|
Revision tags: v6.6.25, v6.6.24, v6.6.23, v6.6.16, v6.6.15, v6.6.14, v6.6.13, v6.6.12, v6.6.11, v6.6.10, v6.6.9, v6.6.8, v6.6.7, v6.6.6, v6.6.5, v6.6.4, v6.6.3, v6.6.2, v6.5.11, v6.6.1, v6.5.10, v6.6, v6.5.9, v6.5.8, v6.5.7, v6.5.6, v6.5.5, v6.5.4, v6.5.3, v6.5.2, v6.1.51, v6.5.1, v6.1.50, v6.5, v6.1.49, v6.1.48, v6.1.46, v6.1.45, v6.1.44, v6.1.43, v6.1.42, v6.1.41, v6.1.40, v6.1.39, v6.1.38, v6.1.37, v6.1.36, v6.4, v6.1.35, v6.1.34, v6.1.33, v6.1.32, v6.1.31, v6.1.30, v6.1.29, v6.1.28, v6.1.27, v6.1.26, v6.3, v6.1.25, v6.1.24, v6.1.23, v6.1.22, v6.1.21, v6.1.20, v6.1.19, v6.1.18, v6.1.17, v6.1.16, v6.1.15, v6.1.14, v6.1.13, v6.2, v6.1.12, v6.1.11, v6.1.10, v6.1.9, v6.1.8, v6.1.7, v6.1.6, v6.1.5, v6.0.19, v6.0.18, v6.1.4, v6.1.3, v6.0.17, v6.1.2, v6.0.16, v6.1.1, v6.0.15, v6.0.14, v6.0.13, v6.1, v6.0.12, v6.0.11, v6.0.10, v5.15.80, v6.0.9, v5.15.79, v6.0.8, v5.15.78, v6.0.7, v5.15.77, v5.15.76, v6.0.6, v6.0.5, v5.15.75, v6.0.4, v6.0.3, v6.0.2, v5.15.74, v5.15.73, v6.0.1, v5.15.72, v6.0, v5.15.71, v5.15.70, v5.15.69, v5.15.68, v5.15.67, v5.15.66, v5.15.65, v5.15.64, v5.15.63, v5.15.62, v5.15.61, v5.15.60, v5.15.59, v5.19, v5.15.58, v5.15.57, v5.15.56, v5.15.55, v5.15.54, v5.15.53, v5.15.52, v5.15.51, v5.15.50, v5.15.49, v5.15.48, v5.15.47, v5.15.46, v5.15.45, v5.15.44, v5.15.43, v5.15.42, v5.18, v5.15.41, v5.15.40, v5.15.39, v5.15.38, v5.15.37, v5.15.36, v5.15.35, v5.15.34, v5.15.33, v5.15.32, v5.15.31, v5.17, v5.15.30, v5.15.29, v5.15.28, v5.15.27, v5.15.26, v5.15.25, v5.15.24, v5.15.23, v5.15.22, v5.15.21, v5.15.20, v5.15.19, v5.15.18, v5.15.17, v5.4.173, v5.15.16, v5.15.15, v5.16, v5.15.10, v5.15.9, v5.15.8, v5.15.7, v5.15.6, v5.15.5, v5.15.4, v5.15.3 |
|
| #
fdc12231 |
| 17-Nov-2021 |
Stephen Boyd <swboyd@chromium.org> |
remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided
If the string passed into qcom_pil_info_store() isn't as long as
PIL_RELOC_NAME_LEN we'll try to copy the string assuming the leng
remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided
If the string passed into qcom_pil_info_store() isn't as long as
PIL_RELOC_NAME_LEN we'll try to copy the string assuming the length is
PIL_RELOC_NAME_LEN to the io space and go beyond the bounds of the
string. Let's only copy as many byes as the string is long, ignoring the
NUL terminator.
