Commit cdcba52a authored Apr 28, 2015 by Ram Chandrasekar Committed by Gerrit - the friendly Code Review server Jan 04, 2017
msm: limits: Fix out of bound access



Out of bound access is reported by kernel address
sanitizer (KASan) tool.

==================================================================
BUG: KASan: out of bounds access in lmh_mon_init_call+0xec/0x180
at addr ffffffc0a297e108
Write of size 8 by task swapper/0/1

===========================================================================
BUG kmalloc-64 (Not tainted): kasan: bad access detected

---------------------------------------------------------------------------

Disabling lock debugging due to kernel taint
INFO: Slab 0xffffffbc0659eec0 objects=64 used=64 fp=0x(null) flags=0x0080
INFO: Object 0xffffffc0a297e100 @offset=256 fp=0xffffffc0a3b87cb0
Bytes b4 ffffffc0a297e0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Object ffffffc0a297e100: b0 7c b8 a3 c0 ff ff ff 00 00 00 00 00 00 00 00
Object ffffffc0a297e110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Object ffffffc0a297e120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Object ffffffc0a297e130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CPU: 0 PID: 1 Comm: swapper/0 Tainted: G    B
3.10.49-gef71b0c-00348-g4f06d68-dirty #160
Call trace:
[<ffffffc00040a2d4>] dump_backtrace+0x0/0x1d4
[<ffffffc00040a4b8>] show_stack+0x10/0x1c
[<ffffffc000face70>] dump_stack+0x1c/0x28
[<ffffffc00054d3a0>] print_trailer+0x144/0x158
[<ffffffc00054d6fc>] object_err+0x38/0x4c
[<ffffffc0005523dc>] kasan_report_error+0x228/0x3e4
[<ffffffc0005526a8>] kasan_report+0x68/0x78
[<ffffffc00055173c>] __asan_store8+0x94/0xa0
[<ffffffc00183c0a8>] lmh_mon_init_call+0xe8/0x180
[<ffffffc000400b08>] do_one_initcall+0xcc/0x188
[<ffffffc001800bd0>] kernel_init_freeable+0x1c0/0x264
[<ffffffc000f9f338>] kernel_init+0x10/0xcc
Memory state around the buggy address:
ffffffc0a297e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc0a297e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc0a297e100: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                       ^
ffffffc0a297e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffffffc0a297e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

Fix out of bound access by allocating the buffer
with right size.

Change-Id: I90d669095030dd80c09d3e69ad3fdfa3f7483b19
Signed-off-by: Ram Chandrasekar <rkumbako@codeaurora.org>
parent 6cdf7452
Hide whitespace changes
Inline Side-by-side
Please register or to comment