bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-06-29 23:43:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

wireless: rtl8852bs: fix out of bounds access in atomic_inc()

Browse source 
BUG: KASAN: global-out-of-bounds in rtw_hal_update_sta_entry+0x49c/0x7a6 [8852bs]
Write of size 4 at addr ffffffff0465af00 by task disp_eng_share_/1174

CPU: 0 PID: 1174 Comm: disp_eng_share_ Tainted: G        W          6.6.63 #20250613114718
Hardware name: spacemit k1-x deb1 board (DT)
Call Trace:
[<ffffffff80009290>] dump_backtrace+0x1c/0x24
[<ffffffff81ab253e>] show_stack+0x2c/0x38
[<ffffffff81adea4c>] dump_stack_lvl+0x3c/0x54
[<ffffffff81ab64fc>] print_report+0x1a2/0x4b8
[<ffffffff8035448c>] kasan_report+0xac/0x134
[<ffffffff80355988>] kasan_check_range+0xc0/0x148
[<ffffffff80356310>] __kasan_check_write+0x14/0x1c
[<ffffffff03f5d9e8>] rtw_hal_update_sta_entry+0x49c/0x7a6 [8852bs]
[<ffffffff03e7d2cc>] phl_update_media_status+0x186/0x72c [8852bs]
[<ffffffff03e7d9e6>] rtw_phl_cmd_update_media_status+0x126/0x192 [8852bs]
[<ffffffff03e32404>] rtw_hw_connected+0xfe/0x7c2 [8852bs]
[<ffffffff03db57fe>] rtw_set_hw_after_join+0x148/0x276 [8852bs]
[<ffffffff03d9018a>] _connect_msg_hdlr+0x31e/0x1170 [8852bs]
[<ffffffff03ef3bf8>] cur_req_hdl+0x86/0x96 [8852bs]
[<ffffffff03ef49b4>] msg_dispatch+0x506/0x64e [8852bs]
[<ffffffff03efa75c>] dispr_thread_loop_hdl+0x2f8/0x496 [8852bs]
[<ffffffff03efa90a>] dispr_share_thread_loop_hdl+0x10/0x18 [8852bs]
[<ffffffff03eeec54>] share_thread_hdl+0xd2/0x2c2 [8852bs]
[<ffffffff80067cbe>] kthread+0x198/0x1c6
[<ffffffff81af007e>] ret_from_fork+0xe/0x18

Change-Id: Ia80447adcd58d39115f4d4c20da22658788f6e1e
Signed-off-by: wanlong <long.wan@spacemit.com>
This commit is contained in:
wanlong 2025-06-17 10:06:14 +08:00 committed by 张猛
parent dc78cc2ee8
commit 92524acb4d
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
drivers/net/wireless/realtek/rtl8852bs/include/osdep_service.h
View file

@ -99,7 +99,7 @@
#endif
extern int RTW_STATUS_CODE(int error_code);
extern u16 rtw_warn_on_cnt;
extern s32 rtw_warn_on_cnt;
#ifndef RTK_DMP_PLATFORM
#define CONFIG_USE_VMALLOC

2
drivers/net/wireless/realtek/rtl8852bs/os_dep/osdep_service_linux.c
View file

@ -1075,5 +1075,5 @@ void rtw_wiphy_rfkill_set_hw_state(struct wiphy *wiphy, bool blocked)
wiphy_rfkill_set_hw_state(wiphy, blocked);
}
u16 rtw_warn_on_cnt;
s32 rtw_warn_on_cnt = 0;