From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Zicheng Qu <quzicheng@huawei.com>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>
Subject: [PATCH 5.15 042/127] staging: iio: ad9832: Correct phase range check
Date: Tue, 21 Jan 2025 18:51:54 +0100 [thread overview]
Message-ID: <20250121174531.299454104@linuxfoundation.org> (raw)
In-Reply-To: <20250121174529.674452028@linuxfoundation.org>
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zicheng Qu <quzicheng@huawei.com>
commit 4636e859ebe0011f41e35fa79bab585b8004e9a3 upstream.
User Perspective:
When a user sets the phase value, the ad9832_write_phase() is called.
The phase register has a 12-bit resolution, so the valid range is 0 to
4095. If the phase offset value of 4096 is input, it effectively exactly
equals 0 in the lower 12 bits, meaning no offset.
Reasons for the Change:
1) Original Condition (phase > BIT(AD9832_PHASE_BITS)):
This condition allows a phase value equal to 2^12, which is 4096.
However, this value exceeds the valid 12-bit range, as the maximum valid
phase value should be 4095.
2) Modified Condition (phase >= BIT(AD9832_PHASE_BITS)):
Ensures that the phase value is within the valid range, preventing
invalid datafrom being written.
Impact on Subsequent Logic: st->data = cpu_to_be16(addr | phase):
If the phase value is 2^12, i.e., 4096 (0001 0000 0000 0000), and addr
is AD9832_REG_PHASE0 (1100 0000 0000 0000), then addr | phase results in
1101 0000 0000 0000, occupying DB12. According to the section of WRITING
TO A PHASE REGISTER in the datasheet, the MSB 12 PHASE0 bits should be
DB11. The original condition leads to incorrect DB12 usage, which
contradicts the datasheet and could pose potential issues for future
updates if DB12 is used in such related cases.
Fixes: ea707584bac1 ("Staging: IIO: DDS: AD9832 / AD9835 driver")
Cc: stable@vger.kernel.org
Signed-off-by: Zicheng Qu <quzicheng@huawei.com>
Link: https://patch.msgid.link/20241107011015.2472600-3-quzicheng@huawei.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/frequency/ad9832.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/iio/frequency/ad9832.c
+++ b/drivers/staging/iio/frequency/ad9832.c
@@ -158,7 +158,7 @@ static int ad9832_write_frequency(struct
static int ad9832_write_phase(struct ad9832_state *st,
unsigned long addr, unsigned long phase)
{
- if (phase > BIT(AD9832_PHASE_BITS))
+ if (phase >= BIT(AD9832_PHASE_BITS))
return -EINVAL;
st->phase_data[0] = cpu_to_be16((AD9832_CMD_PHA8BITSW << CMD_SHIFT) |
next prev parent reply other threads:[~2025-01-21 18:09 UTC|newest]
Thread overview: 136+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-21 17:51 [PATCH 5.15 000/127] 5.15.177-rc1 review Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 001/127] ceph: give up on paths longer than PATH_MAX Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 002/127] jbd2: flush filesystem device before updating tail sequence Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 003/127] dm array: fix releasing a faulty array block twice in dm_array_cursor_end Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 004/127] dm array: fix unreleased btree blocks on closing a faulty array cursor Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 005/127] dm array: fix cursor index when skipping across block boundaries Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 006/127] exfat: fix the infinite loop in exfat_readdir() Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 007/127] exfat: fix the infinite loop in __exfat_free_cluster() Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 008/127] ASoC: mediatek: disable buffer pre-allocation Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 009/127] ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 010/127] net: 802: LLC+SNAP OID:PID lookup on start of skb data Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 011/127] tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 012/127] tcp/dccp: allow a connection when sk_max_ack_backlog is zero Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 013/127] net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 014/127] bnxt_en: Fix possible memory leak when hwrm_req_replace fails Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 015/127] cxgb4: Avoid removal of uninserted tid Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 016/127] tls: Fix tls_sw_sendmsg error handling Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 017/127] netfilter: nf_tables: imbalance in flowtable binding Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 018/127] netfilter: conntrack: clamp maximum hashtable size to INT_MAX Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 019/127] drm/mediatek: Add support for 180-degree rotation in the display driver Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 020/127] ksmbd: fix a missing return value check bug Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 021/127] afs: Fix the maximum cell name length Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 022/127] dm thin: make get_first_thin use rcu-safe list first function Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 023/127] dm-ebs: dont set the flag DM_TARGET_PASSES_INTEGRITY Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 024/127] sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 025/127] sctp: sysctl: rto_min/max: " Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 026/127] sctp: sysctl: auth_enable: " Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 027/127] sctp: sysctl: udp_port: " Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 028/127] sctp: sysctl: plpmtud_probe_interval: " Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 029/127] drm/amd/display: Add check for granularity in dml ceil/floor helpers Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 030/127] riscv: Fix sleeping in invalid context in die() Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 031/127] ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 032/127] ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 033/127] drm/amd/display: increase MAX_SURFACES to the value supported by hw Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 034/127] drivers/block/zram/zram_drv.c: do not keep dangling zcomp pointer after zram reset Greg Kroah-Hartman
2025-01-22 0:21 ` Dominique Martinet
2025-01-22 8:05 ` Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 035/127] zram: check comp is non-NULL before calling comp_destroy Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 036/127] zram: fix uninitialized ZRAM not releasing backing device Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 037/127] scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 038/127] md/raid5: fix atomicity violation in raid5_cache_count Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 039/127] USB: serial: option: add MeiG Smart SRM815 Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 040/127] USB: serial: option: add Neoway N723-EA support Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 041/127] staging: iio: ad9834: Correct phase range check Greg Kroah-Hartman
2025-01-21 17:51 ` Greg Kroah-Hartman [this message]
2025-01-21 17:51 ` [PATCH 5.15 043/127] usb-storage: Add max sectors quirk for Nokia 208 Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 044/127] USB: serial: cp210x: add Phoenix Contact UPS Device Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 045/127] usb: dwc3: gadget: fix writing NYET threshold Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 046/127] topology: Keep the cpumask unchanged when printing cpumap Greg Kroah-Hartman
2025-01-21 17:51 ` [PATCH 5.15 047/127] usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 048/127] USB: usblp: return error when setting unsupported protocol Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 049/127] USB: core: Disable LPM only for non-suspended ports Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 050/127] usb: fix reference leak in usb_new_device() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 051/127] usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 052/127] usb: gadget: f_fs: Remove WARN_ON in functionfs_bind Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 053/127] iio: pressure: zpa2326: fix information leak in triggered buffer Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 054/127] iio: dummy: iio_simply_dummy_buffer: " Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 055/127] iio: light: vcnl4035: " Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 056/127] iio: imu: kmx61: " Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 057/127] iio: adc: ti-ads8688: " Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 058/127] iio: gyro: fxas21002c: Fix missing data update in trigger handler Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 059/127] iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 060/127] iio: adc: at91: call input_free_device() on allocated iio_dev Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 061/127] iio: inkern: call iio_device_put() only on mapped devices Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 062/127] iio: adc: ad7124: Disable all channels at probe time Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 063/127] block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 064/127] arm64: dts: rockchip: add hevc power domain clock to rk3328 Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 065/127] of: unittest: Add bus address range parsing tests Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 066/127] of/address: Add support for 3 address cell bus Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 067/127] of: address: Fix address translation when address-size is greater than 2 Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 068/127] of: address: Remove duplicated functions Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 069/127] of: address: Store number of bus flag cells rather than bool Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 070/127] of: address: Preserve the flags portion on 1:1 dma-ranges mapping Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 071/127] phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 072/127] phy: usb: Toggle the PHY power during init Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 073/127] ocfs2: correct return value of ocfs2_local_free_info() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 074/127] ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 075/127] mptcp: drop port parameter of mptcp_pm_add_addr_signal Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 076/127] mptcp: fix TCP options overflow Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 077/127] phy: usb: Use slow clock for wake enabled suspend Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 078/127] phy: usb: Fix clock imbalance for suspend/resume Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 079/127] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 080/127] bpf: Fix bpf_sk_select_reuseport() memory leak Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 081/127] pktgen: Avoid out-of-bounds access in get_imix_entries Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 082/127] net: add exit_batch_rtnl() method Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 083/127] gtp: use " Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 084/127] gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 085/127] gtp: Destroy device along with udp sockets netns dismantle Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 086/127] nfp: bpf: prevent integer overflow in nfp_bpf_event_output() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 087/127] net: xilinx: axienet: Fix IRQ coalescing packet count overflow Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 088/127] net/mlx5: Add priorities for counters in RDMA namespaces Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 089/127] net/mlx5: Refactor mlx5_get_flow_namespace Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 090/127] net/mlx5: Fix RDMA TX steering prio Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 091/127] drm/v3d: Ensure job pointer is set to NULL after job completion Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 092/127] hwmon: (tmp513) Fix division of negative numbers Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 093/127] Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data" Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 094/127] i2c: mux: demux-pinctrl: check initial mux selection, too Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 095/127] i2c: rcar: fix NACK handling when being a target Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 096/127] mac802154: check local interfaces before deleting sdata list Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 097/127] hfs: Sanity check the root record Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 098/127] fs: fix missing declaration of init_files Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 099/127] kheaders: Ignore silly-rename files Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 100/127] ACPI: resource: acpi_dev_irq_override(): Check DMI match last Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 101/127] poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 102/127] nvmet: propagate npwg topology Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 103/127] zram: fix potential UAF of zram table Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 104/127] x86/asm: Make serialize() always_inline Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 105/127] net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 106/127] vsock/virtio: cancel close work in the destructor Greg Kroah-Hartman
2025-01-21 17:52 ` [PATCH 5.15 107/127] vsock: reset socket state when de-assigning the transport Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 108/127] vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 109/127] filemap: avoid truncating 64-bit offset to 32 bits Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 110/127] fs/proc: fix softlockup in __read_vmcore (part 2) Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 111/127] gpiolib: cdev: Fix use after free in lineinfo_changed_notify Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 112/127] irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 113/127] hrtimers: Handle CPU state correctly on hotplug Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 114/127] drm/i915/fb: Relax clear color alignment to 64 bytes Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 115/127] Revert "PCI: Use preserve_config in place of pci_flags" Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 116/127] iio: imu: inv_icm42600: fix spi burst write not supported Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 117/127] iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 118/127] iio: adc: rockchip_saradc: fix information leak in triggered buffer Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 119/127] Revert "drm/amdgpu: rework resume handling for display (v2)" Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 120/127] Revert "regmap: detach regmap from dev on regmap_exit" Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 121/127] blk-cgroup: Fix UAF in blkcg_unpin_online() Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 122/127] vsock/virtio: discard packets if the transport changes Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 123/127] ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 124/127] nfsd: add list_head nf_gc to struct nfsd_file Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 125/127] x86/xen: fix SLS mitigation in xen_hypercall_iret() Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 126/127] scsi: sg: Fix slab-use-after-free read in sg_release() Greg Kroah-Hartman
2025-01-21 17:53 ` [PATCH 5.15 127/127] net: fix data-races around sk->sk_forward_alloc Greg Kroah-Hartman
2025-01-21 18:29 ` [PATCH 5.15 000/127] 5.15.177-rc1 review Florian Fainelli
2025-01-21 23:36 ` Shuah Khan
2025-01-21 23:45 ` SeongJae Park
2025-01-22 13:08 ` Vijayendra Suman
2025-01-22 13:23 ` Jon Hunter
2025-01-22 20:15 ` [PATCH 5.15] " Hardik Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250121174531.299454104@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Jonathan.Cameron@huawei.com \
--cc=patches@lists.linux.dev \
--cc=quzicheng@huawei.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox