From patchwork Mon Dec 8 21:34:33 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Olof Johansson X-Patchwork-Id: 418877 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 163D11400D5 for ; Tue, 9 Dec 2014 08:32:37 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752330AbaLHVcZ (ORCPT ); Mon, 8 Dec 2014 16:32:25 -0500 Received: from mail-pa0-f41.google.com ([209.85.220.41]:53317 "EHLO mail-pa0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751794AbaLHVcY (ORCPT ); Mon, 8 Dec 2014 16:32:24 -0500 Received: by mail-pa0-f41.google.com with SMTP id rd3so5975044pab.14 for ; Mon, 08 Dec 2014 13:32:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=G9lSANmAJn4EnYtwoCwOu0Vz6deFC1JLVdpGuitLat0=; b=W0C+FF4i1oU3sGylz/AMgSDHFlgtyLSNMotUenK5wTMDkb+vkH8KczpHsDxvQK60E7 d42qs/LjrrpNSyfHClIvD1jj3q319kJ8OcavXk/OJ52gH57a6kDG+thHs+1Vm5rqOW0p A920eLJiC4RBZ8EA0hmMYnG5GuznD9z0UeXbLEfndrl387cEYuhIw0pc+KGLYYASUv2a kebq4MdHGo43BIbmafjKVr7/UFuOmwgpG4OQ+DKTowMteqpvWWuKAkyj+ZgNa/c0gBCL KmdWs6l7yF/ikAaYwUnwkJuh9/NIA0wAVK+tWl4e5sRbqj51IM19rAUTkBSY5LH89hFo dR6Q== X-Gm-Message-State: ALoCoQk40PJmN957GuC4VGd4bSZi7MCPEL0mCKKxqgQAqnGKUZfjP58j67iv2E6ZkqR1DS+UtXbR X-Received: by 10.70.31.35 with SMTP id x3mr24542054pdh.34.1418074344117; Mon, 08 Dec 2014 13:32:24 -0800 (PST) Received: from brutus.lixom.net (173-13-129-225-sfba.hfc.comcastbusiness.net. [173.13.129.225]) by mx.google.com with ESMTPSA id fe5sm26621707pdb.77.2014.12.08.13.32.22 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Dec 2014 13:32:23 -0800 (PST) From: Olof Johansson To: linus.walleij@linaro.org, gnurou@gmail.com Cc: rjui@broadcom.com, linux-gpio@vger.kernel.org, linux-kernel@vger.kernel.org, bcm-kernel-feedback-list@broadcom.com, Olof Johansson Subject: [PATCH] gpio: bcm-kona: memory corruption fix Date: Mon, 8 Dec 2014 13:34:33 -0800 Message-Id: <1418074473-10811-1-git-send-email-olof@lixom.net> X-Mailer: git-send-email 1.7.10.4 Sender: linux-gpio-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-gpio@vger.kernel.org In one instance the base address of the internal controller state structure is passed into a function doing writel to an offset of the pointer passed in is used, instead of the register base. Once I found the bug, I also went back to check for other sparse warnings in the file, but found none. This one, however, triggered: drivers/gpio/gpio-bcm-kona.c:552:47: warning: incorrect type in argument 1 (different address spaces) drivers/gpio/gpio-bcm-kona.c:552:47: expected void [noderef] *reg_base drivers/gpio/gpio-bcm-kona.c:552:47: got struct bcm_kona_gpio *kona_gpio drivers/gpio/gpio-bcm-kona.c:556:47: warning: incorrect type in argument 1 (different address spaces) drivers/gpio/gpio-bcm-kona.c:556:47: expected void [noderef] *reg_base drivers/gpio/gpio-bcm-kona.c:556:47: got struct bcm_kona_gpio *kona_gpio As far as I can tell, this bug has been here for a long time and is not new, but I found it when hunting down another heisenbug on this platform. Not marking for stable since I am unaware of any upstream user of kona on a product that would benefit from it. Signed-off-by: Olof Johansson Acked-by: Ray Jui Reviewed-by: Alexandre Courbot --- drivers/gpio/gpio-bcm-kona.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpio/gpio-bcm-kona.c b/drivers/gpio/gpio-bcm-kona.c index de0801e..d552cca 100644 --- a/drivers/gpio/gpio-bcm-kona.c +++ b/drivers/gpio/gpio-bcm-kona.c @@ -549,11 +549,11 @@ static void bcm_kona_gpio_reset(struct bcm_kona_gpio *kona_gpio) /* disable interrupts and clear status */ for (i = 0; i < kona_gpio->num_bank; i++) { /* Unlock the entire bank first */ - bcm_kona_gpio_write_lock_regs(kona_gpio, i, UNLOCK_CODE); + bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, i, UNLOCK_CODE); writel(0xffffffff, reg_base + GPIO_INT_MASK(i)); writel(0xffffffff, reg_base + GPIO_INT_STATUS(i)); /* Now re-lock the bank */ - bcm_kona_gpio_write_lock_regs(kona_gpio, i, LOCK_CODE); + bcm_kona_gpio_write_lock_regs(kona_gpio->reg_base, i, LOCK_CODE); } }