This fixes the following KASAN error:
BUG: KASAN: global-out-of-bounds in __memcpy_toio+0x124/0x140
Read of size 1 at addr ffffffd35086e386 by task rmtfs/2392
CPU: 2 PID: 2392 Comm: rmtfs Tainted: G W 5.16.0-rc1-lockdep+ #10
Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
Call trace:
dump_backtrace+0x0/0x410
show_stack+0x24/0x30
dump_stack_lvl+0x7c/0xa0
print_address_description+0x78/0x2bc
kasan_report+0x160/0x1a0
__asan_report_load1_noabort+0x44/0x50
__memcpy_toio+0x124/0x140
qcom_pil_info_store+0x298/0x358 [qcom_pil_info]
q6v5_start+0xdf0/0x12e0 [qcom_q6v5_mss]
rproc_start+0x178/0x3a0
rproc_boot+0x5f0/0xb90
state_store+0x78/0x1bc
dev_attr_store+0x70/0x90
sysfs_kf_write+0xf4/0x118
kernfs_fop_write_iter+0x208/0x300
vfs_write+0x55c/0x804
ksys_pwrite64+0xc8/0x134
__arm64_compat_sys_aarch32_pwrite64+0xc4/0xdc
invoke_syscall+0x78/0x20c
el0_svc_common+0x11c/0x1f0
do_el0_svc_compat+0x50/0x60
el0_svc_compat+0x5c/0xec
el0t_32_sync_handler+0xc0/0xf0
el0t_32_sync+0x1a4/0x1a8
The buggy address belongs to the variable:
.str.59+0x6/0xffffffffffffec80 [qcom_q6v5_mss]
Memory state around the buggy address:
ffffffd35086e280: 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
ffffffd35086e300: 00 02 f9 f9 f9 f9 f9 f9 00 00 00 06 f9 f9 f9 f9
>ffffffd35086e380: 06 f9 f9 f9 05 f9 f9 f9 00 00 00 00 00 06 f9 f9
^
ffffffd35086e400: f9 f9 f9 f9 01 f9 f9 f9 04 f9 f9 f9 00 00 01 f9
ffffffd35086e480: f9 f9 f9 f9 00 00 00 00 00 00 00 01 f9 f9 f9 f9
Fixes: 549b67da660d ("remoteproc: qcom: Introduce helper to store pil info in IMEM")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20211117065454.4142936-1-swboyd@chromium.org
show more ...
|
| #
c78c39a9 |
| 17-Nov-2021 |
Stephen Boyd <swboyd@chromium.org> |
remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided
commit fdc12231d885119cc2e2b4f3e0fbba3155f37a56 upstream.
If the string passed into qcom_pil_info_store() isn't as long as
PIL_RE
remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided
commit fdc12231d885119cc2e2b4f3e0fbba3155f37a56 upstream.
If the string passed into qcom_pil_info_store() isn't as long as
PIL_RELOC_NAME_LEN we'll try to copy the string assuming the length is
PIL_RELOC_NAME_LEN to the io space and go beyond the bounds of the
string. Let's only copy as many byes as the string is long, ignoring the
NUL terminator.
This fixes the following KASAN error:
BUG: KASAN: global-out-of-bounds in __memcpy_toio+0x124/0x140
Read of size 1 at addr ffffffd35086e386 by task rmtfs/2392
CPU: 2 PID: 2392 Comm: rmtfs Tainted: G W 5.16.0-rc1-lockdep+ #10
Hardware name: Google Lazor (rev3+) with KB Backlight (DT)
Call trace:
dump_backtrace+0x0/0x410
show_stack+0x24/0x30
dump_stack_lvl+0x7c/0xa0
print_address_description+0x78/0x2bc
kasan_report+0x160/0x1a0
__asan_report_load1_noabort+0x44/0x50
__memcpy_toio+0x124/0x140
qcom_pil_info_store+0x298/0x358 [qcom_pil_info]
q6v5_start+0xdf0/0x12e0 [qcom_q6v5_mss]
rproc_start+0x178/0x3a0
rproc_boot+0x5f0/0xb90
state_store+0x78/0x1bc
dev_attr_store+0x70/0x90
sysfs_kf_write+0xf4/0x118
kernfs_fop_write_iter+0x208/0x300
vfs_write+0x55c/0x804
ksys_pwrite64+0xc8/0x134
__arm64_compat_sys_aarch32_pwrite64+0xc4/0xdc
invoke_syscall+0x78/0x20c
el0_svc_common+0x11c/0x1f0
do_el0_svc_compat+0x50/0x60
el0_svc_compat+0x5c/0xec
el0t_32_sync_handler+0xc0/0xf0
el0t_32_sync+0x1a4/0x1a8
The buggy address belongs to the variable:
.str.59+0x6/0xffffffffffffec80 [qcom_q6v5_mss]
Memory state around the buggy address:
ffffffd35086e280: 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
ffffffd35086e300: 00 02 f9 f9 f9 f9 f9 f9 00 00 00 06 f9 f9 f9 f9
>ffffffd35086e380: 06 f9 f9 f9 05 f9 f9 f9 00 00 00 00 00 06 f9 f9
^
