| Message ID | 1625062303-15327-4-git-send-email-alain.volmat@foss.st.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | i2c: stm32f7: several fixes in error cases | expand |
On Wed, Jun 30, 2021 at 04:11:43PM +0200, Alain Volmat wrote: > Slave interrupt handler should only be called if there is actually > a slave registered and running to avoid accessing an invalid pointer. > > Without this commit, an OOPS can be generated due to a NULL ptr dereference > while receiving an IT when there is no master transfer and no slave > running: > - stm32f7_i2c_isr_event > - no master_mode hence calling stm32f7_i2c_slave_isr_event > - access to i2c_dev->slave_running leading to oops due to > slave_running being NULL. > > Fixes: 60d609f30de2 ("i2c: i2c-stm32f7: Add slave support") > > Signed-off-by: Alain Volmat <alain.volmat@foss.st.com> Is this one still of interest? You resent patches 1 and 2 but not this one?
Hi Wolfram, On Mon, Nov 29, 2021 at 01:21:05PM +0100, Wolfram Sang wrote: > On Wed, Jun 30, 2021 at 04:11:43PM +0200, Alain Volmat wrote: > > Slave interrupt handler should only be called if there is actually > > a slave registered and running to avoid accessing an invalid pointer. > > > > Without this commit, an OOPS can be generated due to a NULL ptr dereference > > while receiving an IT when there is no master transfer and no slave > > running: > > - stm32f7_i2c_isr_event > > - no master_mode hence calling stm32f7_i2c_slave_isr_event > > - access to i2c_dev->slave_running leading to oops due to > > slave_running being NULL. > > > > Fixes: 60d609f30de2 ("i2c: i2c-stm32f7: Add slave support") > > > > Signed-off-by: Alain Volmat <alain.volmat@foss.st.com> > > Is this one still of interest? You resent patches 1 and 2 but not this > one? No you can ignore it. Thanks.
diff --git a/drivers/i2c/busses/i2c-stm32f7.c b/drivers/i2c/busses/i2c-stm32f7.c index 0d99c075deb2..2cc9bb0f6d7f 100644 --- a/drivers/i2c/busses/i2c-stm32f7.c +++ b/drivers/i2c/busses/i2c-stm32f7.c @@ -1497,10 +1497,14 @@ static irqreturn_t stm32f7_i2c_isr_event(int irq, void *data) u32 status, mask; int ret = IRQ_HANDLED; - /* Check if the interrupt if for a slave device */ + /* Check if the interrupt is for a slave device */ if (!i2c_dev->master_mode) { - ret = stm32f7_i2c_slave_isr_event(i2c_dev); - return ret; + if (i2c_dev->slave_running) + return stm32f7_i2c_slave_isr_event(i2c_dev); + + dev_warn_ratelimited(i2c_dev->dev, + "Unexpected IT received: ISR:0x%x\n", + readl_relaxed(i2c_dev->base + STM32F7_I2C_ISR)); } status = readl_relaxed(i2c_dev->base + STM32F7_I2C_ISR);
Slave interrupt handler should only be called if there is actually a slave registered and running to avoid accessing an invalid pointer. Without this commit, an OOPS can be generated due to a NULL ptr dereference while receiving an IT when there is no master transfer and no slave running: - stm32f7_i2c_isr_event - no master_mode hence calling stm32f7_i2c_slave_isr_event - access to i2c_dev->slave_running leading to oops due to slave_running being NULL. Fixes: 60d609f30de2 ("i2c: i2c-stm32f7: Add slave support") Signed-off-by: Alain Volmat <alain.volmat@foss.st.com> --- drivers/i2c/busses/i2c-stm32f7.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)