[PATCH openEuler-1.0-LTS] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - Kernel

18 Apr 2024

From: Sven Peter sven@svenpeter.dev
mainline inclusion
from mainline-v5.16-rc1
commit b7a0a63f3fed57d413bb857de164ea9c3984bc4e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9HOEF
CVE: CVE-2021-47210
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Calling tps6598x_block_read with a higher than allowed len can be
handled by just returning an error. There's no need to crash systems
with panic-on-warn enabled.
Reviewed-by: Heikki Krogerus heikki.krogerus@linux.intel.com
Signed-off-by: Sven Peter sven@svenpeter.dev
Link: https://lore.kernel.org/r/20210914140235.65955-3-sven@svenpeter.dev
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
conflicts:
drivers/usb/typec/tps6598x.c
Signed-off-by: Ye Bin yebin10@huawei.com
---
 drivers/usb/typec/tps6598x.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/typec/tps6598x.c b/drivers/usb/typec/tps6598x.c
index 987b8fcfb2aa..a4dd23a8f195 100644
--- a/drivers/usb/typec/tps6598x.c
+++ b/drivers/usb/typec/tps6598x.c
@@ -93,7 +93,7 @@ tps6598x_block_read(struct tps6598x *tps, u8 reg, void *val, size_t len)
    u8 data[TPS_MAX_LEN + 1];
    int ret;
-	if (WARN_ON(len + 1 > sizeof(data)))
+	if (len + 1 > sizeof(data))
    	return -EINVAL;
if (!tps->i2c_protocol)
-- 
2.31.1


    