| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ad239665-e342-cdef-71c0-4eba06b76797@canonical.com>
Date: Fri, 30 Oct 2020 14:12:10 +0000
From: Colin Ian King <colin.king@...onical.com>
To: Martin Hundebøll <martin@...nix.com>
Cc: Mark Brown <broonie@...nel.org>,
Florian Fainelli <f.fainelli@...il.com>,
Ray Jui <rjui@...adcom.com>,
Scott Branden <sbranden@...adcom.com>,
bcm-kernel-feedback-list@...adcom.com,
Nicolas Saenz Julienne <nsaenzjulienne@...e.de>,
Gregory CLEMENT <gregory.clement@...tlin.com>,
linux-spi@...r.kernel.org,
"moderated list:BROADCOM BCM2711/BCM2835 ARM ARCHITECTURE"
<linux-rpi-kernel@...ts.infradead.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: spi: bcm2835: fix gpio cs level inversion
Hi,
Static analysis with coverity on today's linux-next has detected a
potential issue in bcm2835_spi_setup() in the following commit:
commit 5e31ba0c0543a04483b53151eb5b7413efece94c
Author: Martin Hundebøll <martin@...nix.com>
Date: Wed Oct 14 11:02:30 2020 +0200
spi: bcm2835: fix gpio cs level inversion
The analysis is as follows:
1191 static int bcm2835_spi_setup(struct spi_device *spi)
1192 {
1193 struct spi_controller *ctlr = spi->controller;
1194 struct bcm2835_spi *bs = spi_controller_get_devdata(ctlr);
1195 struct gpio_chip *chip;
1. var_decl: Declaring variable lflags without initializer.
... and later on ...
Uninitialized scalar variable (UNINIT)
9. uninit_use_in_call: Using uninitialized value lflags when calling
gpiochip_request_own_desc. [show details]
1262 spi->cs_gpiod = gpiochip_request_own_desc(chip, 8 -
spi->chip_select,
1263 DRV_NAME,
1264 lflags,
1265 GPIOD_OUT_LOW);
The call to gpiochip_request_own_desc passes the uninitalized lflags
down to gpiod_configure_flags:
int gpiod_configure_flags(struct gpio_desc *desc, const char *con_id,
3698 unsigned long lflags, enum gpiod_flags dflags)
3699{
3700 int ret;
3701
3702 if (lflags & GPIO_ACTIVE_LOW)
3703 set_bit(FLAG_ACTIVE_LOW, &desc->flags);
3704
3705 if (lflags & GPIO_OPEN_DRAIN)
3706 set_bit(FLAG_OPEN_DRAIN, &desc->flags);
so this looks like lflags needs to be initialized with something
legitimate, probably zero?
Colin
Powered by blists - more mailing lists