lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <61e860e7-fc3b-49ad-bf6a-9745f205d52b@gmail.com>
Date: Tue, 25 Nov 2025 13:23:14 -0800
From: Rudraksha Gupta <guptarud@...il.com>
To: Andy Shevchenko <andriy.shevchenko@...el.com>,
 Konrad Dybcio <konrad.dybcio@....qualcomm.com>
Cc: Bjorn Andersson <andersson@...nel.org>,
 Konrad Dybcio <konradybcio@...nel.org>, Rob Herring <robh@...nel.org>,
 Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley
 <conor+dt@...nel.org>, Jonathan Cameron <jic23@...nel.org>,
 David Lechner <dlechner@...libre.com>, Nuno Sá
 <nuno.sa@...log.com>, Andy Shevchenko <andy@...nel.org>,
 linux-arm-msm@...r.kernel.org, devicetree@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-iio@...r.kernel.org
Subject: Re: [PATCH v4 5/6] iio: accel: Prevent NULL pointer dereference in
 interrupt setup


On 11/25/25 03:14, Andy Shevchenko wrote:
> On Tue, Nov 25, 2025 at 11:45:22AM +0100, Konrad Dybcio wrote:
>> On 11/25/25 12:35 AM, Rudraksha Gupta via B4 Relay wrote:
>>> The bmc150_accel_set_interrupt() function assumes that the interrupt
>>> info is provided. However, when no IRQ is provided, the info pointer
>>> remains NULL, leading to a kernel oops:
>> Hm, are you sure your device really doesn't have a pin connected to
>> the IC's interrupt line?
> I don't know the actual case here, but in general such a design occurred
> in real life. So, shouldn't be a surprise to see another polling only mode
> connection like this.
>
I unfortunately don't have the schematics, so I can only reference the 
downstream kernel:

https://codeberg.org/LogicalErzor/Android_Kernel_Samsung_D2/commits/branch/downstream


The above is my kernel tree. This is based on:

https://github.com/LineageOS/android_kernel_samsung_d2/tree/cm-14.1


but with a few added commits on top to help me navigate the codebase. 
Notably, I've removed all .c files that wasn't needed by the downstream 
kernel, and verified that it works by flashing the kernel with 
Cyanogenmod running.


Based on the device's config:

https://codeberg.org/LogicalErzor/Android_Kernel_Samsung_D2/src/branch/downstream/arch/arm/configs/cyanogen_expressatt_defconfig


There is no .irq defined for the accelerator:

https://codeberg.org/LogicalErzor/Android_Kernel_Samsung_D2/src/branch/downstream/arch/arm/mach-msm/board-express.c#L2100


I also couldn't find a hardcoded irq in the driver code as well:

https://codeberg.org/LogicalErzor/Android_Kernel_Samsung_D2/src/branch/downstream/drivers/sensors/accelerometer/yas_acc_driver-bma25x.c

https://codeberg.org/LogicalErzor/Android_Kernel_Samsung_D2/src/branch/downstream/drivers/sensors/accelerometer/yas_acc_kernel_driver.c


This seems to be confirmed upstream too, where one has an irq:

https://github.com/torvalds/linux/blob/master/arch/arm/boot/dts/st/ste-ux500-samsung-skomer.dts#L420


and others don't:

https://github.com/torvalds/linux/blob/master/arch/arm/boot/dts/st/ste-ux500-samsung-kyle.dts#L439

https://github.com/torvalds/linux/blob/master/arch/arm/boot/dts/st/ste-ux500-samsung-codina-tmo.dts#L506


Happy to split this patch series into two, just let me know! :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