[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210423115724.GB5507@sirena.org.uk>
Date: Fri, 23 Apr 2021 12:57:24 +0100
From: Mark Brown <broonie@...nel.org>
To: Joe Burmeister <joe.burmeister@...tank.co.uk>
Cc: Florian Fainelli <f.fainelli@...il.com>,
Ray Jui <rjui@...adcom.com>,
Scott Branden <sbranden@...adcom.com>,
bcm-kernel-feedback-list@...adcom.com, linux-spi@...r.kernel.org,
linux-rpi-kernel@...ts.infradead.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
nsaenz@...nel.org
Subject: Re: [PATCH] spi: bcm2835: Fix buffer overflow with CS able to go
beyond limit.
On Fri, Apr 23, 2021 at 11:03:22AM +0100, Joe Burmeister wrote:
> On 23/04/2021 00:49, Florian Fainelli wrote:
> > Right, which means that we should probably seek a solution within the
> > SPI core itself, even if you can only test with spi-bcm2835.c chances
> > are that the fix would be applicable for other controllers if done in
> > the core.
> I'm not sure it's possible to do in the core alone. The numb of the
> issue is the core changes ctlr->num_chipselect to what is in the device
> tree and some drivers are cool with that overs quietly stomp memory.
I wouldn't expect any controller to be OK with that? Drivers can store
per-client data in spi_device->controller_data which doesn't need
scaling (but is also not so helpful if you need to look at clients other
than the one you're currently controlling).
> I've got a simple little patch to warn when the core expands
> ctlr->num_chipselect. This warning won't go off in bcm2835 with my patch
> because I am also extending ctlr->num_chipselect to the amount in the
> device tree before the core does that expansion. Hopefully that new
> warning would make people investigate and fix problem drivers.
> >> There is protection in spi_add_device, which will catch extra added
> >> later, but not ones in the device tree when the spi controller was
> >> registered.
> > Not sure I follow you, if we have the overlay before
> > spi_register_controller() is called, how can the check there not
> > trigger? And if we load the overlay later when the SPI controller is
> > already registered, why does not spi_add_device()'s check work?
> I think it might be a RPI thing. I think it is merging in the overlay
> and giving Linux one already merged.
If the overlay is handled by the bootloader then from the point of view
of Linux there is no overlay - sounds like there's an issue in the
overlay, it should be overriding something that it doesn't?
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists