[PATCH RFC 1/3] i2c: bcm2835: Avoid possible NULL ptr dereference

Stefan Wahren stefan.wahren at i2se.com
Tue Feb 28 04:42:42 PST 2017

Hi Greg,

Am 22.02.2017 um 08:20 schrieb Greg Kroah-Hartman:
> On Tue, Feb 21, 2017 at 09:14:03PM +0100, Wolfram Sang wrote:
>>>> On Thu, Feb 16, 2017 at 09:20:45PM +0000, Stefan Wahren wrote:
>>>>> Since commit e2474541032d ("bcm2835: Fix hang for writing messages
>>>>> larger than 16 bytes") the interrupt handler is prone to a possible
>>>>> NULL pointer dereference. This could happen if an interrupt fires
>>>>> before curr_msg is set by bcm2835_i2c_xfer_msg() and randomly occurs
>>>>> on the RPi 3. Even this is an unexpected behavior the driver must
>>>>> handle that with an error instead of a crash.
>>>>> CC: Noralf Trønnes <noralf at tronnes.org>
>>>>> CC: Martin Sperl <kernel at martin.sperl.org>
>>>>> Reported-by: Peter Robinson <pbrobinson at gmail.com>
>>>>> Fixes: e2474541032d ("bcm2835: Fix hang for writing messages larger than 16 bytes")
>>>>> Signed-off-by: Stefan Wahren <stefan.wahren at i2se.com>
>>>> Applied to for-next, thanks (will be in 4.11)!
>>> since this patch is too late for 4.10, should i resent with CC to stable in
>>> order to get it into the next 4.10 release?
>> It has the Fixes: tag, that will do.
> But it moves it much lower on my "this needs to get into stable now!"
> priority list.  I'll try to remember this one when it goes by...
> thanks,
> greg k-h

should i resend, since i didn't send you the initial patch?

More information about the linux-rpi-kernel mailing list