leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mainlining shenanigans
1,014,067 Commits 2 Branches 0 Tags 5.1 GiB
C 97.7%
Assembly 1.1%
Shell 0.4%
Makefile 0.3%
Python 0.2%
Other 0.1%
2499042326
Go to file
Krzysztof Kozlowski 2499042326 i2c: s3c2410: fix possible NULL pointer deref on read message after write 
Interrupt handler processes multiple message write requests one after
another, till the driver message queue is drained.  However if driver
encounters a read message without preceding START, it stops the I2C
transfer as it is an invalid condition for the controller.  At least the
comment describes a requirement "the controller forces us to send a new
START when we change direction".  This stop results in clearing the
message queue (i2c->msg = NULL).

The code however immediately jumped back to label "retry_write" which
dereferenced the "i2c->msg" making it a possible NULL pointer
dereference.

The Coverity analysis:
1. Condition !is_msgend(i2c), taking false branch.
   if (!is_msgend(i2c)) {

2. Condition !is_lastmsg(i2c), taking true branch.
   } else if (!is_lastmsg(i2c)) {

3. Condition i2c->msg->flags & 1, taking true branch.
   if (i2c->msg->flags & I2C_M_RD) {

4. write_zero_model: Passing i2c to s3c24xx_i2c_stop, which sets i2c->msg to NULL.
   s3c24xx_i2c_stop(i2c, -EINVAL);

5. Jumping to label retry_write.
   goto retry_write;

6. var_deref_model: Passing i2c to is_msgend, which dereferences null i2c->msg.
   if (!is_msgend(i2c)) {"

All previous calls to s3c24xx_i2c_stop() in this interrupt service
routine are followed by jumping to end of function (acknowledging
the interrupt and returning).  This seems a reasonable choice also here
since message buffer was entirely emptied.

Addresses-Coverity: Explicit null dereferenced
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
2021-05-28 10:16:23 +02:00
arch powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers 2021-05-27 21:52:16 +02:00
block block-5.13-2021-05-22 2021-05-22 07:40:34 -10:00
certs Kbuild updates for v5.13 (2nd) 2021-05-08 10:00:11 -07:00
crypto for-5.13/drivers-2021-04-27 2021-04-28 14:39:37 -07:00
Documentation dt-bindings: i2c: mpc: Add fsl,i2c-erratum-a004447 flag 2021-05-27 21:51:54 +02:00
drivers i2c: s3c2410: fix possible NULL pointer deref on read message after write 2021-05-28 10:16:23 +02:00
fs userfaultfd: hugetlbfs: fix new flag usage in error path 2021-05-22 15:09:07 -10:00
include linux/bits.h: fix compilation error with GENMASK 2021-05-22 15:09:07 -10:00
init Merge branch 'akpm' (patches from Andrew) 2021-05-07 00:34:51 -07:00
ipc ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry 2021-05-22 15:09:07 -10:00
kernel Two locking fixes: 2021-05-23 06:30:08 -10:00
lib lib: kunit: suppress a compilation warning of frame size 2021-05-22 15:09:07 -10:00
LICENSES LICENSES: Add the CC-BY-4.0 license 2020-12-08 10:33:27 -07:00
mm userfaultfd: hugetlbfs: fix new flag usage in error path 2021-05-22 15:09:07 -10:00
net Char/misc driver fixes for 5.13-rc3 2021-05-20 06:31:52 -10:00
samples Kbuild updates for v5.13 (2nd) 2021-05-08 10:00:11 -07:00
scripts kbuild: dummy-tools: adjust to stricter stackprotector check 2021-05-17 12:10:03 +09:00
security trusted-keys: match tpm_get_ops on all return paths 2021-05-12 22:36:37 +03:00
sound sound fixes for 5.13-rc3 2021-05-20 06:42:21 -10:00
tools powerpc fixes for 5.13 #4 2021-05-23 06:07:33 -10:00
usr .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
virt kvm: Cap halt polling at kvm->max_halt_poll_ns 2021-05-07 06:06:22 -04:00
.clang-format cxl for 5.12 2021-02-24 09:38:36 -08:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap Merge drm/drm-fixes into drm-misc-fixes 2021-05-11 13:35:52 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: move Murali Karicheri to credits 2021-04-29 15:47:30 -07:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS proc: remove Alexey from MAINTAINERS 2021-05-22 15:09:07 -10:00
Makefile Linux 5.13-rc3 2021-05-23 11:42:48 -10:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.