* [PATCH 1/1] spi: imx: fix issue when tx_buf or rx_buf is NULL
@ 2017-05-18 10:01 jiada_wang-nmGgyN9QBj3QT0dZR+AlfA
2017-05-18 10:08 ` Leonard Crestez
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: jiada_wang-nmGgyN9QBj3QT0dZR+AlfA @ 2017-05-18 10:01 UTC (permalink / raw)
To: broonie-DgEjT+Ai2ygdnm+yROfE0A
Cc: linux-spi-u79uwXL29TY76Z2rM5mHXA,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, leonard.crestez-3arQi8VN3Tc,
Jiada Wang
From: Jiada Wang <jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>
In case either transfer->tx_buf or transfer->rx_buf is NULL,
manipulation of buffer in spi_imx_u32_swap_u[8|16]() will cause
NULL pointer dereference crash.
Add buffer check at very beginning of spi_imx_u32_swap_u[8|16](),
to avoid such crash.
Signed-off-by: Jiada Wang <jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>
Reported-by: Leonard Crestez <leonard.crestez-3arQi8VN3Tc@public.gmane.org>
---
drivers/spi/spi-imx.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
index 782045f..19b30cf 100644
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -288,6 +288,9 @@ static void spi_imx_u32_swap_u8(struct spi_transfer *transfer, u32 *buf)
{
int i;
+ if (!buf)
+ return;
+
for (i = 0; i < transfer->len / 4; i++)
*(buf + i) = cpu_to_be32(*(buf + i));
}
@@ -296,6 +299,9 @@ static void spi_imx_u32_swap_u16(struct spi_transfer *transfer, u32 *buf)
{
int i;
+ if (!buf)
+ return;
+
for (i = 0; i < transfer->len / 4; i++) {
u16 *temp = (u16 *)buf;
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-spi" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] spi: imx: fix issue when tx_buf or rx_buf is NULL
2017-05-18 10:01 [PATCH 1/1] spi: imx: fix issue when tx_buf or rx_buf is NULL jiada_wang-nmGgyN9QBj3QT0dZR+AlfA
@ 2017-05-18 10:08 ` Leonard Crestez
[not found] ` <1495101672-3384-1-git-send-email-jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>
2017-05-19 17:04 ` Applied "spi: imx: fix issue when tx_buf or rx_buf is NULL" to the spi tree Mark Brown
2 siblings, 0 replies; 6+ messages in thread
From: Leonard Crestez @ 2017-05-18 10:08 UTC (permalink / raw)
To: jiada_wang, broonie; +Cc: linux-spi, linux-kernel
On Thu, 2017-05-18 at 03:01 -0700, jiada_wang@mentor.com wrote:
> From: Jiada Wang <jiada_wang@mentor.com>
>
> In case either transfer->tx_buf or transfer->rx_buf is NULL,
> manipulation of buffer in spi_imx_u32_swap_u[8|16]() will cause
> NULL pointer dereference crash.
>
> Add buffer check at very beginning of spi_imx_u32_swap_u[8|16](),
> to avoid such crash.
>
> Signed-off-by: Jiada Wang <jiada_wang@mentor.com>
> Reported-by: Leonard Crestez <leonard.crestez@nxp.com>
Tested-by: Leonard Crestez <leonard.crestez@nxp.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] spi: imx: fix issue when tx_buf or rx_buf is NULL
[not found] ` <1495101672-3384-1-git-send-email-jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>
@ 2017-05-19 12:45 ` Chris Ruehl
[not found] ` <94de6e6d-a2fa-6589-151b-660bbcb42773-CR359r9tUDPXPF5Rlphj1Q@public.gmane.org>
0 siblings, 1 reply; 6+ messages in thread
From: Chris Ruehl @ 2017-05-19 12:45 UTC (permalink / raw)
To: jiada_wang-nmGgyN9QBj3QT0dZR+AlfA, broonie-DgEjT+Ai2ygdnm+yROfE0A
Cc: linux-spi-u79uwXL29TY76Z2rM5mHXA,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, leonard.crestez-3arQi8VN3Tc
On Thursday, May 18, 2017 06:01 PM, jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org wrote:
> From: Jiada Wang <jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>
>
> In case either transfer->tx_buf or transfer->rx_buf is NULL,
> manipulation of buffer in spi_imx_u32_swap_u[8|16]() will cause
> NULL pointer dereference crash.
