| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Nov 2019 18:43:48 +0100
From: Martin Fuzzey <martin.fuzzey@...wbird.group>
To: Sebastian Reichel <sebastian.reichel@...labora.com>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
Ahmet Inan <inan@...tec.de>
Cc: linux-input@...r.kernel.org, linux-kernel@...r.kernel.org,
kernel@...labora.com
Subject: Re: [PATCHv1 2/2] Input: EXC3000: Add support to query model and
fw_version
Hi Sebastian,
On 07/11/2019 19:10, Sebastian Reichel wrote:
> Expose model and fw_version via sysfs. Also query the model
> in probe to make sure, that the I2C communication with the
> device works before successfully probing the driver.
>
> Signed-off-by: Sebastian Reichel <sebastian.reichel@...labora.com>
> ---
> drivers/input/touchscreen/exc3000.c | 136 ++++++++++++++++++++++++++++
> 1 file changed, 136 insertions(+)
>
> diff --git a/drivers/input/touchscreen/exc3000.c b/drivers/input/touchscreen/exc3000.c
> index 7d695022082c..4c9f132629b9 100644
> --- a/drivers/input/touchscreen/exc3000.c
> +++ b/drivers/input/touchscreen/exc3000.c
> @@ -41,6 +41,11 @@ struct exc3000_data {
> struct touchscreen_properties prop;
> struct timer_list timer;
> u8 buf[2 * EXC3000_LEN_FRAME];
> + char model[11];
> + char fw_version[6];
These buffers are too small.
I know those are the values shown in the EETI "I2C Programming Guide"
but, on my exc80H32 I have 16 bytes for the model and 14 for the fw_version.
It may even be possible to have larger, depends on the firmware / config
blob that has been loaded.
The guide seems to be mostly an example. As nothing else is sent in the
reply message, worst case the full frame would be filled.
>
> +static void exc3000_query_interrupt(struct exc3000_data *data)
> +{
> + u8 *buf = data->buf;
> + int err;
> +
> + data->query_result = 0;
> +
> + err = i2c_master_recv(data->client, buf, EXC3000_LEN_FRAME);
> + if (err < 0) {
> + data->query_result = err;
> + goto out;
> + }
> +
> + if (buf[0] == 0x42 && buf[4] == 'E') {
> + memcpy(data->model, buf+5, 10);
> + data->model[10] = '\0';
Maybe use sizeof() to avoid the hard coded 10?
> + goto out;
> + } else if (buf[0] == 0x42 && buf[4] == 'D') {
> + memcpy(data->fw_version, buf+5, 5);
> + data->fw_version[5] = '\0';
> + goto out;
> + }
> +
Ok so at least there won't be a buffer overflow but it will truncate.
> +static DEVICE_ATTR(fw_version, S_IRUGO, exc3000_get_fw_version, NULL);
> +
Maybe use DEVICE_ATTR_RO to reduce the amount of boilerplate?
> + input->dev.groups = exc3000_attribute_groups;
Hum, this adds the attributes to the input device (in /sys/class/input)
but these attributes are really for the whole I2C device.
Wouldn't it be better to use devm_device_add_group() to add them to the
I2C device?
> + for (retry = 0; retry < 3; ++retry) {
> + error = exc3000_get_model(data);
> + if (!error) {
> + break;
> + }
> + dev_warn(&client->dev, "Retry %d get EETI EXC3000 model: %d\n", retry + 1, error);
> + }
> +
Is there a particular reason why retries are needed?
Regards,
Martin
Powered by blists - more mailing lists