6.1-stable patches

added patches:
	asoc-lpass-fix-for-kasan-use_after_free-out-of-bounds.patch

diff --git a/queue-6.1/asoc-lpass-fix-for-kasan-use_after_free-out-of-bounds.patch b/queue-6.1/asoc-lpass-fix-for-kasan-use_after_free-out-of-bounds.patch
new file mode 100644 (file)
index 0000000..ed0504b
--- /dev/null
+++ b/queue-6.1/asoc-lpass-fix-for-kasan-use_after_free-out-of-bounds.patch
@@ -0,0 +1,67 @@
+From 75e5fab7db0cecb6e16b22c34608f0b40a4c7cd1 Mon Sep 17 00:00:00 2001
+From: Ravulapati Vishnu Vardhan Rao <quic_visr@quicinc.com>
+Date: Thu, 11 May 2023 16:55:32 +0530
+Subject: ASoC: lpass: Fix for KASAN use_after_free out of bounds
+
+From: Ravulapati Vishnu Vardhan Rao <quic_visr@quicinc.com>
+
+commit 75e5fab7db0cecb6e16b22c34608f0b40a4c7cd1 upstream.
+
+When we run syzkaller we get below Out of Bounds error.
+
+"KASAN: slab-out-of-bounds Read in regcache_flat_read"
+
+Below is the backtrace of the issue:
+
+BUG: KASAN: slab-out-of-bounds in regcache_flat_read+0x10c/0x110
+Read of size 4 at addr ffffff8088fbf714 by task syz-executor.4/14144
+CPU: 6 PID: 14144 Comm: syz-executor.4 Tainted: G        W
+Hardware name: Qualcomm Technologies, Inc. sc7280 CRD platform (rev5+) (DT)
+Call trace:
+dump_backtrace+0x0/0x4ec
+show_stack+0x34/0x50
+dump_stack_lvl+0xdc/0x11c
+print_address_description+0x30/0x2d8
+kasan_report+0x178/0x1e4
+__asan_report_load4_noabort+0x44/0x50
+regcache_flat_read+0x10c/0x110
+regcache_read+0xf8/0x5a0
+_regmap_read+0x45c/0x86c
+_regmap_update_bits+0x128/0x290
+regmap_update_bits_base+0xc0/0x15c
+snd_soc_component_update_bits+0xa8/0x22c
+snd_soc_component_write_field+0x68/0xd4
+tx_macro_put_dec_enum+0x1d0/0x268
+snd_ctl_elem_write+0x288/0x474
+
+By Error checking and checking valid values issue gets rectifies.
+
+Signed-off-by: Ravulapati Vishnu Vardhan Rao <quic_visr@quicinc.com
+Link: https://lore.kernel.org/r/20230511112532.16106-1-quic_visr@quicinc.com
+Signed-off-by: Mark Brown <broonie@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/codecs/lpass-tx-macro.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/sound/soc/codecs/lpass-tx-macro.c
++++ b/sound/soc/codecs/lpass-tx-macro.c
+@@ -745,6 +745,8 @@ static int tx_macro_put_dec_enum(struct
+       struct tx_macro *tx = snd_soc_component_get_drvdata(component);
+ 
+       val = ucontrol->value.enumerated.item[0];
++      if (val >= e->items)
++              return -EINVAL;
+ 
+       switch (e->reg) {
+       case CDC_TX_INP_MUX_ADC_MUX0_CFG0:
+@@ -771,6 +773,9 @@ static int tx_macro_put_dec_enum(struct
+       case CDC_TX_INP_MUX_ADC_MUX7_CFG0:
+               mic_sel_reg = CDC_TX7_TX_PATH_CFG0;
+               break;
++      default:
++              dev_err(component->dev, "Error in configuration!!\n");
++              return -EINVAL;
+       }
+ 
+       if (val != 0) {

diff --git a/queue-6.1/series b/queue-6.1/series
index 8fa9cae3f0deedeaa465aec40115e33a03c2bcea..c09742c55e3fa4c68e62914b6816c066a254422e 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -60,3 +60,4 @@ udplite-fix-null-pointer-dereference-in-__sk_mem_raise_allocated.patch
 usb-core-add-routines-for-endpoint-checks-in-old-drivers.patch
 usb-sisusbvga-add-endpoint-checks.patch
 media-radio-shark-add-endpoint-checks.patch
+asoc-lpass-fix-for-kasan-use_after_free-out-of-bounds.patch