>
> Add buffer check at very beginning of spi_imx_u32_swap_u[8|16](),
> to avoid such crash.
>
> Signed-off-by: Jiada Wang <jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>
> Reported-by: Leonard Crestez <leonard.crestez-3arQi8VN3Tc@public.gmane.org>
> ---
> drivers/spi/spi-imx.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
> index 782045f..19b30cf 100644
> --- a/drivers/spi/spi-imx.c
> +++ b/drivers/spi/spi-imx.c
> @@ -288,6 +288,9 @@ static void spi_imx_u32_swap_u8(struct spi_transfer *transfer, u32 *buf)
> {
> int i;
>
> + if (!buf)
> + return;
> +
> for (i = 0; i < transfer->len / 4; i++)
> *(buf + i) = cpu_to_be32(*(buf + i));
> }
> @@ -296,6 +299,9 @@ static void spi_imx_u32_swap_u16(struct spi_transfer *transfer, u32 *buf)
> {
> int i;
>
> + if (!buf)
> + return;
> +
> for (i = 0; i < transfer->len / 4; i++) {
> u16 *temp = (u16 *)buf;
>
>
Hi, thanks for the patch.
But I think we missing something here. We return from a void function()
so the error keeps hidden. The root cause is calling this functions with a NULL
pointer. See if you can fix this by find the caller and check if the parameter
hand over are valid.
Cheers
Chris
--
GTSYS Limited RFID Technology
9/F, Unit E, R07, Kwai Shing Industrial Building Phase 2,
42-46 Tai Lin Pai Road, Kwai Chung, N.T., Hong Kong
Tel (852) 9079 9521
Disclaimer: http://www.gtsys.com.hk/email/classified.html
--
To unsubscribe from this list: send the line "unsubscribe linux-spi" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] spi: imx: fix issue when tx_buf or rx_buf is NULL
[not found] ` <94de6e6d-a2fa-6589-151b-660bbcb42773-CR359r9tUDPXPF5Rlphj1Q@public.gmane.org>
@ 2017-05-19 13:15 ` Andy Shevchenko
2017-05-19 16:56 ` Mark Brown
0 siblings, 1 reply; 6+ messages in thread
From: Andy Shevchenko @ 2017-05-19 13:15 UTC (permalink / raw)
To: Chris Ruehl
Cc: Jiada Wang, Mark Brown, linux-spi,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
leonard.crestez-3arQi8VN3Tc
On Fri, May 19, 2017 at 3:45 PM, Chris Ruehl <chris.ruehl-CR359r9tUDPXPF5Rlphj1Q@public.gmane.org> wrote:
> On Thursday, May 18, 2017 06:01 PM, jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org wrote:
> But I think we missing something here. We return from a void function()
> so the error keeps hidden. The root cause is calling this functions with a
> NULL pointer. See if you can fix this by find the caller and check if the
> parameter hand over are valid.
AFAIU some SPI controllers can have half-duplex protocol, in which the
second buffer might be absent.
> Disclaimer: http://www.gtsys.com.hk/email/classified.html
Just wondering if it's okay to have this type of footer in open source
community's mailing lists.
--
With Best Regards,
Andy Shevchenko
--
To unsubscribe from this list: send the line "unsubscribe linux-spi" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] spi: imx: fix issue when tx_buf or rx_buf is NULL
2017-05-19 13:15 ` Andy Shevchenko
@ 2017-05-19 16:56 ` Mark Brown
0 siblings, 0 replies; 6+ messages in thread
From: Mark Brown @ 2017-05-19 16:56 UTC (permalink / raw)
To: Andy Shevchenko
Cc: Chris Ruehl, Jiada Wang, linux-spi, linux-kernel@vger.kernel.org,
leonard.crestez
[-- Attachment #1: Type: text/plain, Size: 762 bytes --]
On Fri, May 19, 2017 at 04:15:01PM +0300, Andy Shevchenko wrote:
> On Fri, May 19, 2017 at 3:45 PM, Chris Ruehl <chris.ruehl@gtsys.com.hk> wrote:
> > But I think we missing something here. We return from a void function()
> > so the error keeps hidden. The root cause is calling this functions with a
> > NULL pointer. See if you can fix this by find the caller and check if the
> > parameter hand over are valid.
