Michal Kazior <michal.kazior@xxxxxxxxx> writes: > It was possible to force an out of bounds MMIO > read/write via debugfs. E.g. on QCA988X this could > be triggered with: > > echo 0x2080e0 | tee /sys/kernel/debug/ieee80211/*/ath10k/reg_addr > cat /sys/kernel/debug/ieee80211/*/ath10k/reg_value > > BUG: unable to handle kernel paging request at ffffc90001e080e0 > IP: [<ffffffff8135c860>] ioread32+0x40/0x50 > ... > Call Trace: > [<ffffffffa00d0c7f>] ? ath10k_pci_read32+0x4f/0x70 [ath10k_pci] > [<ffffffffa0080f50>] ath10k_reg_value_read+0x90/0xf0 [ath10k_core] > [<ffffffff8115c2c1>] ? handle_mm_fault+0xa91/0x1050 > [<ffffffff81189758>] __vfs_read+0x28/0xe0 > [<ffffffff812e4694>] ? security_file_permission+0x84/0xa0 > [<ffffffff81189ce3>] ? rw_verify_area+0x53/0x100 > [<ffffffff81189e1a>] vfs_read+0x8a/0x140 > [<ffffffff8118acb9>] SyS_read+0x49/0xb0 > [<ffffffff8104e39c>] ? trace_do_page_fault+0x3c/0xc0 > [<ffffffff8196596e>] system_call_fastpath+0x12/0x71 > > Reported-by: Ben Greear <greearb@xxxxxxxxxxxxxxx> > Signed-off-by: Michal Kazior <michal.kazior@xxxxxxxxx> Thanks, applied. -- Kalle Valo -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
