[PATCH resend] mfd: mt6370: add bounds checking to regmap_read/write functions

Dan Carpenter dan.carpenter at oracle.com
Wed Oct 26 01:50:47 PDT 2022


On Wed, Oct 26, 2022 at 03:24:48PM +0800, ChiYuan Huang wrote:
> 2) normal register access with negative length
> Unable to handle kernel paging request at virtual address ffffffc009cefff2
> pc : __memcpy+0x1dc/0x260
> lr : _regmap_raw_write_impl+0x6d4/0x828
> Call trace:
>  __memcpy+0x1dc/0x260
>  _regmap_raw_write+0xb4/0x130a
>  regmap_raw_write+0x74/0xb0
> 
> 
> After applying the patch, the first case is cleared.
> But for the case 2, the root cause is not the mt6370_regmap_write() size
> check. It's in __memcpy() before mt6370_regmap_write().
> 
> I'm wondering 'is it reasonable to give the negative value as the size?'
> 

Thanks for testing!

I'm not sure I understand exactly which code you're talking about.
Could you just create a diff with the check for negative just so I can
understand where the issue is?  We can re-work it into a proper patch
from there.

regards,
dan carpenter




More information about the Linux-mediatek mailing list