4170 – BUG: null-ptr-deref in az6027_i2c_xfer()

Bug 4170 - BUG: null-ptr-deref in az6027_i2c_xfer()

Summary: BUG: null-ptr-deref in az6027_i2c_xfer()

Status:	RESOLVED DUPLICATE of bug 4811

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	5.10.y-13
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	GuixinLiu
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-22 08:47 UTC by ljubomir
Modified:	2023-05-04 16:33 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ljubomir inspur_group

2023-02-22 08:47:40 UTC

Description of problem:

Wei Chen reports a kernel bug as blew:

general protection fault, probably for non-canonical address
    KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
    ...
    Call Trace:
    <TASK>
    __i2c_transfer+0x77e/0x1930 drivers/i2c/i2c-core-base.c:2109
    i2c_transfer+0x1d5/0x3d0 drivers/i2c/i2c-core-base.c:2170
    i2cdev_ioctl_rdwr+0x393/0x660 drivers/i2c/i2c-dev.c:297
    i2cdev_ioctl+0x75d/0x9f0 drivers/i2c/i2c-dev.c:458
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:870 [inline]
    __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:856
    do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
    entry_SYSCALL_64_after_hwframe+0x63/0xcd
    RIP: 0033:0x7fd834a8bded

In az6027_i2c_xfer(), if msg[i].addr is 0x99,
a null-ptr-deref will caused when accessing msg[i].buf.
For msg[i].len is 0 and msg[i].buf is null.

Comment 1 maqiao alibaba_cloud_group

2023-05-04 16:28:39 UTC

duplicated with CVE-2023-28328

*** This bug has been marked as a duplicate of bug 4811 ***

Comment 2 maqiao alibaba_cloud_group

2023-05-04 16:33:01 UTC

PR link： https://gitee.com/anolis/cloud-kernel/pulls/1226