Re: [v2][PATCH] pinctrl: freescale: Fix a memory out of bounds when num_configs is 1

[andy . shevchenko]

Wed, May 03, 2023 at 09:21:27AM +0800, Xiaolei Wang kirjoitti:
> The config passed in by pad wakeup is 1, When num_configs is 1,
> configs[1] should not be obtained, which will generate the
> following memory out-of-bounds situation:
> 
> BUG: KASAN: stack out of bounds in imx_pinconf_set_scu+0x9c/0x160
>   Read size 8 at address ffff8000104c7558 by task sh/664
>   CPU: 3 PID: 664 Communication: sh Tainted: G WC 6.1.20 #1
>      Hardware name: Freescale i.MX8QM MEK (DT)
>   Call trace:
>     dump_backtrace.part.0+0xe0/0xf0
>     show stack+0x18/0x30
>     dump_stack_lvl+0x64/0x80
>     print report +0x154/0x458
>     kasan_report+0xb8/0x100
>     __asan_load8+0x80/0xac
>     imx_pinconf_set_scu+0x9c/0x160
>     imx_pinconf_set+0x6c/0x214
>     pinconf_set_config+0x68/0x90
>     pinctrl_gpio_set_config+0x138/0x170
>     gpiochip_generic_config+0x44/0x60
>     mxc_gpio_set_pad_wakeup+0x100/0x140
>     mxc_gpio_noirq_suspend+0x50/0x74
>     pm_generic_suspend_noirq+0x4c/0x70
>     genpd_finish_suspend+0x174/0x260
>     genpd_suspend_noirq+0x14/0x20
>     dpm_run_callback.constprop.0+0x48/0xec
>     __device_suspend_noirq+0x1a8/0x370
>     dpm_noirq_suspend_devices+0x1cc/0x320
>     dpm_suspend_noirq+0x7c/0x11c
>     suspend_devices_and_enter+0x27c/0x760
>     pm_suspend+0x36c/0x3e0

I have already pointed out to the documentation in which you may find what to
do to make above better. 

> Fixes: f60c9eac54af ("gpio: mxc: enable pad wakeup on i.MX8x platforms")
> Signed-off-by: Xiaolei Wang <xiaolei.wang@xxxxxxxxxxxxx>
> ---

Where is the changelog?

-- 
With Best Regards,
Andy Shevchenko