ffffffd35086e400: f9 f9 f9 f9 01 f9 f9 f9 04 f9 f9 f9 00 00 01 f9
ffffffd35086e480: f9 f9 f9 f9 00 00 00 00 00 00 00 01 f9 f9 f9 f9
Fixes: 549b67da660d ("remoteproc: qcom: Introduce helper to store pil info in IMEM")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20211117065454.4142936-1-swboyd@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
|
Revision tags: v5.15.2, v5.15.1, v5.15, v5.14.14, v5.14.13, v5.14.12, v5.14.11, v5.14.10, v5.14.9, v5.14.8, v5.14.7, v5.14.6, v5.10.67, v5.10.66, v5.14.5, v5.14.4, v5.10.65, v5.14.3, v5.10.64, v5.14.2, v5.10.63, v5.14.1, v5.10.62, v5.14, v5.10.61, v5.10.60, v5.10.53, v5.10.52, v5.10.51, v5.10.50, v5.10.49, v5.13, v5.10.46, v5.10.43, v5.10.42, v5.10.41, v5.10.40, v5.10.39, v5.4.119, v5.10.36, v5.10.35, v5.10.34, v5.4.116, v5.10.33, v5.12, v5.10.32, v5.10.31, v5.10.30, v5.10.27, v5.10.26, v5.10.25, v5.10.24, v5.10.23, v5.10.22, v5.10.21, v5.10.20, v5.10.19, v5.4.101, v5.10.18, v5.10.17, v5.11, v5.10.16, v5.10.15, v5.10.14 |
|
| #
7029e783 |
| 03-Jan-2021 |
Arnd Bergmann <arnd@arndb.de> |
remoteproc: qcom: pil_info: avoid 64-bit division
On 32-bit machines with 64-bit resource_size_t, the driver causes
a link failure because of the 64-bit division:
arm-linux-gnueabi-ld: drivers/remo
remoteproc: qcom: pil_info: avoid 64-bit division
On 32-bit machines with 64-bit resource_size_t, the driver causes
a link failure because of the 64-bit division:
arm-linux-gnueabi-ld: drivers/remoteproc/qcom_pil_info.o: in function `qcom_pil_info_store':
qcom_pil_info.c:(.text+0x1ec): undefined reference to `__aeabi_uldivmod'
Add a cast to an u32 to avoid this. If the resource exceeds 4GB,
there are bigger problems.
Fixes: 549b67da660d ("remoteproc: qcom: Introduce helper to store pil info in IMEM")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210103135628.3702427-1-arnd@kernel.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
show more ...
|
| #
b267688c |
| 03-Jan-2021 |
Arnd Bergmann <arnd@arndb.de> |
remoteproc: qcom: pil_info: avoid 64-bit division
[ Upstream commit 7029e783027706b427bbfbdf8558252c1dac6fa0 ]
On 32-bit machines with 64-bit resource_size_t, the driver causes
a link failure becau
remoteproc: qcom: pil_info: avoid 64-bit division
[ Upstream commit 7029e783027706b427bbfbdf8558252c1dac6fa0 ]
On 32-bit machines with 64-bit resource_size_t, the driver causes
a link failure because of the 64-bit division:
arm-linux-gnueabi-ld: drivers/remoteproc/qcom_pil_info.o: in function `qcom_pil_info_store':
qcom_pil_info.c:(.text+0x1ec): undefined reference to `__aeabi_uldivmod'
Add a cast to an u32 to avoid this. If the resource exceeds 4GB,
there are bigger problems.
Fixes: 549b67da660d ("remoteproc: qcom: Introduce helper to store pil info in IMEM")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210103135628.3702427-1-arnd@kernel.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
|
Revision tags: v5.10, v5.8.17, v5.8.16, v5.8.15, v5.9, v5.8.14, v5.8.13, v5.8.12, v5.8.11, v5.8.10, v5.8.9, v5.8.8, v5.8.7, v5.8.6, v5.4.62, v5.8.5, v5.8.4, v5.4.61, v5.8.3, v5.4.60, v5.8.2, v5.4.59, v5.8.1, v5.4.58, v5.4.57, v5.4.56, v5.8, v5.7.12, v5.4.55, v5.7.11, v5.4.54, v5.7.10, v5.4.53, v5.4.52, v5.7.9 |
|
| #
90ec257c |
| 16-Jul-2020 |
Bjorn Andersson <bjorn.andersson@linaro.org> |
remoteproc: qcom: pil-info: Fix shift overflow
On platforms with 32-bit phys_addr_t the shift to get the upper word of
the base address of the memory region is invalid. Cast the base to 64
bit to re
remoteproc: qcom: pil-info: Fix shift overflow
On platforms with 32-bit phys_addr_t the shift to get the upper word of
the base address of the memory region is invalid. Cast the base to 64
bit to resolv this.
