From mboxrd@z Thu Jan 1 00:00:00 1970 From: Simon Glass Date: Thu, 20 May 2021 11:51:40 -0600 Subject: [PATCH u-boot v4 01/36] regmap: fix a serious pointer casting bug In-Reply-To: <20210520112425.25166-2-marek.behun@nic.cz> References: <20210520112425.25166-1-marek.behun@nic.cz> <20210520112425.25166-2-marek.behun@nic.cz> Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Marek, On Thu, 20 May 2021 at 05:25, Marek Beh?n wrote: > > There is a serious bug in regmap_read() and regmap_write() functions > where an uint pointer is cast to (void *) which is then cast to (u8 *), > (u16 *), (u32 *) or (u64 *), depending on register width of the map. > > For example given a regmap with 16-bit register width the code > int val = 0x12340000; > regmap_read(map, 0, &val); > only changes the lower 16 bits of val on little-endian machines. > The upper 16 bits will remain 0x1234. > > Nobody noticed this probably because this bug can be triggered with > regmap_write() only on big-endian architectures (which are not used by > many people anymore), and on little endian this bug has consequences > only if register width is 8 or 16 bits and also the memory place to > which regmap_read() should store it's result has non-zero upper bits, > which it seems doesn't happen anywhere in U-Boot normally. CI managed to > trigger this bug in unit test of dm_test_devm_regmap_field when compiled > for sandbox_defconfig using LTO. > > Fix this by utilizing an union { u8; u16; u32; u64; } and reading data > into this union / writing data from this union. > > Signed-off-by: Marek Beh?n > Cc: Simon Glass > Cc: Heiko Schocher > Cc: Bin Meng > Cc: Pratyush Yadav > --- > drivers/core/regmap.c | 59 +++++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 57 insertions(+), 2 deletions(-) I don't see a changelog here but this is v4. Are you using patman? Regards, Simon