mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-10 15:58:47 +00:00
72f039db49
It's possible that struct qmp_phy_cfg->regs references an array that is smaller than the possible register lookups that is going to be performed, with the resulting out-of-bounds read resulting in undefined behavior. One such example is when during qcom_qmp_phy_com_init() performs a qphy_setbits() on entry QPHY_PCS_POWER_DOWN_CONTROL (i.e. 17) with msm8996_ufsphy_regs_layout only being 12 entries long. Solve this by inflating all "regs_layout" arrays to ensure that any remaining entries are zero-initialized, as expected by the code. Fixes: e4d8b05ad5f9 ("phy: qcom-qmp: Use proper PWRDOWN offset for sm8150 USB") Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Link: https://lore.kernel.org/r/20200515013643.2081941-1-bjorn.andersson@linaro.org Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>