All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] iio: imu: adis16400: Avoid null pointer dereference
@ 2011-08-26  8:43 michael.hennerich
  2011-08-26  9:20 ` Jonathan Cameron
  0 siblings, 1 reply; 4+ messages in thread
From: michael.hennerich @ 2011-08-26  8:43 UTC (permalink / raw)
  To: jic23; +Cc: linux-iio, device-drivers-devel, drivers, Michael Hennerich

From: Michael Hennerich <michael.hennerich@analog.com>

Not sure if this is a proper fix. However it should do the trick.
ring->scan_maks is allocated in iio_ring_buffer_register() which called
after adis16400_configure_ring. So the time this pointer dereference takes
place scan_mask is uninitialized.

Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
---
 drivers/staging/iio/imu/adis16400_ring.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/staging/iio/imu/adis16400_ring.c b/drivers/staging/iio/imu/adis16400_ring.c
index 1a47d07..f6d50be 100644
--- a/drivers/staging/iio/imu/adis16400_ring.c
+++ b/drivers/staging/iio/imu/adis16400_ring.c
@@ -191,7 +191,7 @@ int adis16400_configure_ring(struct iio_dev *indio_dev)
 	ring->setup_ops = &adis16400_ring_setup_ops;
 	ring->owner = THIS_MODULE;
 	/* Set default scan mode - assumes single long is big enough */
-	*ring->scan_mask = st->variant->default_scan_mask;
+	ring->scan_mask = &st->variant->default_scan_mask;
 	ring->scan_count = hweight_long(st->variant->default_scan_mask);
 
 	indio_dev->pollfunc = iio_alloc_pollfunc(&iio_pollfunc_store_time,
-- 
1.7.0.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] iio: imu: adis16400: Avoid null pointer dereference
  2011-08-26  8:43 [PATCH] iio: imu: adis16400: Avoid null pointer dereference michael.hennerich
@ 2011-08-26  9:20 ` Jonathan Cameron
  2011-08-26 11:40   ` Hennerich, Michael
  0 siblings, 1 reply; 4+ messages in thread
From: Jonathan Cameron @ 2011-08-26  9:20 UTC (permalink / raw)
  To: michael.hennerich; +Cc: linux-iio, device-drivers-devel, drivers

On 08/26/11 09:43, michael.hennerich@analog.com wrote:
> From: Michael Hennerich <michael.hennerich@analog.com>
> 
> Not sure if this is a proper fix. However it should do the trick.
> ring->scan_maks is allocated in iio_ring_buffer_register() which called
> after adis16400_configure_ring. So the time this pointer dereference takes
> place scan_mask is uninitialized.
Dratt missed that one.  This definitely isn't the right fix as it will get
wiped out when that element is initialized.

Mostly I fixed equivalents elsewhere by not setting a default.
After all user space shouldn't be relying on any particular set of channels
being enable anyway.  Do we have a good reason to not just remove it here?

> 
> Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
> ---
>  drivers/staging/iio/imu/adis16400_ring.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/staging/iio/imu/adis16400_ring.c b/drivers/staging/iio/imu/adis16400_ring.c
> index 1a47d07..f6d50be 100644
> --- a/drivers/staging/iio/imu/adis16400_ring.c
> +++ b/drivers/staging/iio/imu/adis16400_ring.c
> @@ -191,7 +191,7 @@ int adis16400_configure_ring(struct iio_dev *indio_dev)
>  	ring->setup_ops = &adis16400_ring_setup_ops;
>  	ring->owner = THIS_MODULE;
>  	/* Set default scan mode - assumes single long is big enough */
> -	*ring->scan_mask = st->variant->default_scan_mask;
> +	ring->scan_mask = &st->variant->default_scan_mask;
>  	ring->scan_count = hweight_long(st->variant->default_scan_mask);
>  
>  	indio_dev->pollfunc = iio_alloc_pollfunc(&iio_pollfunc_store_time,


^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: [PATCH] iio: imu: adis16400: Avoid null pointer dereference
  2011-08-26  9:20 ` Jonathan Cameron
@ 2011-08-26 11:40   ` Hennerich, Michael
  2011-08-26 12:06     ` Jonathan Cameron
  0 siblings, 1 reply; 4+ messages in thread
From: Hennerich, Michael @ 2011-08-26 11:40 UTC (permalink / raw)
  To: Jonathan Cameron; +Cc: linux-iio, device-drivers-devel, Drivers

Jonathan Cameron wrote on 2011-08-26:
> On 08/26/11 09:43, michael.hennerich@analog.com wrote:
>> From: Michael Hennerich <michael.hennerich@analog.com>
>>
>> Not sure if this is a proper fix. However it should do the trick.
>> ring->scan_maks is allocated in iio_ring_buffer_register() which called
>> after adis16400_configure_ring. So the time this pointer dereference
>> takes place scan_mask is uninitialized.
> Dratt missed that one.  This definitely isn't the right fix as it will
> get wiped out when that element is initialized.
>
> Mostly I fixed equivalents elsewhere by not setting a default. After all
> user space shouldn't be relying on any particular set of channels being
> enable anyway.  Do we have a good reason to not just remove it here?

