github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
452f64ee09
linux/drivers/misc
History
Jonas Malaco 9a5f471ae3 eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX 
commit c0689e46be upstream.

Commit effa453168 ("i2c: i801: Don't silently correct invalid transfer
size") revealed that ee1004_eeprom_read() did not properly limit how
many bytes to read at once.

In particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the
length to read as an u8.  If count == 256 after taking into account the
offset and page boundary, the cast to u8 overflows.  And this is common
when user space tries to read the entire EEPROM at once.

To fix it, limit each read to I2C_SMBUS_BLOCK_MAX (32) bytes, already
the maximum length i2c_smbus_read_i2c_block_data_or_emulated() allows.

Fixes: effa453168 ("i2c: i801: Don't silently correct invalid transfer size")
Cc: stable@vger.kernel.org
Reviewed-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Jonas Malaco <jonas@protocubo.io>
Link: https://lore.kernel.org/r/20220203165024.47767-1-jonas@protocubo.io
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-02-16 12:56:33 +01:00
..
altera-stapl
bcm-vk misc: bcm-vk: fix tty registration race 2021-09-21 16:17:15 +02:00
c2port
cardreader misc: rtsx: Avoid mangling IRQ during runtime PM 2021-12-14 10:57:22 +01:00
cb710 cb710: avoid NULL pointer subtraction 2021-10-05 15:50:05 +02:00
cxl
echo
eeprom eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX 2022-02-16 12:56:33 +01:00
genwqe misc: genwqe: Fixes DMA mask setting 2021-09-14 10:45:41 +02:00
habanalabs habanalabs: skip read fw errors if dynamic descriptor invalid 2022-01-27 11:05:04 +01:00
ibmasm
lis3lv02d platform/x86: hp_accel: Remove _INI method call 2021-08-26 15:09:18 +02:00
lkdtm lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() 2022-01-27 11:02:57 +01:00
mei mei: hbm: fix client dma reply status 2022-01-27 11:02:56 +01:00
ocxl
pvpanic misc/pvpanic: fix set driver data 2021-08-27 16:22:26 +02:00
sgi-gru misc: sgi-gru: Convert from atomic_t to refcount_t on gru_thread_state->ts_refcnt 2021-07-21 13:50:54 +02:00
sgi-xp sgi-xpc: Replace deprecated CPU-hotplug functions. 2021-08-03 16:30:36 +02:00
ti-st
uacce
vmw_vmci VMCI: fix NULL pointer dereference when unmapping queue pair 2021-08-27 16:21:59 +02:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c
ad525x_dpot.h
apds990x.c
apds9802als.c
atmel-ssc.c
bh1770glc.c
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
dw-xdata-pcie.c
enclosure.c
fastrpc.c misc: fastrpc: avoid double fput() on failed usercopy 2022-02-16 12:56:24 +01:00
gehc-achc.c misc: gehc: Add SPI ID table 2021-10-05 15:47:18 +02:00
hi6421v600-irq.c staging: hikey9xx: split hi6421v600 irq into a separate driver 2021-07-21 11:24:43 +02:00
hisi_hikey_usb.c
hmc6352.c
hpilo.c
hpilo.h
ibmvmc.c
ibmvmc.h
ics932s401.c
isl29003.c
isl29020.c
Kconfig misc: HI6421V600_IRQ should depend on HAS_IOMEM 2021-10-05 16:07:56 +02:00
kgdbts.c
lattice-ecp3-config.c misc: lattice-ecp3-config: Fix task hung when firmware load failed 2022-01-27 11:04:17 +01:00
Makefile IIO / Staging driver update for 5.15-rc1 2021-09-01 09:45:57 -07:00
pch_phub.c
pci_endpoint_test.c pci-v5.15-changes 2021-09-07 19:13:42 -07:00
phantom.c
qcom-coincell.c
sram-exec.c
sram.c misc: sram: Only map reserved areas in Tegra SYSRAM 2021-08-05 14:27:46 +02:00
sram.h misc: sram: Only map reserved areas in Tegra SYSRAM 2021-08-05 14:27:46 +02:00
tifm_7xx1.c
tifm_core.c bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
tsl2550.c
vmw_balloon.c
xilinx_sdfec.c