02-15 12:18:32 +02:00
..
chrome	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
goldfish	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
mellanox	platform/mellanox: mlxreg-hotplug: Fix uninitialized variable	2018-02-08 17:43:37 -08:00
mips	MIPS: Loongson-3: Support 4 packages in CPU Hwmon driver	2017-06-29 02:42:22 +02:00
olpc	platform/olpc: Make ec explicitly non-modular	2016-08-28 22:31:52 -07:00
x86	platform/x86: wmi: fix off-by-one write in wmi_dev_probe()	2018-02-15 12:18:32 +02:00
Kconfig	platform/x86: Move Mellanox platform hotplug driver to platform/mellanox	2018-01-31 10:36:48 -08:00
Makefile	platform/x86: Move Mellanox platform hotplug driver to platform/mellanox	2018-01-31 10:36:48 -08:00