[PATCH RFC 1/3] i2c: bcm2835: Avoid possible NULL ptr dereference

Wolfram Sang wsa at the-dreams.de
Mon Feb 20 10:22:15 PST 2017


On Thu, Feb 16, 2017 at 09:20:45PM +0000, Stefan Wahren wrote:
> Since commit e2474541032d ("bcm2835: Fix hang for writing messages
> larger than 16 bytes") the interrupt handler is prone to a possible
> NULL pointer dereference. This could happen if an interrupt fires
> before curr_msg is set by bcm2835_i2c_xfer_msg() and randomly occurs
> on the RPi 3. Even this is an unexpected behavior the driver must
> handle that with an error instead of a crash.
> 
> CC: Noralf Trønnes <noralf at tronnes.org>
> CC: Martin Sperl <kernel at martin.sperl.org>
> Reported-by: Peter Robinson <pbrobinson at gmail.com>
> Fixes: e2474541032d ("bcm2835: Fix hang for writing messages larger than 16 bytes")
> Signed-off-by: Stefan Wahren <stefan.wahren at i2se.com>

Applied to for-next, thanks (will be in 4.11)!

Note for patches 2+3: I usually don't take DTS changes via I2C, so this
likely needs to go via arm-soc or some other bcm tree.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-rpi-kernel/attachments/20170220/c36b460e/attachment.sig>


More information about the linux-rpi-kernel mailing list