WSL2-Linux-Kernel/drivers/macintosh
Ning Qiang c81d1bb58c macintosh/adb: fix oob read in do_adb_query() function
commit fd97e4ad6d upstream.

In do_adb_query() function of drivers/macintosh/adb.c, req->data is copied
form userland. The parameter "req->data[2]" is missing check, the array
size of adb_handler[] is 16, so adb_handler[req->data[2]].original_address and
adb_handler[req->data[2]].handler_id will lead to oob read.

Cc: stable <stable@kernel.org>
Signed-off-by: Ning Qiang <sohu0106@126.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220713153734.2248-1-sohu0106@126.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-11 13:07:54 +02:00
..
ams macintosh/ams-input: switch to using input device polling mode 2020-05-28 23:24:32 +10:00
Kconfig macintosh: via-pmu and via-cuda need RTC_LIB 2022-06-09 10:23:12 +02:00
Makefile macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled 2022-06-09 10:22:43 +02:00
adb-iop.c macintosh/adb-iop: Use big-endian autopoll mask 2021-01-25 13:23:38 +01:00
adb.c macintosh/adb: fix oob read in do_adb_query() function 2022-08-11 13:07:54 +02:00
adbhid.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
ans-lcd.c misc: cleanup minor number definitions in c file into miscdevice.h 2020-03-18 12:27:03 +01:00
ans-lcd.h misc: cleanup minor number definitions in c file into miscdevice.h 2020-03-18 12:27:03 +01:00
apm_emu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 118 2019-05-24 17:39:02 +02:00
mac_hid.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
macio-adb.c isystem: trim/fixup stdarg.h and other headers 2021-08-19 09:02:55 +09:00
macio_asic.c bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
macio_sysfs.c macintosh: Use device_type helpers to access the node type 2018-11-26 22:33:37 +11:00
mediabay.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
rack-meter.c rackmeter: Use vtime aware kcpustat accessor 2019-11-21 07:59:00 +01:00
smu.c memblock: introduce saner 'memblock_free_ptr()' interface 2021-09-14 13:23:22 -07:00
therm_adt746x.c macintosh/therm_adt746x: Replace HTTP links with HTTPS ones 2020-07-22 00:01:24 +10:00
therm_windtunnel.c macintosh: convert to i2c_new_scanned_device 2020-03-26 12:36:20 +01:00
via-cuda.c isystem: ship and use stdarg.h 2021-08-19 09:02:55 +09:00
via-macii.c isystem: trim/fixup stdarg.h and other headers 2021-08-19 09:02:55 +09:00
via-pmu-backlight.c backlight: Fix old-style function definition 2018-01-21 23:37:44 +11:00
via-pmu-event.c
via-pmu-event.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
via-pmu-led.c powerpc: use the new LED disk activity trigger 2016-06-27 08:58:40 +02:00
via-pmu.c macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled 2022-06-09 10:22:43 +02:00
windfarm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 246 2019-06-19 17:09:08 +02:00
windfarm_ad7417_sensor.c macintosh: windfarm: fix MODINFO regression 2020-03-10 12:30:59 +01:00
windfarm_core.c windfarm: make symbol 'wf_thread' static 2021-04-14 23:04:13 +10:00
windfarm_cpufreq_clamp.c cpufreq: Use per-policy frequency QoS 2019-10-21 02:05:21 +02:00
windfarm_fcu_controls.c macintosh: windfarm: fix MODINFO regression 2020-03-10 12:30:59 +01:00
windfarm_lm75_sensor.c macintosh: windfarm: remove detatch debug containing spelling mistakes 2020-09-02 11:00:17 +10:00
windfarm_lm87_sensor.c macintosh: windfarm: remove detatch debug containing spelling mistakes 2020-09-02 11:00:17 +10:00
windfarm_max6690_sensor.c macintosh: windfarm: fix MODINFO regression 2020-03-10 12:30:59 +01:00
windfarm_mpu.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 246 2019-06-19 17:09:08 +02:00
windfarm_pid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 246 2019-06-19 17:09:08 +02:00
windfarm_pid.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 246 2019-06-19 17:09:08 +02:00
windfarm_pm72.c macintosh: Use pr_warn instead of pr_warning 2019-10-18 15:00:22 +02:00
windfarm_pm81.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 246 2019-06-19 17:09:08 +02:00
windfarm_pm91.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 246 2019-06-19 17:09:08 +02:00
windfarm_pm112.c drivers/macintosh: Fix memleak in windfarm_pm112 driver 2020-05-15 11:58:56 +10:00
windfarm_pm121.c macintosh/windfarm: Make symbol 'pm121_sys_state' static 2021-04-14 23:04:13 +10:00
windfarm_rm31.c macintosh: Use pr_warn instead of pr_warning 2019-10-18 15:00:22 +02:00
windfarm_smu_controls.c powerpc: Spelling/typo fixes 2021-04-08 21:17:42 +10:00
windfarm_smu_sat.c macintosh: windfarm: use for_each_child_of_node() macro 2020-09-15 22:13:39 +10:00
windfarm_smu_sensors.c macintosh: smu_sensors: use for_each_child_of_node() macro 2020-09-18 19:59:44 +10:00