edt_ft5x06_debugfs_upgrade_bin_write directly accesses user memory
Seems like it's missing a copy_from_user
call. This is clearly seen with CONFIG_ARM64_SW_TTBR0_PAN
enabled, which enforces kernel/userspace memory boundary:
[ 76.187513] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000aaaaf7ed9d80
[ 76.463004] Call trace:
[ 76.465452] string+0x50/0x100
[ 76.468513] vsnprintf+0x170/0x750
[ 76.471919] snprintf+0x58/0x80
[ 76.475063] edt_ft5x06_debugfs_upgrade_bin_write+0xa8/0x350 [edt_ft5x06]