Feel free to remove it - I don't have a good reason other than convenience...

>> Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
>> ---
>>  drivers/staging/iio/imu/adis16400_ring.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>> diff --git a/drivers/staging/iio/imu/adis16400_ring.c
>> b/drivers/staging/iio/imu/adis16400_ring.c index 1a47d07..f6d50be
>> 100644 --- a/drivers/staging/iio/imu/adis16400_ring.c +++
>> b/drivers/staging/iio/imu/adis16400_ring.c @@ -191,7 +191,7 @@ int
>> adis16400_configure_ring(struct iio_dev
> *indio_dev)
>>      ring->setup_ops = &adis16400_ring_setup_ops;
>>      ring->owner = THIS_MODULE;
>>      /* Set default scan mode - assumes single long is big enough */
>> -    *ring->scan_mask = st->variant->default_scan_mask;
>> +    ring->scan_mask = &st->variant->default_scan_mask;
>>      ring->scan_count = hweight_long(st->variant->default_scan_mask);
>>
>>      indio_dev->pollfunc =
> iio_alloc_pollfunc(&iio_pollfunc_store_time,
>

Greetings,
Michael

--
Analog Devices GmbH      Wilhelm-Wagenfeld-Str. 6      80807 Muenchen
Sitz der Gesellschaft: Muenchen; Registergericht: Muenchen HRB 40368;
Geschaeftsfuehrer:Dr.Carsten Suckrow, Thomas Wessel, William A. Martin, Margaret Seif




^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] iio: imu: adis16400: Avoid null pointer dereference
  2011-08-26 11:40   ` Hennerich, Michael
@ 2011-08-26 12:06     ` Jonathan Cameron
  0 siblings, 0 replies; 4+ messages in thread
From: Jonathan Cameron @ 2011-08-26 12:06 UTC (permalink / raw)
  To: Hennerich, Michael; +Cc: linux-iio, device-drivers-devel, Drivers

On 08/26/11 12:40, Hennerich, Michael wrote:
> Jonathan Cameron wrote on 2011-08-26:
>> On 08/26/11 09:43, michael.hennerich@analog.com wrote:
>>> From: Michael Hennerich <michael.hennerich@analog.com>
>>>
>>> Not sure if this is a proper fix. However it should do the trick.
>>> ring->scan_maks is allocated in iio_ring_buffer_register() which called
>>> after adis16400_configure_ring. So the time this pointer dereference
>>> takes place scan_mask is uninitialized.
>> Dratt missed that one.  This definitely isn't the right fix as it will
>> get wiped out when that element is initialized.
>>
>> Mostly I fixed equivalents elsewhere by not setting a default. After all
>> user space shouldn't be relying on any particular set of channels being
>> enable anyway.  Do we have a good reason to not just remove it here?
> 
> Feel free to remove it - I don't have a good reason other than convenience...
Added to the patch that scraps the rest of these and pushed out to iio-blue.git
> 
>>> Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
>>> ---
>>>  drivers/staging/iio/imu/adis16400_ring.c |    2 +-
>>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>> diff --git a/drivers/staging/iio/imu/adis16400_ring.c
>>> b/drivers/staging/iio/imu/adis16400_ring.c index 1a47d07..f6d50be
>>> 100644 --- a/drivers/staging/iio/imu/adis16400_ring.c +++
>>> b/drivers/staging/iio/imu/adis16400_ring.c @@ -191,7 +191,7 @@ int
>>> adis16400_configure_ring(struct iio_dev
>> *indio_dev)
>>>      ring->setup_ops = &adis16400_ring_setup_ops;
>>>      ring->owner = THIS_MODULE;
>>>      /* Set default scan mode - assumes single long is big enough */
>>> -    *ring->scan_mask = st->variant->default_scan_mask;
>>> +    ring->scan_mask = &st->variant->default_scan_mask;
>>>      ring->scan_count = hweight_long(st->variant->default_scan_mask);
>>>
>>>      indio_dev->pollfunc =
>> iio_alloc_pollfunc(&iio_pollfunc_store_time,
>>
> 
> Greetings,
> Michael
> 
> --
> Analog Devices GmbH      Wilhelm-Wagenfeld-Str. 6      80807 Muenchen
> Sitz der Gesellschaft: Muenchen; Registergericht: Muenchen HRB 40368;
> Geschaeftsfuehrer:Dr.Carsten Suckrow, Thomas Wessel, William A. Martin, Margaret Seif
> 
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-iio" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-08-26 11:57 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-08-26  8:43 [PATCH] iio: imu: adis16400: Avoid null pointer dereference michael.hennerich
2011-08-26  9:20 ` Jonathan Cameron
2011-08-26 11:40   ` Hennerich, Michael
2011-08-26 12:06     ` Jonathan Cameron

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.