> AFAIU some SPI controllers can have half-duplex protocol, in which the
> second buffer might be absent.
Yes, it's not only perfectly valid but actually the common case for only
one direction of data to be meaningful in SPI so the majority of
controllers don't require data to be transferred in both directions, it
would just add bus overhead.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Applied "spi: imx: fix issue when tx_buf or rx_buf is NULL" to the spi tree
2017-05-18 10:01 [PATCH 1/1] spi: imx: fix issue when tx_buf or rx_buf is NULL jiada_wang-nmGgyN9QBj3QT0dZR+AlfA
2017-05-18 10:08 ` Leonard Crestez
[not found] ` <1495101672-3384-1-git-send-email-jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>
@ 2017-05-19 17:04 ` Mark Brown
2 siblings, 0 replies; 6+ messages in thread
From: Mark Brown @ 2017-05-19 17:04 UTC (permalink / raw)
To: Jiada Wang
Cc: Leonard Crestez, Leonard Crestez, Mark Brown, broonie, linux-spi,
linux-kernel, leonard.crestez, linux-spi
The patch
spi: imx: fix issue when tx_buf or rx_buf is NULL
has been applied to the spi tree at
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying
to this mail.
Thanks,
Mark
>From 179547e143e773f9f866ad3536275ab627711f3a Mon Sep 17 00:00:00 2001
From: Jiada Wang <jiada_wang@mentor.com>
Date: Thu, 18 May 2017 03:01:12 -0700
Subject: [PATCH] spi: imx: fix issue when tx_buf or rx_buf is NULL
In case either transfer->tx_buf or transfer->rx_buf is NULL,
manipulation of buffer in spi_imx_u32_swap_u[8|16]() will cause
NULL pointer dereference crash.
Add buffer check at very beginning of spi_imx_u32_swap_u[8|16](),
to avoid such crash.
Signed-off-by: Jiada Wang <jiada_wang@mentor.com>
Reported-by: Leonard Crestez <leonard.crestez@nxp.com>
Tested-by: Leonard Crestez <leonard.crestez@nxp.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
---
drivers/spi/spi-imx.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c
index 782045f0d79e..19b30cf7d2b7 100644
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@@ -288,6 +288,9 @@ static void spi_imx_u32_swap_u8(struct spi_transfer *transfer, u32 *buf)
{
int i;
+ if (!buf)
+ return;
+
for (i = 0; i < transfer->len / 4; i++)
*(buf + i) = cpu_to_be32(*(buf + i));
}
@@ -296,6 +299,9 @@ static void spi_imx_u32_swap_u16(struct spi_transfer *transfer, u32 *buf)
{
int i;
+ if (!buf)
+ return;
+
for (i = 0; i < transfer->len / 4; i++) {
u16 *temp = (u16 *)buf;
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-05-19 17:04 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-18 10:01 [PATCH 1/1] spi: imx: fix issue when tx_buf or rx_buf is NULL jiada_wang-nmGgyN9QBj3QT0dZR+AlfA
2017-05-18 10:08 ` Leonard Crestez
[not found] ` <1495101672-3384-1-git-send-email-jiada_wang-nmGgyN9QBj3QT0dZR+AlfA@public.gmane.org>
2017-05-19 12:45 ` Chris Ruehl
[not found] ` <94de6e6d-a2fa-6589-151b-660bbcb42773-CR359r9tUDPXPF5Rlphj1Q@public.gmane.org>
2017-05-19 13:15 ` Andy Shevchenko
2017-05-19 16:56 ` Mark Brown
2017-05-19 17:04 ` Applied "spi: imx: fix issue when tx_buf or rx_buf is NULL" to the spi tree Mark Brown
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).