[PATCH RFC 1/3] i2c: bcm2835: Avoid possible NULL ptr dereference
Greg Kroah-Hartman
gregkh at linuxfoundation.org
Tue Feb 21 23:20:58 PST 2017
On Tue, Feb 21, 2017 at 09:14:03PM +0100, Wolfram Sang wrote:
>
> > >On Thu, Feb 16, 2017 at 09:20:45PM +0000, Stefan Wahren wrote:
> > >>Since commit e2474541032d ("bcm2835: Fix hang for writing messages
> > >>larger than 16 bytes") the interrupt handler is prone to a possible
> > >>NULL pointer dereference. This could happen if an interrupt fires
> > >>before curr_msg is set by bcm2835_i2c_xfer_msg() and randomly occurs
> > >>on the RPi 3. Even this is an unexpected behavior the driver must
> > >>handle that with an error instead of a crash.
> > >>
> > >>CC: Noralf Trønnes <noralf at tronnes.org>
> > >>CC: Martin Sperl <kernel at martin.sperl.org>
> > >>Reported-by: Peter Robinson <pbrobinson at gmail.com>
> > >>Fixes: e2474541032d ("bcm2835: Fix hang for writing messages larger than 16 bytes")
> > >>Signed-off-by: Stefan Wahren <stefan.wahren at i2se.com>
> > >Applied to for-next, thanks (will be in 4.11)!
> > >
> >
> > since this patch is too late for 4.10, should i resent with CC to stable in
> > order to get it into the next 4.10 release?
>
> It has the Fixes: tag, that will do.
But it moves it much lower on my "this needs to get into stable now!"
priority list. I'll try to remember this one when it goes by...
thanks,
greg k-h
More information about the linux-rpi-kernel
mailing list