From e2d506b7eaf3f6835603118d02bfcd9430138864 Mon Sep 17 00:00:00 2001
From: "Huang, Tao" <huangtao@rock-chips.com>
Date: Thu, 7 Jul 2016 21:32:56 +0800
Subject: [PATCH] regulator: xz3216: Add a sentinel to xz3216_i2c_id[]

This patch fix this bug:
BUG: KASAN: global-out-of-bounds in i2c_device_match+0x64/0xa4 at addr ffffff9009046800
Read of size 1 by task swapper/0/1
Address belongs to variable xz3216_i2c_id+0x20/0x2c0
CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.4.14 #21
Hardware name: Rockchip RK3399 Evaluation Board v2 (Android) (DT)
Call trace:
[<ffffff900808b2d8>] dump_backtrace+0x0/0x288
[<ffffff900808b574>] show_stack+0x14/0x1c
[<ffffff90084c16c4>] dump_stack+0xc4/0x100
[<ffffff900823fdd4>] kasan_report+0x36c/0x49c
[<ffffff900823f2e4>] __asan_load1+0x24/0x50
[<ffffff90088f7924>] i2c_device_match+0x64/0xa4
[<ffffff90086829b8>] __device_attach_driver+0x80/0xd8
[<ffffff900868064c>] bus_for_each_drv+0xf8/0x12c
[<ffffff900868232c>] __device_attach+0x114/0x1a4
[<ffffff9008682b9c>] device_initial_probe+0x10/0x18
[<ffffff9008680904>] bus_probe_device+0x50/0xe8
[<ffffff900867ee14>] device_add+0x5f8/0x774
[<ffffff900867efac>] device_register+0x1c/0x28
[<ffffff90088f7dd0>] i2c_new_device+0x258/0x2a4
[<ffffff90088f853c>] i2c_register_adapter+0x4b4/0x600
[<ffffff90088f8700>] __i2c_add_numbered_adapter+0x78/0x88
[<ffffff90088f8d9c>] i2c_add_adapter+0x50/0xcc
[<ffffff9008900c1c>] rk3x_i2c_probe+0x460/0x4fc
[<ffffff9008684fac>] platform_drv_probe+0x70/0xc8
[<ffffff9008682648>] driver_probe_device+0x16c/0x364
[<ffffff90086828d4>] __driver_attach+0x94/0xc8
[<ffffff9008680010>] bus_for_each_dev+0xe0/0x11c
[<ffffff9008682bd4>] driver_attach+0x30/0x3c
[<ffffff9008680ca8>] bus_add_driver+0x160/0x294
[<ffffff9008683edc>] driver_register+0x10c/0x168
[<ffffff9008685e34>] __platform_driver_register+0x7c/0x88
[<ffffff90095da854>] rk3x_i2c_driver_init+0x18/0x20
[<ffffff90095a4df0>] do_one_initcall+0x168/0x220
[<ffffff90095a5078>] kernel_init_freeable+0x1d0/0x274
[<ffffff9008ec5f40>] kernel_init+0x10/0x108
[<ffffff9008084cd0>] ret_from_fork+0x10/0x40
Memory state around the buggy address:
 ffffff9009046700: fa fa fa fa 00 03 fa fa fa fa fa fa 00 00 00 07
 ffffff9009046780: fa fa fa fa 07 fa fa fa fa fa fa fa 00 00 00 00
>ffffff9009046800: fa fa fa fa 00 01 fa fa fa fa fa fa 00 01 fa fa
                   ^
 ffffff9009046880: fa fa fa fa 04 fa fa fa fa fa fa fa 00 04 fa fa
 ffffff9009046900: fa fa fa fa 00 05 fa fa fa fa fa fa 07 fa fa fa

Change-Id: I624d92b1fefdf87cfb58b9df10db85723b5ed534
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
---
 drivers/regulator/xz3216.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/regulator/xz3216.c b/drivers/regulator/xz3216.c
index 4df9f4e2a489..3bcaf898c768 100644
--- a/drivers/regulator/xz3216.c
+++ b/drivers/regulator/xz3216.c
@@ -366,6 +366,7 @@ static int xz3216_i2c_remove(struct i2c_client *i2c)
 
 static const struct i2c_device_id xz3216_i2c_id[] = {
 	{ "xz3216", 0 },
+	{ }
 };
 
 MODULE_DEVICE_TABLE(i2c, xz3216_i2c_id);
-- 
2.34.1