Re: [PATCH] mtd: rawnand: intel: Fix potential buffer overflow in probe

From: Miquel Raynal
Date: Tue Sep 14 2021 - 13:39:24 EST

Next message: Miquel Raynal: "Re: [PATCH] mtd: rawnand: xway: Make use of the helper function devm_platform_ioremap_resource()"
Previous message: Miquel Raynal: "Re: [PATCH] mtd: mtdswap: Remove redundant assignment of pointer eb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2021-09-03 at 08:26:53 UTC, Evgeny Novikov wrote:
> ebu_nand_probe() read the value of u32 variable "cs" from the device
> firmware description and used it as the index for array ebu_host->cs
> that can contain MAX_CS (2) elements at most. That could result in
> a buffer overflow and various bad consequences later.
>
> Fix the potential buffer overflow by restricting values of "cs" with
> MAX_CS in probe.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Fixes: 0b1039f016e8 ("mtd: rawnand: Add NAND controller support on Intel LGM SoC")
> Signed-off-by: Evgeny Novikov <novikov@xxxxxxxxx>
> Co-developed-by: Kirill Shilimanov <kirill.shilimanov@xxxxxxxxxx>
> Signed-off-by: Kirill Shilimanov <kirill.shilimanov@xxxxxxxxxx>
> Co-developed-by: Anton Vasilyev <vasilyev@xxxxxxxxx>
> Signed-off-by: Anton Vasilyev <vasilyev@xxxxxxxxx>

Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next, thanks.

Miquel

Next message: Miquel Raynal: "Re: [PATCH] mtd: rawnand: xway: Make use of the helper function devm_platform_ioremap_resource()"
Previous message: Miquel Raynal: "Re: [PATCH] mtd: mtdswap: Remove redundant assignment of pointer eb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]