git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Ye Weihua <yeweihua4@huawei.com>
	Thu, 28 Jul 2022 02:07:58 +0000 (10:07 +0800)
committer	Stefan Bader <stefan.bader@canonical.com>
	Thu, 24 Nov 2022 13:24:47 +0000 (14:24 +0100)
commit	7f2d691674c453a438d5b6455f483d1648bb217b
tree	51882a75c832298ea0ef7578c620f657450d447a	tree
parent	d58df84e7c553afce799ede39bf38ccdb124b415	commit \| diff

crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr

BugLink: https://bugs.launchpad.net/bugs/1996825
[ Upstream commit d74f9340097a881869c4c22ca376654cc2516ecc ]

KASAN reported this Bug:

[17619.659757] BUG: KASAN: global-out-of-bounds in param_get_int+0x34/0x60
[17619.673193] Read of size 4 at addr fffff01332d7ed00 by task read_all/1507958
...
[17619.698934] The buggy address belongs to the variable:
[17619.708371] sgl_sge_nr+0x0/0xffffffffffffa300 [hisi_zip]

There is a mismatch in hisi_zip when get/set the variable sgl_sge_nr.
The type of sgl_sge_nr is u16, and get/set sgl_sge_nr by
param_get/set_int.

Replacing param_get/set_int to param_get/set_ushort can fix this bug.

Fixes: f081fda293ffb ("crypto: hisilicon - add sgl_sge_nr module param for zip")
Signed-off-by: Ye Weihua <yeweihua4@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>