Google Git
Sign in
android-kvm / linux / de327e4966cdbad2b7053c84a6f591fbdc54f7cb
commitde327e4966cdbad2b7053c84a6f591fbdc54f7cb[log] [tgz]
authorNicolas Boichat <drinkcat@chromium.org>Sun Dec 27 18:17:06 2015 +0800
committerMark Brown <broonie@kernel.org>Wed Dec 30 17:26:40 2015 +0000
tree4d84876c8a528509fa6c9fa412a401934f80f56d
parent8005c49d9aea74d382f474ce11afbbc7d7130bec [diff]
spi: mediatek: Prevent overflows in FIFO transfers

In the case where transfer length is not a multiple of 4, KASAN
reports 2 out-of-bounds memory accesses:
 - mtk_spi_interrupt: ioread32_rep writes past the end of
   trans->rx_buf.
 - mtk_spi_fifo_transfer: iowrite32_rep reads past the end of
   xfer->tx_buf.

Fix this by using memcpy on the remainder of the bytes.

Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
1 file changed
tree: 4d84876c8a528509fa6c9fa412a401934f80f56d
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS