From: Philippe Gerum <rpm@xenomai.org>
To: Florian Bezdeka <florian.bezdeka@siemens.com>
Cc: Dani Sanz <sbrk.modules@gmail.com>, xenomai@lists.linux.dev
Subject: Re: [PATCH] spi: bcm2835: fix NULL pointer deref for OOB transfers.
Date: Thu, 13 Apr 2023 09:51:48 +0200 [thread overview]
Message-ID: <87ile0i529.fsf@xenomai.org> (raw)
In-Reply-To: <dc1cc7a3be7f77baf0e6de5a6ca4baa548f05165.camel@siemens.com>
Florian Bezdeka <florian.bezdeka@siemens.com> writes:
> On Wed, 2023-04-12 at 19:09 +0200, Dani Sanz wrote:
>> From: Dani Sanz <sbrk.modules@gmail.com>
>>
>> There was a problem when calling ioctl(fd, SPI_IOC_ENABLE_OOB_MODE,
>> oob_spi_setup) to use spidev in OOB mode after setting up the spidev.
>>
>> The kernel crashed because on function
>> bcm2835_spi_start_oob_transfer(struct spi_controller *ctlr, struct
>> spi_oob_transfer *xfer), it tried to access bs->slv->prepare_cs,
>> however bs->slv was NULL.
>>
>> This patch sets the bs->slv value to the correct bcm2835_spidev object
>> during bcm2835_spi_setup(struct spi_device *spi), so the NULL pointer
>> dereference that happened later is avoided.
>>
>> Signed-off-by: Dani Sanz <sbrk.modules@gmail.com>
>> ---
>> drivers/spi/spi-bcm2835.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/spi/spi-bcm2835.c b/drivers/spi/spi-bcm2835.c
>> index 2626abfc0a5b..1051482df945 100644
>> --- a/drivers/spi/spi-bcm2835.c
>> +++ b/drivers/spi/spi-bcm2835.c
>
> Hi!
>
> Thanks for your patch, but his is the wrong mailing list for this
> issue. The patch should be submitted upstream (Linux) and we will fetch
> it during the next update cycle of Dovetail or IPIPE.
>
Actually, this patch applies specifically to Dovetail, upstream refers
to bs->slv only when TX via DMA is enabled, so there is no issue in this
case. However, Dovetail extends this assumption to any transfer
direction, but fails to init this field accordingly, hence the breakage.
--
Philippe.
next prev parent reply other threads:[~2023-04-13 8:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-12 17:09 [PATCH] spi: bcm2835: fix NULL pointer deref for OOB transfers Dani Sanz
2023-04-12 21:33 ` Florian Bezdeka
2023-04-13 7:51 ` Philippe Gerum [this message]
2023-04-16 8:31 ` Philippe Gerum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ile0i529.fsf@xenomai.org \
--to=rpm@xenomai.org \
--cc=florian.bezdeka@siemens.com \
--cc=sbrk.modules@gmail.com \
--cc=xenomai@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).