[v8,28/28] i2c: fix wild dereference

Message ID	20191128062442.20690-29-npiggin@gmail.com
State	Superseded
Headers	show Return-Path: <skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Nicholas Piggin <npiggin@gmail.com> To: skiboot@lists.ozlabs.org Date: Thu, 28 Nov 2019 16:24:42 +1000 Message-Id: <20191128062442.20690-29-npiggin@gmail.com> In-Reply-To: <20191128062442.20690-1-npiggin@gmail.com> References: <20191128062442.20690-1-npiggin@gmail.com> MIME-Version: 1.0 Subject: [Skiboot] [PATCH v8 28/28] i2c: fix wild dereference Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" <skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	little endian skiboot \| expand [v8,00/28] little endian skiboot [v8,01/28] asm/cvc_entry.S: r2 save fix [v8,02/28] capp: fix endian conversion [v8,03/28] cpu: use dt accessor device tree access [v8,04/28] opal-api: add endian conversions to most opal calls [v8,05/28] elf: endian conversions [v8,06/28] spira: fix endian conversions in spira data structures [v8,07/28] hdata: endian conversions [v8,08/28] naca: move naca definition from asm to C [v8,09/28] io: endian conversions for io accessors [v8,10/28] hmi: endian conversions [v8,11/28] cvc: allow BE cvc code to be called from LE context [v8,12/28] xive: make endian-clean [v8,13/28] phb4: make endian-clean [v8,14/28] occ sensors: make endian-clean [v8,15/28] memconsole: make endian-clean [v8,16/28] debug descriptor: make endian-clean [v8,17/28] ipmi: endian conversion [v8,18/28] sbe-p9: endian conversion [v8,19/28] fsp: endian conversions [v8,20/28] libflash: ecc endian conversions [v8,21/28] prd: endian conversions [v8,22/28] opal-dump: MPIPL endan conversions [v8,23/28] sfc-ctrl: endian conversions [v8,24/28] add little endian support [v8,25/28] dt: assorted cleanups [v8,26/28] add more sparse endian annotations [v8,27/28] fix simple sparse warnings [v8,28/28] i2c: fix wild dereference

Message ID

20191128062442.20690-29-npiggin@gmail.com

State

Superseded

Headers

From: Nicholas Piggin <npiggin@gmail.com>
To: skiboot@lists.ozlabs.org
Date: Thu, 28 Nov 2019 16:24:42 +1000
Message-Id: <20191128062442.20690-29-npiggin@gmail.com>
In-Reply-To: <20191128062442.20690-1-npiggin@gmail.com>
References: <20191128062442.20690-1-npiggin@gmail.com>
MIME-Version: 1.0
Subject: [Skiboot] [PATCH v8 28/28] i2c: fix wild dereference
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Skiboot"
	<skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

little endian skiboot | expand

Checks

Context	Check	Description
snowpatch_ozlabs/apply_patch	warning	Failed to apply on branch master (d75e82dbfbb9443efeb3f9a5921ac23605aab469)
snowpatch_ozlabs/apply_patch	fail	Failed to apply to any branch

Context

Check

Description

snowpatch_ozlabs/apply_patch

warning

Failed to apply on branch master (d75e82dbfbb9443efeb3f9a5921ac23605aab469)

snowpatch_ozlabs/apply_patch

fail

Failed to apply to any branch

Commit Message

Nicholas Piggin Nov. 28, 2019, 6:24 a.m. UTC

The contents of the buffer is not initialized in the case of a read,
and not even necessarily at least 8 bytes long. It seems like the
address is what's wanted.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
 core/i2c.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Oliver O'Halloran Nov. 28, 2019, 7:10 a.m. UTC | #1

On Thu, Nov 28, 2019 at 5:35 PM Nicholas Piggin <npiggin@gmail.com> wrote:
>
> The contents of the buffer is not initialized in the case of a read,
> and not even necessarily at least 8 bytes long. It seems like the
> address is what's wanted.

Nah, it's the data that is interesting. Most I2C transactions are only
a few bytes and op->rw_len indicates how much of that 8 bytes is
actually valid. It's a bit of a dumb hack, but it is an occasionally
useful one.


> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
> ---
>  core/i2c.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/core/i2c.c b/core/i2c.c
> index 6bae83b42..89231e5f9 100644
> --- a/core/i2c.c
> +++ b/core/i2c.c
> @@ -173,10 +173,10 @@ int64_t i2c_request_sync(struct i2c_request *req)
>                 req->req_state = i2c_req_new;
>         }
>
> -       prlog(PR_DEBUG, "I2C: %s req op=%x offset=%x buf=%016llx buflen=%d "
> +       prlog(PR_DEBUG, "I2C: %s req op=%x offset=%x buf=%p buflen=%d "
>               "delay=%lu/%lld rc=%lld\n",
>               (rc) ? "!!!!" : "----", req->op, req->offset,
> -             *(uint64_t*) req->rw_buf, req->rw_len, tb_to_msecs(waited), req->timeout, rc);
> +             req->rw_buf, req->rw_len, tb_to_msecs(waited), req->timeout, rc);
>
>         return rc;
>  }
> --
> 2.23.0
>
> _______________________________________________
> Skiboot mailing list
> Skiboot@lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/skiboot

diff --git a/core/i2c.c b/core/i2c.c
index 6bae83b42..89231e5f9 100644
--- a/core/i2c.c
+++ b/core/i2c.c
@@ -173,10 +173,10 @@  int64_t i2c_request_sync(struct i2c_request *req)
 		req->req_state = i2c_req_new;
 	}
 
-	prlog(PR_DEBUG, "I2C: %s req op=%x offset=%x buf=%016llx buflen=%d "
+	prlog(PR_DEBUG, "I2C: %s req op=%x offset=%x buf=%p buflen=%d "
 	      "delay=%lu/%lld rc=%lld\n",
 	      (rc) ? "!!!!" : "----", req->op, req->offset,
-	      *(uint64_t*) req->rw_buf, req->rw_len, tb_to_msecs(waited), req->timeout, rc);
+	      req->rw_buf, req->rw_len, tb_to_msecs(waited), req->timeout, rc);
 
 	return rc;
 }

[v8,28/28] i2c: fix wild dereference

Checks

Commit Message

Comments

Patch