shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-08 20:07:46 +09:00
Code Issues Packages Projects Releases Wiki Activity

security: fix security issues about memory and registers

Browse Source 
PD#138714: fix security issuses
1.Kernel Memory Corruption in efuse_read_usr()
Kernel Memory Corruption in efuse_read_usr()

2.Audio SoC DebugFS Entry Allows Kernel Memory Corruption

3.Kernel Stack Buffer Overwrite in clk_test debugfs

4.Register DebugFS Entry Allows Kernel Memory Read

Change-Id: I49373967732dde10e589f07aaab313340ba726e7
Signed-off-by: jianxin.pan <jianxin.pan@amlogic.com>
This commit is contained in:
jianxin.pan
2017-08-17 20:31:47 +08:00
committed by Victor Wan
parent b0b5c33480
commit 2e1f080dbb
5 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/amlogic/clk/clk_test.c
View File

@@ -81,7 +81,7 @@ static ssize_t clk_test_write(struct file *file, const char __user *userbuf,
buf[count] = 0;
ret = sscanf(buf, "%s %s %lu", get_set, clk_name, &rate);
ret = sscanf(buf, "%3s %31s %lu", get_set, clk_name, &rate);
switch (ret) {
case 1:
pr_err("%s error usage!\n", __func__);

2
drivers/amlogic/clk/m8b/clk_test.c
View File

@@ -84,7 +84,7 @@ static ssize_t clk_test_write(struct file *file, const char __user *userbuf,
buf[count] = 0;
ret = sscanf(buf, "%s %s %lu", get_set, clk_name, &rate);
ret = sscanf(buf, "%3s %31s %lu", get_set, clk_name, &rate);
switch (ret) {
case 1:
pr_err("%s error usage!\n", __func__);

4
drivers/amlogic/efuse/efuse_hw64.c
View File

@@ -203,6 +203,8 @@ ssize_t efuse_read_usr(char *buf, size_t count, loff_t *ppos)
ssize_t ret;
loff_t pos;
if (count > EFUSE_BYTES)
count = EFUSE_BYTES;
memset(data, 0, count);
pdata = data;
@@ -225,6 +227,8 @@ ssize_t efuse_write_usr(char *buf, size_t count, loff_t *ppos)
pr_info("data length: 0 is error!\n");
return -1;
}
if (count > EFUSE_BYTES)
count = EFUSE_BYTES;
memset(data, 0, EFUSE_BYTES);

4
drivers/amlogic/reg_access/reg_access.c
View File

@@ -189,9 +189,9 @@ static int __init aml_debug_init(void)
}
aml_dev.debugfs_reg_access = aml_reg_access;
debugfs_create_file("paddr", S_IFREG | 0444,
debugfs_create_file("paddr", S_IFREG | 0440,
debugfs_root, &aml_dev, &paddr_file_ops);
debugfs_create_file("dump", S_IFREG | 0444,
debugfs_create_file("dump", S_IFREG | 0440,
debugfs_root, &aml_dev, &dump_file_ops);
return 0;
}

2
sound/soc/soc-core.c
View File

@@ -324,7 +324,7 @@ static void soc_init_codec_debugfs(struct snd_soc_component *component)
{
struct snd_soc_codec *codec = snd_soc_component_to_codec(component);
codec->debugfs_reg = debugfs_create_file("codec_reg", 0644,
codec->debugfs_reg = debugfs_create_file("codec_reg", 0440,
codec->component.debugfs_root,
codec, &codec_reg_fops);
if (!codec->debugfs_reg)