diff options
| author | Michal Kazior <[email protected]> | 2015-06-15 14:46:42 +0300 |
|---|---|---|
| committer | Kalle Valo <[email protected]> | 2015-06-16 13:10:50 +0300 |
| commit | aeae5b4cd9185b0dc72f6d6102cf45073bfbc974 (patch) | |
| tree | cf8152ef7147b6e9cdddaf0894c895e2127dee21 /tools/perf/scripts/python | |
| parent | c702534a23d61deaa0565ef0495ab866c06c4325 (diff) | |
ath10k: prevent debugfs mmio access crash kernel
It was possible to force an out of bounds MMIO
read/write via debugfs. E.g. on QCA988X this could
be triggered with:
echo 0x2080e0 | tee /sys/kernel/debug/ieee80211/*/ath10k/reg_addr
cat /sys/kernel/debug/ieee80211/*/ath10k/reg_value
BUG: unable to handle kernel paging request at ffffc90001e080e0
IP: [<ffffffff8135c860>] ioread32+0x40/0x50
...
Call Trace:
[<ffffffffa00d0c7f>] ? ath10k_pci_read32+0x4f/0x70 [ath10k_pci]
[<ffffffffa0080f50>] ath10k_reg_value_read+0x90/0xf0 [ath10k_core]
[<ffffffff8115c2c1>] ? handle_mm_fault+0xa91/0x1050
[<ffffffff81189758>] __vfs_read+0x28/0xe0
[<ffffffff812e4694>] ? security_file_permission+0x84/0xa0
[<ffffffff81189ce3>] ? rw_verify_area+0x53/0x100
[<ffffffff81189e1a>] vfs_read+0x8a/0x140
[<ffffffff8118acb9>] SyS_read+0x49/0xb0
[<ffffffff8104e39c>] ? trace_do_page_fault+0x3c/0xc0
[<ffffffff8196596e>] system_call_fastpath+0x12/0x71
Reported-by: Ben Greear <[email protected]>
Signed-off-by: Michal Kazior <[email protected]>
Signed-off-by: Kalle Valo <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions