[PATCH RFC 1/3] i2c: bcm2835: Avoid possible NULL ptr dereference
Greg Kroah-Hartman
gregkh at linuxfoundation.org
Tue Feb 28 04:47:14 PST 2017
On Tue, Feb 28, 2017 at 01:42:42PM +0100, Stefan Wahren wrote:
> Hi Greg,
>
> Am 22.02.2017 um 08:20 schrieb Greg Kroah-Hartman:
> > On Tue, Feb 21, 2017 at 09:14:03PM +0100, Wolfram Sang wrote:
> > > > > On Thu, Feb 16, 2017 at 09:20:45PM +0000, Stefan Wahren wrote:
> > > > > > Since commit e2474541032d ("bcm2835: Fix hang for writing messages
> > > > > > larger than 16 bytes") the interrupt handler is prone to a possible
> > > > > > NULL pointer dereference. This could happen if an interrupt fires
> > > > > > before curr_msg is set by bcm2835_i2c_xfer_msg() and randomly occurs
> > > > > > on the RPi 3. Even this is an unexpected behavior the driver must
> > > > > > handle that with an error instead of a crash.
> > > > > >
> > > > > > CC: Noralf Trønnes <noralf at tronnes.org>
> > > > > > CC: Martin Sperl <kernel at martin.sperl.org>
> > > > > > Reported-by: Peter Robinson <pbrobinson at gmail.com>
> > > > > > Fixes: e2474541032d ("bcm2835: Fix hang for writing messages larger than 16 bytes")
> > > > > > Signed-off-by: Stefan Wahren <stefan.wahren at i2se.com>
> > > > > Applied to for-next, thanks (will be in 4.11)!
> > > > >
> > > > since this patch is too late for 4.10, should i resent with CC to stable in
> > > > order to get it into the next 4.10 release?
> > > It has the Fixes: tag, that will do.
> > But it moves it much lower on my "this needs to get into stable now!"
> > priority list. I'll try to remember this one when it goes by...
> >
> > thanks,
> >
> > greg k-h
>
> should i resend, since i didn't send you the initial patch?
Sure!
More information about the linux-rpi-kernel
mailing list