On Wed, May 10, 2023 at 09:45:22AM -0600, Jeffrey Hugo wrote:
> Commit 6a0c637bfee69a74c104468544d9f2a6579626d0 upstream.
>
> If the value read from the CHDBOFF and ERDBOFF registers is outside the
> range of the MHI register space then an invalid address might be computed
> which later causes a kernel panic. Range check the read value to prevent
> a crash due to bad data from the device.
>
> Fixes: 6cd330ae76ff ("bus: mhi: core: Add support for ringing channel/event ring doorbells")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Jeffrey Hugo <quic_jhugo@xxxxxxxxxxx>
> Reviewed-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy@xxxxxxxxxxx>
> Reviewed-by: Manivannan Sadhasivam <mani@xxxxxxxxxx>
> Link: https://lore.kernel.org/r/1679674384-27209-1-git-send-email-quic_jhugo@xxxxxxxxxxx
> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@xxxxxxxxxx>
> ---
> drivers/bus/mhi/core/init.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
This breaks the build, did you test it?
