From: Sean Paul <seanpaul@chromium.org>
To: John Keeping <john@metanate.com>
Cc: linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
linux-rockchip@lists.infradead.org,
Chris Zhong <zyw@rock-chips.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v3 06/24] drm/rockchip: dw-mipi-dsi: avoid out-of-bounds read on tx_buf
Date: Mon, 30 Jan 2017 13:01:46 -0500 [thread overview]
Message-ID: <20170130180146.GG20076@art_vandelay> (raw)
In-Reply-To: <20170129132444.25251-7-john@metanate.com>
On Sun, Jan 29, 2017 at 01:24:26PM +0000, John Keeping wrote:
> As a side-effect of this, encode the endianness explicitly rather than
> casting a u16.
>
> Signed-off-by: John Keeping <john@metanate.com>
> Reviewed-by: Chris Zhong <zyw@rock-chips.com>
> ---
> v3:
> - Add Chris' Reviewed-by
> Unchanged in v2
>
> drivers/gpu/drm/rockchip/dw-mipi-dsi.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/rockchip/dw-mipi-dsi.c b/drivers/gpu/drm/rockchip/dw-mipi-dsi.c
> index 4be1ff3a42bb..2e6ad4591ebf 100644
> --- a/drivers/gpu/drm/rockchip/dw-mipi-dsi.c
> +++ b/drivers/gpu/drm/rockchip/dw-mipi-dsi.c
> @@ -572,8 +572,13 @@ static int dw_mipi_dsi_gen_pkt_hdr_write(struct dw_mipi_dsi *dsi, u32 hdr_val)
> static int dw_mipi_dsi_dcs_short_write(struct dw_mipi_dsi *dsi,
> const struct mipi_dsi_msg *msg)
> {
> - const u16 *tx_buf = msg->tx_buf;
> - u32 val = GEN_HDATA(*tx_buf) | GEN_HTYPE(msg->type);
> + const u8 *tx_buf = msg->tx_buf;
> + u32 val = GEN_HTYPE(msg->type);
> +
> + if (msg->tx_len > 0)
> + val |= GEN_HDATA(tx_buf[0]);
> + if (msg->tx_len > 1)
> + val |= GEN_HDATA(tx_buf[1] << 8);
You should probably update the mask inside GEN_HDATA to mask off 8 bits instead of
16.
Sean
>
> if (msg->tx_len > 2) {
> dev_err(dsi->dev, "too long tx buf length %zu for short write\n",
> --
> 2.11.0.197.gb556de5.dirty
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Sean Paul, Software Engineer, Google / Chromium OS
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2017-01-30 18:01 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-29 13:24 [PATCH v3 00/24] drm/rockchip: MIPI fixes & improvements John Keeping
2017-01-29 13:24 ` [PATCH v3 01/24] drm/rockchip: dw-mipi-dsi: don't configure hardware in mode_set for MIPI John Keeping
2017-01-30 15:35 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 02/24] drm/rockchip: dw-mipi-dsi: pass mode in where needed John Keeping
2017-01-30 15:40 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 03/24] drm/rockchip: dw-mipi-dsi: remove mode_set hook John Keeping
2017-01-30 15:40 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 04/24] drm/rockchip: dw-mipi-dsi: fix command header writes John Keeping
2017-01-30 15:43 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 05/24] drm/rockchip: dw-mipi-dsi: fix generic packet status check John Keeping
2017-01-30 17:56 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 06/24] drm/rockchip: dw-mipi-dsi: avoid out-of-bounds read on tx_buf John Keeping
2017-01-30 18:01 ` Sean Paul [this message]
2017-01-30 18:16 ` John Keeping
2017-01-30 20:09 ` Sean Paul
2017-01-31 11:45 ` John Keeping
2017-01-31 14:48 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 07/24] drm/rockchip: dw-mipi-dsi: include bad value in error message John Keeping
2017-01-30 18:02 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 08/24] drm/rockchip: dw-mipi-dsi: respect message flags John Keeping
2017-01-30 18:19 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 09/24] drm/rockchip: dw-mipi-dsi: only request HS clock when required John Keeping
2017-01-30 18:20 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 10/24] drm/rockchip: dw-mipi-dsi: don't assume buffer is aligned John Keeping
2017-01-30 20:08 ` Sean Paul
2017-01-31 11:56 ` John Keeping
2017-01-31 14:53 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 11/24] drm/rockchip: dw-mipi-dsi: prepare panel after phy init John Keeping
2017-01-30 20:16 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 12/24] drm/rockchip: dw-mipi-dsi: allow commands in panel_disable John Keeping
2017-01-30 20:19 ` Sean Paul
2017-01-31 12:03 ` John Keeping
2017-01-29 13:24 ` [PATCH v3 13/24] drm/rockchip: dw-mipi-dsi: fix escape clock rate John Keeping
2017-01-30 20:25 ` Sean Paul
2017-02-01 17:23 ` John Keeping
2017-01-29 13:24 ` [PATCH v3 14/24] drm/rockchip: dw-mipi-dsi: ensure PHY is reset John Keeping
2017-01-30 20:25 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 15/24] drm/rockchip: dw-mipi-dsi: configure PHY before enabling John Keeping
2017-01-30 20:28 ` Sean Paul
2017-01-31 12:14 ` John Keeping
2017-01-29 13:24 ` [PATCH v3 16/24] drm/rockchip: dw-mipi-dsi: properly configure PHY timing John Keeping
2017-01-30 21:57 ` Sean Paul
2017-01-31 12:39 ` John Keeping
2017-01-29 13:24 ` [PATCH v3 17/24] drm/rockchip: dw-mipi-dsi: improve PLL configuration John Keeping
2017-01-31 19:03 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 18/24] drm/rockchip: dw-mipi-dsi: use specific poll helper John Keeping
2017-01-31 18:45 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 19/24] drm/rockchip: dw-mipi-dsi: use positive check for N{H, V}SYNC John Keeping
2017-01-31 19:12 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 20/24] drm/rockchip: vop: test for P{H,V}SYNC John Keeping
2017-01-31 19:14 ` Sean Paul
2017-01-29 13:24 ` [PATCH v3 21/24] drm/rockchip: dw-mipi-dsi: defer probe if panel is not loaded John Keeping
2017-01-31 19:21 ` Sean Paul
2017-02-10 17:27 ` John Keeping
2017-01-29 13:24 ` [PATCH v3 22/24] drm/rockchip: dw-mipi-dsi: support non-burst modes John Keeping
2017-01-31 19:22 ` Sean Paul
2017-02-16 3:01 ` Chris Zhong
2017-02-16 14:22 ` John Keeping
2017-01-29 13:24 ` [PATCH v3 23/24] drm/rockchip: dw-mipi-dsi: add reset control John Keeping
2017-01-31 19:28 ` Sean Paul
2017-02-15 3:38 ` Chris Zhong
2017-02-15 12:39 ` John Keeping
2017-02-16 2:12 ` Chris Zhong
2017-02-16 14:11 ` John Keeping
2017-01-29 13:24 ` [PATCH v3 24/24] drm/rockchip: dw-mipi-dsi: support read commands John Keeping
2017-01-30 15:26 ` Sean Paul
2017-01-30 18:14 ` John Keeping
2017-01-30 20:16 ` Sean Paul
2017-01-31 12:41 ` John Keeping
2017-01-31 14:47 ` Sean Paul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170130180146.GG20076@art_vandelay \
--to=seanpaul@chromium.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=john@metanate.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rockchip@lists.infradead.org \
--cc=zyw@rock-chips.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).