hdmirx: fix kasan bug in rx_get_edid

PD#172927: hdmirx: fix KASAN bug in rx_get_edid BUG: KASAN: global-out-of-bounds in rx_get_edid+0x74/0xa0 Read of size 8 at addr ffffff900bda5cb8 by task swapper/0/1 CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.9.113 #3 Hardware name: Amlogic (DT) Call trace: [<ffffff900908ecc0>] dump_backtrace+0x0/0x368 [<ffffff900908f0cc>] show_stack+0x24/0x30 [<ffffff900963bdb0>] dump_stack+0xa0/0xc8 [<ffffff90092ba21c>] print_address_description+0x144/0x258 [<ffffff90092ba694>] kasan_report+0x264/0x338 [<ffffff90092b8cd4>] __asan_load8+0x84/0x98 [<ffffff9009cdd394>] rx_get_edid+0x74/0xa0 [<ffffff9009cde2ec>] hdmi_rx_top_edid_update+0xb4/0x1d8 [<ffffff9009ccf524>] hdmirx_hw_probe+0x10c/0x168 [<ffffff9009cd3eb0>] hdmirx_probe+0x9d8/0x10f8 [<ffffff9009762b60>] platform_drv_probe+0x78/0xf8 [<ffffff900975f93c>] driver_probe_device+0x134/0x380 [<ffffff900975fc74>] __driver_attach+0xec/0xf0 [<ffffff900975c71c>] bus_for_each_dev+0xf4/0x160 [<ffffff900975eec8>] driver_attach+0x38/0x48 [<ffffff900975e748>] bus_add_driver+0x1b0/0x308 [<ffffff9009760d34>] driver_register+0xbc/0x1a0 [<ffffff9009762a4c>] __platform_driver_register+0x84/0x90 [<ffffff900ac1752c>] hdmirx_init+0xa0/0xfc [<ffffff900908421c>] do_one_initcall+0xac/0x1f8 [<ffffff900abc10bc>] kernel_init_freeable+0x254/0x2f4 [<ffffff900a2929b0>] kernel_init+0x18/0x118 [<ffffff9009083e80>] ret_from_fork+0x10/0x50 The buggy address belongs to the variable: edid_list+0x38/0x60 Memory state around the buggy address: ffffff900bda5b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffff900bda5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffff900bda5c80: 00 00 00 00 00 00 fa fa fa fa fa fa 04 fa fa fa ^ ffffff900bda5d00: fa fa fa fa 01 fa fa fa fa fa fa fa 00 00 00 00 ffffff900bda5d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Change-Id: Ie0bdc00195732b4bc6f317c33dcc34ace3dc4051 Signed-off-by: Hang Cheng <hang.cheng@amlogic.com>
2026-06-08 03:40:35 +09:00 · 2018-09-06 17:38:24 +08:00
parent b18fccc8da
commit ad6584e66e
2 changed files with 4 additions and 2 deletions
--- a/drivers/amlogic/media/vin/tvin/hdmirx/hdmi_rx_drv.h
+++ b/drivers/amlogic/media/vin/tvin/hdmirx/hdmi_rx_drv.h
@@ -46,7 +46,7 @@
 *
 *
 */
-#define RX_VER2 "ver.2018/09/04"
+#define RX_VER2 "ver.2018/09/06"

 /*print type*/
 #define	LOG_EN		0x01
--- a/drivers/amlogic/media/vin/tvin/hdmirx/hdmi_rx_edid.c
+++ b/drivers/amlogic/media/vin/tvin/hdmirx/hdmi_rx_edid.c
@@ -1163,6 +1163,8 @@ unsigned int hdmi_rx_top_edid_update(void)
 	u_int phy_addr[E_PORT_NUM] = {0, 0, 0, 0};
 	u_char checksum[E_PORT_NUM] = {0, 0, 0, 0};

+	if (edid_index >= EDID_LIST_NUM)
+		return 0;
 	/* get edid from buffer, return buffer addr */
 	pedid_data = rx_get_edid(edid_index);

@@ -1195,7 +1197,7 @@ unsigned int hdmi_rx_top_edid_update(void)
 		/* update physical and checksum */
 	rx_edid_update_overlay(phy_addr_offset, phy_addr, checksum);
 	}
-	return true;
+	return 1;
 }

 void rx_edid_print_vic_fmt(unsigned char i,