Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2024-12-28 16:53:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
linux/drivers/usb/typec
History
Lucas De Marchi 33ead7e538 usb: typec: ucsi: Fix connector status writing past buffer size 
Similar to commit 65c4c9447b ("usb: typec: ucsi: Fix a missing bits to
bytes conversion in ucsi_init()"), there was a missing conversion from
bits to bytes. Here the outcome is worse though: since the value is
lower than UCSI_MAX_DATA_LENGTH, instead of bailing out with an error,
it writes past the buffer size.

The error is then seen in other places like below:

	Oops: general protection fault, probably for non-canonical address 0x891e812cd0ed968: 0000 [#1] PREEMPT SMP NOPTI
	CPU: 3 UID: 110 PID: 906 Comm: prometheus-node Not tainted 6.13.0-rc1-xe #1
	Hardware name: Intel Corporation Lunar Lake Client Platform/LNL-M LP5 RVP1, BIOS LNLMFWI1.R00.3222.D84.2410171025 10/17/2024
	RIP: 0010:power_supply_get_property+0x3e/0xe0
	Code: 85 c0 7e 4f 4c 8b 07 89 f3 49 89 d4 49 8b 48 20 48 85 c9 74 72 49 8b 70 18 31 d2 31 c0 eb 0b 83 c2 01 48 63 c2 48 39 c8 73 5d <3b> 1c 86 75 f0 49 8b 40 28 4c 89 e2 89 de ff d0 0f 1f 00 5b 41 5c
	RSP: 0018:ffffc900017dfa50 EFLAGS: 00010246
	RAX: 0000000000000000 RBX: 0000000000000011 RCX: c963b02c06092008
	RDX: 0000000000000000 RSI: 0891e812cd0ed968 RDI: ffff888121dd6800
	RBP: ffffc900017dfa68 R08: ffff88810a4024b8 R09: 0000000000000000
	R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900017dfa78
	R13: ffff888121dd6800 R14: ffff888138ad2c00 R15: ffff88810c57c528
	FS:  00007713a2ffd6c0(0000) GS:ffff88846f380000(0000) knlGS:0000000000000000
	CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
	CR2: 000000c0004b1000 CR3: 0000000121ce8003 CR4: 0000000000f72ef0
	DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
	DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400
	PKRU: 55555554
	Call Trace:
	 <TASK>
	 ? show_regs+0x6c/0x80
	 ? die_addr+0x37/0xa0
	 ? exc_general_protection+0x1c1/0x440
	 ? asm_exc_general_protection+0x27/0x30
	 ? power_supply_get_property+0x3e/0xe0
	 power_supply_hwmon_read+0x50/0xe0
	 hwmon_attr_show+0x46/0x170
	 dev_attr_show+0x1a/0x70
	 sysfs_kf_seq_show+0xaa/0x120
	 kernfs_seq_show+0x41/0x60

Just use the buffer size as argument to fix it.

Fixes: 226ff2e681 ("usb: typec: ucsi: Convert connector specific commands to bitmaps")
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
Reviewed-by: Thomas Weißschuh <linux@weissschuh.net>
Reviewed-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Reported-by: Chaitanya Kumar Borah <chaitanya.kumar.borah@intel.com>
Closes: https://lore.kernel.org/all/SJ1PR11MB6129CCD82CD78D8EE6E27EF4B9362@SJ1PR11MB6129.namprd11.prod.outlook.com/
Suggested-by: Thomas Weißschuh <linux@weissschuh.net>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tested-by: Chaitanya Kumar Borah <chaitanya.kumar.borah@intel.com>
Link: https://lore.kernel.org/r/20241203200010.2821132-1-lucas.demarchi@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-12-04 16:30:28 +01:00
..
altmodes usb: typec: Fix typo in comment 2024-10-04 15:08:45 +02:00
mux usb: typec: mux: Add support for the TUSB1046 crosspoint switch 2024-11-04 01:30:00 +01:00
tcpm USB / Thunderbolt (USB4) changes for 6.13-rc1 2024-11-29 11:19:31 -08:00
tipd USB/Thunderbolt update for 6.12-rc1 2024-09-26 09:45:36 -07:00
ucsi usb: typec: ucsi: Fix connector status writing past buffer size 2024-12-04 16:30:28 +01:00
anx7411.c usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() 2024-12-04 16:25:54 +01:00
bus.c driver core: have match() callback in struct bus_type take a const * 2024-07-03 15:16:54 +02:00
bus.h USB: mark all struct bus_type as const 2023-03-23 13:22:00 +01:00
class.c Merge v6.12-rc6 into usb-next 2024-11-05 09:56:08 +01:00
class.h usb: typec: Add attribute file showing the USB Modes of the partner 2024-10-17 08:41:45 +02:00
hd3ss3220.c usb: Switch i2c drivers back to use .probe() 2023-05-29 15:53:11 +01:00
Kconfig usb: typec: qcom: Add Qualcomm PMIC Type-C driver 2023-05-13 19:03:46 +09:00
Makefile usb: typec: qcom: Add Qualcomm PMIC Type-C driver 2023-05-13 19:03:46 +09:00
mux.c usb: typec: constify struct class usage 2024-03-02 20:21:06 +01:00
mux.h usb: typec: mux: Introduce indirection 2022-04-26 13:47:13 +02:00
pd.c usb: typec: constify the struct device_type usage 2024-02-19 09:35:46 +01:00
pd.h usb: typec: Separate USB Power Delivery from USB Type-C 2022-06-12 06:49:47 +02:00
port-mapper.c usb: typec: Link enumerated USB devices with Type-C partner 2023-10-16 20:02:36 +02:00
retimer.c usb: typec: constify struct class usage 2024-03-02 20:21:06 +01:00
retimer.h usb: typec: Make bus switch code retimer-aware 2023-01-17 17:29:00 +01:00
rt1719.c power: supply: Change usb_types from an array into a bitmask 2024-09-03 23:20:28 +02:00
stusb160x.c usb: typec: stusb160x: Make use of i2c_get_match_data() 2024-10-04 15:12:15 +02:00
wusb3801.c usb: Switch i2c drivers back to use .probe() 2023-05-29 15:53:11 +01:00