| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Oct 2016 20:11:28 +0200
From: Heiner Kallweit <hkallweit1@...il.com>
To: Mark Brown <broonie@...nel.org>, Arnd Bergmann <arnd@...db.de>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org,
Nobuteru Hayashi <hayashi.nbb@...s.nec.co.jp>,
linux-spi@...r.kernel.org
Subject: Merge problem: Re: Applied "spi: fsl-espi: avoid processing
uninitalized data on error" to the spi tree
Am 26.10.2016 um 12:15 schrieb Mark Brown:
> The patch
>
> spi: fsl-espi: avoid processing uninitalized data on error
>
> has been applied to the spi tree at
>
> git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git
>
> All being well this means that it will be integrated into the linux-next
> tree (usually sometime in the next 24 hours) and sent to Linus during
> the next merge window (or sooner if it is a bug fix), however if
> problems are discovered then the patch may be dropped or reverted.
>
> You may get further e-mails resulting from automated or manual testing
> and review of the tree, please engage with people reporting problems and
> send followup patches addressing any issues that are reported if needed.
>
> If any updates are required or you are submitting further changes they
> should be sent as incremental updates against current git, existing
> patches will not be replaced.
>
> Please add any relevant lists and maintainers to the CCs when replying
> to this mail.
>
> Thanks,
> Mark
>
>>>From 5c0ba57744b1422d528f19430dd66d6803cea86f Mon Sep 17 00:00:00 2001
> From: Arnd Bergmann <arnd@...db.de>
> Date: Tue, 25 Oct 2016 22:57:10 +0200
> Subject: [PATCH] spi: fsl-espi: avoid processing uninitalized data on error
>
> When we get a spurious interrupt in fsl_espi_irq, we end up
> processing four uninitalized bytes of data, as shown in this
> warning message:
>
> drivers/spi/spi-fsl-espi.c: In function 'fsl_espi_irq':
> drivers/spi/spi-fsl-espi.c:462:4: warning: 'rx_data' may be used uninitialized in this function [-Wmaybe-uninitialized]
>
> This adds another check so we skip the data in this case.
>
> Fixes: 6319a68011b8 ("spi/fsl-espi: avoid infinite loops on fsl_espi_cpu_irq()")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> Signed-off-by: Mark Brown <broonie@...nel.org>
> Cc: stable@...r.kernel.org
> ---
> drivers/spi/spi-fsl-espi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/spi/spi-fsl-espi.c b/drivers/spi/spi-fsl-espi.c
> index 7451585a080e..2c175b9495f7 100644
> --- a/drivers/spi/spi-fsl-espi.c
> +++ b/drivers/spi/spi-fsl-espi.c
> @@ -458,7 +458,7 @@ static void fsl_espi_cpu_irq(struct mpc8xxx_spi *mspi, u32 events)
>
> mspi->len -= rx_nr_bytes;
>
> - if (mspi->rx)
> + if (rx_nr_bytes && mspi->rx)
> mspi->get_rx(rx_data, mspi);
> }
>
>
There seems to be a merge problem. Before the relevant code was:
(changed in recent commit "spi: fsl-espi: fix handling of word
sizes other than 8 bit")
if (mspi->rx) {
*(u32 *)mspi->rx = rx_data;
mspi->rx += 4;
}
Now it's:
if (rx_nr_bytes && mspi->rx) {
mspi->get_rx(rx_data, mspi);
mspi->rx += 4;
}
Instead it should be:
if (rx_nr_bytes && mspi->rx) {
*(u32 *)mspi->rx = rx_data;
mspi->rx += 4;
}
Powered by blists - more mailing lists