Fixes: 549b67da660d ("remoteproc: qcom: Introduce helper to store pil info in IMEM")
Tested-by: Nathan Chancellor <natechancellor@gmail.com> # build
Reported-by: Lee Jones <lee.jones@linaro.org>
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Link: https://lore.kernel.org/r/20200716054817.157608-1-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
show more ...
|
|
Revision tags: v5.7.8, v5.4.51, v5.4.50, v5.7.7, v5.4.49, v5.7.6 |
|
| #
549b67da |
| 22-Jun-2020 |
Bjorn Andersson <bjorn.andersson@linaro.org> |
remoteproc: qcom: Introduce helper to store pil info in IMEM
A region in IMEM is used to communicate load addresses of remoteproc to
post mortem debug tools. Implement a helper function that can be
remoteproc: qcom: Introduce helper to store pil info in IMEM
A region in IMEM is used to communicate load addresses of remoteproc to
post mortem debug tools. Implement a helper function that can be used to
store this information in order to enable these tools to process
collected ramdumps.
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20200622191942.255460-3-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
show more ...
|
| #
b267688c |
| 03-Jan-2021 |
Arnd Bergmann <arnd@arndb.de> |
remoteproc: qcom: pil_info: avoid 64-bit division
[ Upstream commit 7029e783027706b427bbfbdf8558252c1dac6fa0 ]
On 32-bit machines with 64-bit resource_size_t, the driver causes
remoteproc: qcom: pil_info: avoid 64-bit division
[ Upstream commit 7029e783027706b427bbfbdf8558252c1dac6fa0 ]
On 32-bit machines with 64-bit resource_size_t, the driver causes
a link failure because of the 64-bit division:
arm-linux-gnueabi-ld: drivers/remoteproc/qcom_pil_info.o: in function `qcom_pil_info_store':
qcom_pil_info.c:(.text+0x1ec): undefined reference to `__aeabi_uldivmod'
Add a cast to an u32 to avoid this. If the resource exceeds 4GB,
there are bigger problems.
Fixes: 549b67da660d ("remoteproc: qcom: Introduce helper to store pil info in IMEM")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210103135628.3702427-1-arnd@kernel.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
|
Revision tags: v5.10, v5.8.17, v5.8.16, v5.8.15, v5.9, v5.8.14, v5.8.13, v5.8.12, v5.8.11, v5.8.10, v5.8.9, v5.8.8, v5.8.7, v5.8.6, v5.4.62, v5.8.5, v5.8.4, v5.4.61, v5.8.3, v5.4.60, v5.8.2, v5.4.59, v5.8.1, v5.4.58, v5.4.57, v5.4.56, v5.8, v5.7.12, v5.4.55, v5.7.11, v5.4.54, v5.7.10, v5.4.53, v5.4.52, v5.7.9 |
|
| #
90ec257c |
| 16-Jul-2020 |
Bjorn Andersson <bjorn.andersson@linaro.org> |
remoteproc: qcom: pil-info: Fix shift overflow
On platforms with 32-bit phys_addr_t the shift to get the upper word of
the base address of the memory region is invalid. Cast the base to
remoteproc: qcom: pil-info: Fix shift overflow
On platforms with 32-bit phys_addr_t the shift to get the upper word of
the base address of the memory region is invalid. Cast the base to 64
bit to resolv this.
Fixes: 549b67da660d ("remoteproc: qcom: Introduce helper to store pil info in IMEM")
Tested-by: Nathan Chancellor <natechancellor@gmail.com> # build
Reported-by: Lee Jones <lee.jones@linaro.org>
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Link: https://lore.kernel.org/r/20200716054817.157608-1-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
show more ...
|
|
Revision tags: v5.7.8, v5.4.51, v5.4.50, v5.7.7, v5.4.49, v5.7.6 |
|
| #
549b67da |
| 22-Jun-2020 |
Bjorn Andersson <bjorn.andersson@linaro.org> |
remoteproc: qcom: Introduce helper to store pil info in IMEM
A region in IMEM is used to communicate load addresses of remoteproc to
post mortem debug tools. Implement a helper function
remoteproc: qcom: Introduce helper to store pil info in IMEM
A region in IMEM is used to communicate load addresses of remoteproc to
post mortem debug tools. Implement a helper function that can be used to
store this information in order to enable these tools to process
collected ramdumps.
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20200622191942.255460-3-bjorn.andersson@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
show more ...
|