Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1fcf7c55 authored by Dinesh K Garg's avatar Dinesh K Garg
Browse files

crypto: ice: Fix stack overflow while creating ICE device 



ICE driver creates ICE device. There could be either SDCC or UFS
based ICE device. Hence, ICE driver was using dynamic string to
register corresponding ICE device. However, API implementing MACRO
class_create(owner, name) expacts a const string. Providing MACRO
class_create(owner, name) with a dynamic string caused stack overflow.
Fixing this error by statically allocating ICE device name for both
SDCC and UFS based ICE device.

[   40.929774] BUG: KASan: out of bounds on stack in string.isra.5+0xb0/0x118 at addr ffffffc0715efad0
[   40.929787] Read of size 1 by task ueventd/402
[   40.929803] page:ffffffba463f1450 count:0 mapcount:0 mapping:          (null) index:0x0
[   40.929820] flags: 0x0()
[   40.929827] page dumped because: kasan: bad access detected
[   40.929848] CPU: 3 PID: 402 Comm: ueventd Tainted: G        W      3.18.20-ga7b28e9-13016-g2566284 #1
[   40.929857] Hardware name: Qualcomm Technologies, Inc. MSM 8996 v2 + PMI8994 + PM8004 MTP (DT)
[   40.929870] Call trace:
[   40.929899] [<ffffffc000089ec4>] dump_backtrace+0x0/0x1c4
[   40.929911] [<ffffffc00008a098>] show_stack+0x10/0x1c
[   40.929936] [<ffffffc0011bdd0c>] dump_stack+0x74/0xc8
[   40.929962] [<ffffffc0002108f4>] kasan_report_error+0x2bc/0x414
[   40.929972] [<ffffffc000210b28>] kasan_report+0x34/0x40
[   40.929983] [<ffffffc00020ff80>] __asan_load1+0x64/0x70
[   40.929993] [<ffffffc00045aaa0>] string.isra.5+0xac/0x118
[   40.930006] [<ffffffc00045ca88>] vsnprintf+0x34c/0x69c
[   40.930017] [<ffffffc000451a58>] add_uevent_var+0xf4/0x1a8
[   40.930027] [<ffffffc000451d68>] kobject_uevent_env+0x25c/0x6f8
[   40.930037] [<ffffffc000452210>] kobject_uevent+0xc/0x18
[   40.930059] [<ffffffc000728c40>] uevent_store+0x88/0xcc
[   40.930070] [<ffffffc00072723c>] dev_attr_store+0x44/0x58
[   40.930088] [<ffffffc0002a7110>] sysfs_kf_write+0x8c/0xa4
[   40.930100] [<ffffffc0002a5da8>] kernfs_fop_write+0x15c/0x1b8
[   40.930117] [<ffffffc00021b0cc>] vfs_write+0x100/0x210
[   40.930129] [<ffffffc00021bb3c>] SyS_write+0xa8/0x114
[   40.930136] Memory state around the buggy address:
[   40.930156]  ffffffc0715ef980: f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2
[   40.930165]  ffffffc0715efa00: f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 06 f2 f2
[   40.930176] >ffffffc0715efa80: f2 f2 00 00 00 06 f3 f3 f3 f3 f3 f3 f3 f3 00 00
[   40.930182]                                                  ^
[   40.930194]  ffffffc0715efb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   40.930202]  ffffffc0715efb80: f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00
[   40.930208] ==================================================================
[   40.930451] ==================================================================
[   40.930479] BUG: KASan: out of bounds on stack in string.isra.5+0xb0/0x118 at addr ffffffc0715efad1
[   40.930488] Read of size 1 by task ueventd/402
[   40.930498] page:ffffffba463f1450 count:0 mapcount:0 mapping:          (null) index:0x0
[   40.930511] flags: 0x0()
[   40.930519] page dumped because: kasan: bad access detected

Change-Id: I5b7eadf428efeb846ebea5e53f805865eea20251
Signed-off-by: default avatarDinesh K Garg <dineshg@codeaurora.org>
parent 53d2912c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment