From: Phil Elwell <phil@raspberrypi.com>
To: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>,
Dan Carpenter <dan.carpenter@oracle.com>,
Stefan Wahren <stefan.wahren@i2se.com>,
bcm-kernel-feedback-list@broadcom.com,
linux-rpi-kernel@lists.infradead.org,
linux-arm-kernel@lists.infradead.org, devel@driverdev.osuosl.org
Cc: Phil Elwell <phil@raspberrypi.com>
Subject: [PATCH v2 1/3] staging: vchiq: Fix bulk userdata handling
Date: Tue, 5 Jan 2021 16:20:28 +0000 [thread overview]
Message-ID: <20210105162030.1415213-2-phil@raspberrypi.com> (raw)
In-Reply-To: <20210105162030.1415213-1-phil@raspberrypi.com>
The addition of the local 'userdata' pointer to
vchiq_irq_queue_bulk_tx_rx omitted the case where neither BLOCKING nor
WAITING modes are used, in which case the value provided by the
caller is not returned to them as expected, but instead it is replaced
with a NULL. This lack of a suitable context may cause the application
to crash or otherwise malfunction.
Fixes: 4184da4f316a ("staging: vchiq: fix __user annotations")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
---
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
index f500a7043805..2a8883673ba1 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -958,7 +958,7 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance,
struct vchiq_service *service;
struct bulk_waiter_node *waiter = NULL;
bool found = false;
- void *userdata = NULL;
+ void *userdata;
int status = 0;
int ret;
@@ -997,6 +997,8 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance,
"found bulk_waiter %pK for pid %d", waiter,
current->pid);
userdata = &waiter->bulk_waiter;
+ } else {
+ userdata = args->userdata;
}
/*
--
2.25.1
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
WARNING: multiple messages have this Message-ID (diff)
From: Phil Elwell <phil@raspberrypi.com>
To: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>,
Dan Carpenter <dan.carpenter@oracle.com>,
Stefan Wahren <stefan.wahren@i2se.com>,
bcm-kernel-feedback-list@broadcom.com,
linux-rpi-kernel@lists.infradead.org,
linux-arm-kernel@lists.infradead.org, devel@driverdev.osuosl.org
Cc: Phil Elwell <phil@raspberrypi.com>
Subject: [PATCH v2 1/3] staging: vchiq: Fix bulk userdata handling
Date: Tue, 5 Jan 2021 16:20:28 +0000 [thread overview]
Message-ID: <20210105162030.1415213-2-phil@raspberrypi.com> (raw)
In-Reply-To: <20210105162030.1415213-1-phil@raspberrypi.com>
The addition of the local 'userdata' pointer to
vchiq_irq_queue_bulk_tx_rx omitted the case where neither BLOCKING nor
WAITING modes are used, in which case the value provided by the
caller is not returned to them as expected, but instead it is replaced
with a NULL. This lack of a suitable context may cause the application
to crash or otherwise malfunction.
Fixes: 4184da4f316a ("staging: vchiq: fix __user annotations")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
---
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
index f500a7043805..2a8883673ba1 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -958,7 +958,7 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance,
struct vchiq_service *service;
struct bulk_waiter_node *waiter = NULL;
bool found = false;
- void *userdata = NULL;
+ void *userdata;
int status = 0;
int ret;
@@ -997,6 +997,8 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance,
"found bulk_waiter %pK for pid %d", waiter,
current->pid);
userdata = &waiter->bulk_waiter;
+ } else {
+ userdata = args->userdata;
}
/*
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-01-05 16:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-05 16:20 [PATCH v2 0/3] A trio of vchiq bulk transfer fixes Phil Elwell
2021-01-05 16:20 ` Phil Elwell
2021-01-05 16:20 ` Phil Elwell [this message]
2021-01-05 16:20 ` [PATCH v2 1/3] staging: vchiq: Fix bulk userdata handling Phil Elwell
2021-01-05 16:20 ` [PATCH v2 2/3] staging: vchiq: Fix bulk transfers on 64-bit builds Phil Elwell
2021-01-05 16:20 ` Phil Elwell
2021-01-05 18:18 ` Arnd Bergmann
2021-01-05 18:18 ` Arnd Bergmann
2021-01-05 16:20 ` [PATCH v2 3/3] staging: vc04_services: Add a note to the TODO Phil Elwell
2021-01-05 16:20 ` Phil Elwell
2021-01-05 17:04 ` [PATCH v2 0/3] A trio of vchiq bulk transfer fixes Dan Carpenter
2021-01-05 17:04 ` Dan Carpenter
2021-01-11 15:43 ` Nicolas Saenz Julienne
2021-01-11 15:43 ` Nicolas Saenz Julienne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210105162030.1415213-2-phil@raspberrypi.com \
--to=phil@raspberrypi.com \
--cc=arnd@arndb.de \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-rpi-kernel@lists.infradead.org \
--cc=nsaenzjulienne@suse.de \
--cc=stefan.wahren@i2se.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.