Commit c4a6aeb7 authored Nov 14, 2024 by Aleksandr Mishin Committed by Zicheng Qu Nov 14, 2024

staging: iio: frequency: ad9834: Validate frequency parameter value

stable inclusion
from stable-v5.10.226
commit 41cc91e3138fe52f8da92a81bebcd0e6cf488c53
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAVU8A
CVE: CVE-2024-47663

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=41cc91e3138fe52f8da92a81bebcd0e6cf488c53



--------------------------------

commit b48aa991758999d4e8f9296c5bbe388f293ef465 upstream.

In ad9834_write_frequency() clk_get_rate() can return 0. In such case
ad9834_calc_freqreg() call will lead to division by zero. Checking
'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.
ad9834_write_frequency() is called from ad9834_write(), where fout is
taken from text buffer, which can contain any value.

Modify parameters checking.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 12b9d5bf ("Staging: IIO: DDS: AD9833 / AD9834 driver")
Suggested-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://patch.msgid.link/20240703154506.25584-1-amishin@t-argos.ru


Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Zicheng Qu <quzicheng@huawei.com>

parent 866c3f30

drivers/staging/iio/frequency/ad9834.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -115,7 +115,7 @@ static int ad9834_write_frequency(struct ad9834_state *st,

		clk_freq = clk_get_rate(st->mclk);

		if (fout > (clk_freq / 2))
		if (!clk_freq \|\| fout > (clk_freq / 2))
		return -EINVAL;

		regval = ad9834_calc_freqreg(clk_freq, fout);