WSL2-Linux-Kernel/drivers/misc/eeprom
Jonas Malaco c0689e46be eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
Commit effa453168 ("i2c: i801: Don't silently correct invalid transfer
size") revealed that ee1004_eeprom_read() did not properly limit how
many bytes to read at once.

In particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the
length to read as an u8.  If count == 256 after taking into account the
offset and page boundary, the cast to u8 overflows.  And this is common
when user space tries to read the entire EEPROM at once.

To fix it, limit each read to I2C_SMBUS_BLOCK_MAX (32) bytes, already
the maximum length i2c_smbus_read_i2c_block_data_or_emulated() allows.

Fixes: effa453168 ("i2c: i801: Don't silently correct invalid transfer size")
Cc: stable@vger.kernel.org
Reviewed-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Jonas Malaco <jonas@protocubo.io>
Link: https://lore.kernel.org/r/20220203165024.47767-1-jonas@protocubo.io
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-02-04 16:27:44 +01:00
..
Kconfig nvmem: prepare basics for FRAM support 2021-06-11 12:23:10 +02:00
Makefile eeprom: New ee1004 driver for DDR4 memory 2018-10-15 20:51:46 +02:00
at24.c eeprom: at24: Add support for 24c1025 EEPROM 2021-12-13 14:42:39 +01:00
at25.c eeprom: at25: Restore missing allocation 2022-01-22 13:32:48 +01:00
digsy_mtc_eeprom.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ee1004.c eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX 2022-02-04 16:27:44 +01:00
eeprom.c misc: eeprom: use helper to get i2c_client from kobj 2020-09-21 11:45:43 +02:00
eeprom_93cx6.c misc: eeprom: eeprom_93cx6: Repair function arg descriptions 2020-06-29 18:45:52 +02:00
eeprom_93xx46.c eeprom: 93xx46: fix MODULE_DEVICE_TABLE 2021-10-15 10:54:02 +02:00
idt_89hpesx.c eeprom: idt_89hpesx: use SPDX-License-Identifier 2021-06-09 18:39:40 +02:00
max6875.c misc: eeprom: max6875: convert to i2c_new_dummy_device 2019-07-25 10:06:54 +02:00