From: Scott Ellis <scott@jumpnowtek.com>
To: spi-devel-general@lists.sourceforge.net
Cc: David Brownell <dbrownell@users.sourceforge.net>,
Grant Likely <grant.likely@secretlab.ca>,
Andrew Morton <akpm@linux-foundation.org>,
Tony Lindgren <tony@atomide.com>,
Kevin Hilman <khilman@deeprootsystems.com>,
Aaro Koskinen <Aaro.Koskinen@nokia.com>,
Roman Tereshonkov <roman.tereshonkov@nokia.com>,
linux-omap@vger.kernel.org
Subject: [PATCH 1/6 Revised] SPI omap2_mcspi.c: Check params before dereference or use
Date: Fri, 12 Mar 2010 10:11:53 -0500 [thread overview]
Message-ID: <1268406713.14445.50.camel@quad> (raw)
This was previously submitted directly to the linux-kernel list.
It was incomplete the first time because it failed to also check
the chip_select value.
Check spi->controller_state before dereference.
Check spi->chip_select for range before use.
Neither are necessarily valid after spi_alloc_device() and
then spi_add_device() fails. Calling spi_put_device() will
trigger the error.
Signed-off-by: Scott Ellis <scott@jumpnowtek.com>
drivers/spi/omap2_mcspi.c | 30 +++++++++++++++++-------------
1 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/drivers/spi/omap2_mcspi.c b/drivers/spi/omap2_mcspi.c
index 715c518..fe1b56d 100644
--- a/drivers/spi/omap2_mcspi.c
+++ b/drivers/spi/omap2_mcspi.c
@@ -748,22 +748,26 @@ static void omap2_mcspi_cleanup(struct spi_device *spi)
struct omap2_mcspi_dma *mcspi_dma;
struct omap2_mcspi_cs *cs;
- mcspi = spi_master_get_devdata(spi->master);
- mcspi_dma = &mcspi->dma_channels[spi->chip_select];
+ if (spi->controller_state) {
+ /* Unlink controller state from context save list */
+ cs = spi->controller_state;
+ list_del(&cs->node);
- /* Unlink controller state from context save list */
- cs = spi->controller_state;
- list_del(&cs->node);
+ kfree(spi->controller_state);
+ }
- kfree(spi->controller_state);
+ if (spi->chip_select < spi->master->num_chipselect) {
+ mcspi = spi_master_get_devdata(spi->master);
+ mcspi_dma = &mcspi->dma_channels[spi->chip_select];
- if (mcspi_dma->dma_rx_channel != -1) {
- omap_free_dma(mcspi_dma->dma_rx_channel);
- mcspi_dma->dma_rx_channel = -1;
- }
- if (mcspi_dma->dma_tx_channel != -1) {
- omap_free_dma(mcspi_dma->dma_tx_channel);
- mcspi_dma->dma_tx_channel = -1;
+ if (mcspi_dma->dma_rx_channel != -1) {
+ omap_free_dma(mcspi_dma->dma_rx_channel);
+ mcspi_dma->dma_rx_channel = -1;
+ }
+ if (mcspi_dma->dma_tx_channel != -1) {
+ omap_free_dma(mcspi_dma->dma_tx_channel);
+ mcspi_dma->dma_tx_channel = -1;
+ }
}
}
next reply other threads:[~2010-03-12 15:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-12 15:11 Scott Ellis [this message]
2010-05-22 9:39 ` [PATCH 1/6 Revised] SPI omap2_mcspi.c: Check params before dereference or use Grant Likely
[not found] ` <AANLkTikCydr_Nj446sySru774pY2jXLKNUNVfW3LSK9R-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-05-24 14:20 ` [PATCHv3 1/6] " Scott Ellis
2010-05-25 6:28 ` Grant Likely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1268406713.14445.50.camel@quad \
--to=scott@jumpnowtek.com \
--cc=Aaro.Koskinen@nokia.com \
--cc=akpm@linux-foundation.org \
--cc=dbrownell@users.sourceforge.net \
--cc=grant.likely@secretlab.ca \
--cc=khilman@deeprootsystems.com \
--cc=linux-omap@vger.kernel.org \
--cc=roman.tereshonkov@nokia.com \
--cc=spi-devel-general@lists.sourceforge.net \
--cc=tony@atomide.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).