| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Apr 2024 11:32:49 +0300
From: Baruch Siach <baruch@...s.co.il>
To: Wolfram Sang <wsa+renesas@...g-engineering.com>
Cc: linux-renesas-soc@...r.kernel.org, linux-i2c@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] i2c: smbus: fix NULL function pointer dereference
Hi Wolfram,
On Fri, Apr 26 2024, Wolfram Sang wrote:
> Brauch reported an OOPS when using the designware controller as target
> only. Target-only modes break the assumption of one transfer function
> always being available. Fix this by always checking the pointer in
> __i2c_transfer.
>
> Reported-by: Baruch Siach <baruch@...s.co.il>
> Closes: https://lore.kernel.org/r/4269631780e5ba789cf1ae391eec1b959def7d99.1712761976.git.baruch@tkos.co.il
> Fixes: 4b1acc43331d ("i2c: core changes for slave support")
> Signed-off-by: Wolfram Sang <wsa+renesas@...g-engineering.com>
Tested-by: Baruch Siach <baruch@...s.co.il>
Thanks,
baruch
> ---
> drivers/i2c/i2c-core-base.c | 12 ++++++------
> drivers/i2c/i2c-core-smbus.c | 2 +-
> 2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/i2c/i2c-core-base.c b/drivers/i2c/i2c-core-base.c
> index ff5c486a1dbb..db0d1ac82910 100644
> --- a/drivers/i2c/i2c-core-base.c
> +++ b/drivers/i2c/i2c-core-base.c
> @@ -2200,13 +2200,18 @@ static int i2c_check_for_quirks(struct i2c_adapter *adap, struct i2c_msg *msgs,
> * Returns negative errno, else the number of messages executed.
> *
> * Adapter lock must be held when calling this function. No debug logging
> - * takes place. adap->algo->master_xfer existence isn't checked.
> + * takes place.
> */
> int __i2c_transfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> {
> unsigned long orig_jiffies;
> int ret, try;
>
> + if (!adap->algo->master_xfer) {
> + dev_dbg(&adap->dev, "I2C level transfers not supported\n");
> + return -EOPNOTSUPP;
> + }
> +
> if (WARN_ON(!msgs || num < 1))
> return -EINVAL;
>
> @@ -2273,11 +2278,6 @@ int i2c_transfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> {
> int ret;
>
> - if (!adap->algo->master_xfer) {
> - dev_dbg(&adap->dev, "I2C level transfers not supported\n");
> - return -EOPNOTSUPP;
> - }
> -
> /* REVISIT the fault reporting model here is weak:
> *
> * - When we get an error after receiving N bytes from a slave,
> diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c
> index e3b96fc53b5c..a942c5306a4e 100644
> --- a/drivers/i2c/i2c-core-smbus.c
> +++ b/drivers/i2c/i2c-core-smbus.c
> @@ -596,7 +596,7 @@ s32 __i2c_smbus_xfer(struct i2c_adapter *adapter, u16 addr,
> break;
> }
>
> - if (res != -EOPNOTSUPP || !adapter->algo->master_xfer)
> + if (res != -EOPNOTSUPP)
> goto trace;
> /*
> * Fall back to i2c_smbus_xfer_emulated if the adapter doesn't
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@...s.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
Powered by blists - more mailing lists