This is a note to let you know that I've just added the patch titled
pinctrl: nuvoton: wpcm450: fix out of bounds write
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
pinctrl-nuvoton-wpcm450-fix-out-of-bounds-write.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit e84c03cda4e0799d9453b986c3be29cc6a0c8f61
Author: Mikhail Kobuk <m.kobuk@xxxxxxxxx>
Date: Fri Aug 25 13:15:28 2023 +0300
pinctrl: nuvoton: wpcm450: fix out of bounds write
[ Upstream commit 87d315a34133edcb29c4cadbf196ec6c30dfd47b ]
Write into 'pctrl->gpio_bank' happens before the check for GPIO index
validity, so out of bounds write may happen.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: a1d1e0e3d80a ("pinctrl: nuvoton: Add driver for WPCM450")
Signed-off-by: Mikhail Kobuk <m.kobuk@xxxxxxxxx>
Reviewed-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@xxxxxxx>
Link: https://lore.kernel.org/r/20230825101532.6624-1-m.kobuk@xxxxxxxxx
Signed-off-by: Linus Walleij <linus.walleij@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/pinctrl/nuvoton/pinctrl-wpcm450.c b/drivers/pinctrl/nuvoton/pinctrl-wpcm450.c
index 2d1c1652cfd9d..8a9961ac87128 100644
--- a/drivers/pinctrl/nuvoton/pinctrl-wpcm450.c
+++ b/drivers/pinctrl/nuvoton/pinctrl-wpcm450.c
@@ -1062,13 +1062,13 @@ static int wpcm450_gpio_register(struct platform_device *pdev,
if (ret < 0)
return ret;
- gpio = &pctrl->gpio_bank[reg];
- gpio->pctrl = pctrl;
-
if (reg >= WPCM450_NUM_BANKS)
return dev_err_probe(dev, -EINVAL,
"GPIO index %d out of range!\n", reg);
+ gpio = &pctrl->gpio_bank[reg];
+ gpio->pctrl = pctrl;
+
bank = &wpcm450_banks[reg];
gpio->bank = bank;
