[PATCH resend] mfd: mt6370: add bounds checking to regmap_read/write functions
Dan Carpenter
dan.carpenter at oracle.com
Wed Oct 26 01:50:47 PDT 2022
On Wed, Oct 26, 2022 at 03:24:48PM +0800, ChiYuan Huang wrote:
> 2) normal register access with negative length
> Unable to handle kernel paging request at virtual address ffffffc009cefff2
> pc : __memcpy+0x1dc/0x260
> lr : _regmap_raw_write_impl+0x6d4/0x828
> Call trace:
> __memcpy+0x1dc/0x260
> _regmap_raw_write+0xb4/0x130a
> regmap_raw_write+0x74/0xb0
>
>
> After applying the patch, the first case is cleared.
> But for the case 2, the root cause is not the mt6370_regmap_write() size
> check. It's in __memcpy() before mt6370_regmap_write().
>
> I'm wondering 'is it reasonable to give the negative value as the size?'
>
Thanks for testing!
I'm not sure I understand exactly which code you're talking about.
Could you just create a diff with the check for negative just so I can
understand where the issue is? We can re-work it into a proper patch
from there.
regards,
dan carpenter
More information about the Linux-mediatek
mailing list