android_kernel_zuk_msm8996.git

diff options

author	Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>	2017-03-07 17:13:44 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2017-03-07 04:37:23 -0800
commit	db2c9496c893c1df816274cdb4ddd880f5b3e5e4 (patch)
tree	668d5e4b668c7b5748ae657ad9b7d965ddaa712c /tools/perf/scripts/python
parent	ec2354506c7753905505cf442ba3cee7db6a8fe6 (diff)

drivers: lmh_dcvsh: Use allocated variable for LMH DCVSh sensor name

LMH DCVSh device uses stack memory for sensor name and passes this stack variable pointer as devname argument while registering LMH DCVSh interrupt. But interrupt framework saves this pointer and try to dereference data in a different context. It leads to a stack-out-of-bounds issue. To fix this issue, use allocated memory variable to store sensor name and pass the same while registering interrupt. ================================================================== BUG: KASAN: stack-out-of-bounds in strcpy+0x24/0x50 at addr ffffffc0d37e3ac0 Read of size 1 by task kworker/0:1H/593 ================================================================== page dumped because: kasan: bad access detected kworker/0:1H Tainted: G W 4.4.21+ #1 ------------------------------------------------------------------ Call trace: [<ffffff900808a78c>] dump_backtrace+0x0/0x2c0 [<ffffff900808aa70>] show_stack+0x24/0x30 [<ffffff90084bd8c4>] dump_stack+0xbc/0xf8 [<ffffff9008263ce8>] kasan_report+0x3b0/0x4f8 [<ffffff900826308c>] __asan_load1+0x24/0x50 [<ffffff90084c8c54>] strcpy+0x24/0x50 [<ffffff90080b2fc8>] trace_event_raw_event_irq_handler_entry+0x134/0x180 [<ffffff900813e718>] handle_irq_event_percpu+0x33c/0x3e0 [<ffffff900813e828>] handle_irq_event+0x6c/0xb0 [<ffffff9008143bf4>] handle_fasteoi_irq+0x10c/0x1d4 [<ffffff900813d750>] generic_handle_irq+0x40/0x50 [<ffffff900813dbcc>] __handle_domain_irq+0xb0/0xe4 [<ffffff9008081ab8>] gic_handle_irq+0xd8/0x1a0 Memory state around the buggy address: ffffffc0d37e3980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 ffffffc0d37e3a00: f1 f1 04 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2 ffffffc0d37e3a80: f2 f2 00 00 00 00 00 00 f4 f4 f2 f2 f2 f2 00 00 ^ ffffffc0d37e3b00: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 ffffffc0d37e3b80: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 ================================================================== CRs-Fixed: 2015855 Change-Id: I22bd8ff4cd6d6a2389be37c35e23fb86221de5c6 Signed-off-by: Manaf Meethalavalappu Pallikunhi <manafm@codeaurora.org>

Diffstat (limited to 'tools/perf/scripts/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: