This is a note to let you know that I've just added the patch titled
soc: qcom: pmic_glink_altmode: fix port sanity check
to the 6.7-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
soc-qcom-pmic_glink_altmode-fix-port-sanity-check.patch
and it can be found in the queue-6.7 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan+linaro@xxxxxxxxxx>
Date: Thu, 9 Nov 2023 10:31:00 +0100
Subject: soc: qcom: pmic_glink_altmode: fix port sanity check
From: Johan Hovold <johan+linaro@xxxxxxxxxx>
commit c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0 upstream.
The PMIC GLINK altmode driver currently supports at most two ports.
Fix the incomplete port sanity check on notifications to avoid
accessing and corrupting memory beyond the port array if we ever get a
notification for an unsupported port.
Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support")
Cc: stable@xxxxxxxxxxxxxxx # 6.3
Signed-off-by: Johan Hovold <johan+linaro@xxxxxxxxxx>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx>
Reviewed-by: Konrad Dybcio <konrad.dybcio@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20231109093100.19971-1-johan+linaro@xxxxxxxxxx
Signed-off-by: Bjorn Andersson <andersson@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/soc/qcom/pmic_glink_altmode.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/soc/qcom/pmic_glink_altmode.c
+++ b/drivers/soc/qcom/pmic_glink_altmode.c
@@ -285,7 +285,7 @@ static void pmic_glink_altmode_sc8180xp_
svid = mux == 2 ? USB_TYPEC_DP_SID : 0;
- if (!altmode->ports[port].altmode) {
+ if (port >= ARRAY_SIZE(altmode->ports) || !altmode->ports[port].altmode) {
dev_dbg(altmode->dev, "notification on undefined port %d\n", port);
return;
}
@@ -328,7 +328,7 @@ static void pmic_glink_altmode_sc8280xp_
hpd_state = FIELD_GET(SC8280XP_HPD_STATE_MASK, notify->payload[8]);
hpd_irq = FIELD_GET(SC8280XP_HPD_IRQ_MASK, notify->payload[8]);
- if (!altmode->ports[port].altmode) {
+ if (port >= ARRAY_SIZE(altmode->ports) || !altmode->ports[port].altmode) {
dev_dbg(altmode->dev, "notification on undefined port %d\n", port);
return;
}
Patches currently in stable-queue which might be from johan+linaro@xxxxxxxxxx are
queue-6.7/arm64-dts-qcom-sm8150-fix-usb-wakeup-interrupt-types.patch
queue-6.7/arm64-dts-qcom-sdm670-fix-usb-wakeup-interrupt-types.patch
queue-6.7/arm64-dts-qcom-sc7180-fix-usb-wakeup-interrupt-types.patch
queue-6.7/soc-qcom-pmic_glink_altmode-fix-port-sanity-check.patch
queue-6.7/arm64-dts-qcom-sc8280xp-crd-fix-edp-phy-compatible.patch
queue-6.7/arm64-dts-qcom-sdm845-fix-usb-wakeup-interrupt-types.patch
queue-6.7/arm64-dts-qcom-sc7280-fix-usb_1-wakeup-interrupt-types.patch
queue-6.7/arm64-dts-qcom-sc8180x-fix-usb-wakeup-interrupt-types.patch
queue-6.7/arm-dts-qcom-sdx55-fix-pdc-interrupt-cells.patch
queue-6.7/arm-dts-qcom-sdx55-fix-usb-wakeup-interrupt-types.patch
