iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
aeae5b4cd9
linux/drivers/net/wireless/ath
History
Michal Kazior aeae5b4cd9 ath10k: prevent debugfs mmio access crash kernel 
It was possible to force an out of bounds MMIO
read/write via debugfs. E.g. on QCA988X this could
be triggered with:

 echo 0x2080e0 | tee /sys/kernel/debug/ieee80211/*/ath10k/reg_addr
 cat /sys/kernel/debug/ieee80211/*/ath10k/reg_value

 BUG: unable to handle kernel paging request at ffffc90001e080e0
 IP: [<ffffffff8135c860>] ioread32+0x40/0x50
 ...
 Call Trace:
  [<ffffffffa00d0c7f>] ? ath10k_pci_read32+0x4f/0x70 [ath10k_pci]
  [<ffffffffa0080f50>] ath10k_reg_value_read+0x90/0xf0 [ath10k_core]
  [<ffffffff8115c2c1>] ? handle_mm_fault+0xa91/0x1050
  [<ffffffff81189758>] __vfs_read+0x28/0xe0
  [<ffffffff812e4694>] ? security_file_permission+0x84/0xa0
  [<ffffffff81189ce3>] ? rw_verify_area+0x53/0x100
  [<ffffffff81189e1a>] vfs_read+0x8a/0x140
  [<ffffffff8118acb9>] SyS_read+0x49/0xb0
  [<ffffffff8104e39c>] ? trace_do_page_fault+0x3c/0xc0
  [<ffffffff8196596e>] system_call_fastpath+0x12/0x71

Reported-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
2015-06-16 13:10:50 +03:00
..
ar5523 mac80211: remove support for IFF_PROMISC 2015-04-24 11:14:13 +02:00
ath5k mac80211: extend get_tkip_seq to all keys 2015-05-06 13:29:59 +02:00
ath6kl Merge ath-next from ath.git 2015-06-15 13:25:32 +03:00
ath9k ath9k_htc: add support of channel switch 2015-06-15 12:44:34 +03:00
ath10k ath10k: prevent debugfs mmio access crash kernel 2015-06-16 13:10:50 +03:00
carl9170 carl9170: match wait_for_completion_timeout return type 2015-05-26 13:53:23 +03:00
wcn36xx Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
wil6210 Merge ath-next from ath.git 2015-06-15 13:25:32 +03:00
ath.h ath9k: Add a new debug flag for FFT spectral scan 2015-05-09 16:46:08 +03:00
debug.c
dfs_pattern_detector.c Merge ath-next from ath.git 2015-04-28 14:44:19 +03:00
dfs_pattern_detector.h ath: introduce chirp parameter used by DFS 2015-03-05 15:55:16 +02:00
dfs_pri_detector.c ath: enhance radar detection by looking up chirp 2015-03-05 15:55:35 +02:00
dfs_pri_detector.h
hw.c
Kconfig
key.c
main.c
Makefile
reg.h
regd_common.h
regd.c ath: use CTL region from cfg80211 if unset in EEPROM 2014-10-23 14:02:06 -04:00
regd.h
spectral_common.h
trace.c
trace.h