linux-hardened/drivers/iio
Peter Meerwald d66e0452bf iio: Fix crash when scan_bytes is computed with active_scan_mask == NULL
if device has available_scan_masks set and the buffer is enabled without
any scan_elements enabled, in a NULL pointer is dereferenced in iio_compute_scan_bytes()

[   18.993713] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   19.002593] pgd = debd4000
[   19.005432] [00000000] *pgd=9ebc0831, *pte=00000000, *ppte=00000000
[   19.012329] Internal error: Oops: 17 [#1] PREEMPT ARM
[   19.017639] Modules linked in:
[   19.020843] CPU: 0    Not tainted  (3.9.11-00036-g75c888a-dirty #207)
[   19.027587] PC is at _find_first_bit_le+0xc/0x2c
[   19.032440] LR is at iio_compute_scan_bytes+0x2c/0xf4
[   19.037719] pc : [<c021dc60>]    lr : [<c03198d0>]    psr: 200d0013
[   19.037719] sp : debd9ed0  ip : 00000000  fp : 000802bc
[   19.049713] r10: 00000000  r9 : 00000000  r8 : deb67250
[   19.055206] r7 : 00000000  r6 : 00000000  r5 : 00000000  r4 : deb67000
[   19.062011] r3 : de96ec00  r2 : 00000000  r1 : 00000004  r0 : 00000000
[   19.068847] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[   19.076324] Control: 10c5387d  Table: 9ebd4019  DAC: 00000015

problem is the rollback code in iio_update_buffers(), old_mask may be NULL (e.g. on first
call)

I'm not too confident about the fix; works for me...

Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net>
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2013-09-21 12:30:58 +01:00
..
accel iio: Fix bma180 dev-to-indio_dev conversion in suspend/resume 2013-09-21 12:04:34 +01:00
adc iio: at91: fix adc_clk overflow 2013-09-18 19:43:20 +01:00
amplifiers iio: amplifiers: ad8366: Use devm_* APIs 2013-08-03 21:00:15 +01:00
common iio: Add a comment to about alphabetical order to Kconfigs and Makefiles 2013-08-03 18:40:36 +01:00
dac iio: Fix mcp4725 dev-to-indio_dev conversion in suspend/resume 2013-09-21 12:04:48 +01:00
frequency iio: frequency: ad9523: Use devm_* APIs 2013-08-03 21:01:27 +01:00
gyro iio: Remove unnecessary _write_raw_get_fmt() in several hid-sensor drivers 2013-08-19 20:01:25 +01:00
imu iio: imu: inv_mpu6050: Use devm_iio_device_alloc 2013-08-03 18:55:24 +01:00
light staging tree merge for 3.12-rc1 2013-09-03 11:37:57 -07:00
magnetometer iio: Remove unnecessary _write_raw_get_fmt() in several hid-sensor drivers 2013-08-19 20:01:25 +01:00
pressure iio: pressure: st_pressure: Use devm_iio_device_alloc 2013-08-03 21:02:38 +01:00
temperature iio: Fix tmp006 dev-to-indio_dev conversion in suspend/resume 2013-09-21 12:03:02 +01:00
trigger iio: Add a comment to about alphabetical order to Kconfigs and Makefiles 2013-08-03 18:40:36 +01:00
buffer_cb.c iio:callback buffer: free the scan_mask 2013-06-04 18:19:30 +01:00
iio_core.h iio: Add OF support 2013-03-16 10:17:59 +00:00
iio_core_trigger.h iio: fix semicolon in io_core_trigger.h 2013-08-03 18:40:32 +01:00
industrialio-buffer.c iio: Fix crash when scan_bytes is computed with active_scan_mask == NULL 2013-09-21 12:30:58 +01:00
industrialio-core.c iio: core: Avoid double minus in sysfs output 2013-08-03 18:41:19 +01:00
industrialio-event.c iio: iio_device_add_event_sysfs() bugfix 2013-09-18 19:50:10 +01:00
industrialio-trigger.c iio: trigger: implement devm_iio_trigger_alloc/devm_iio_triger_free 2013-08-17 19:34:52 +01:00
industrialio-triggered-buffer.c iio: Add helper function for initializing triggered buffers 2012-06-18 17:26:09 -07:00
inkern.c iio: inkern: fix iio_convert_raw_to_processed_unlocked 2013-07-03 20:30:52 +01:00
Kconfig Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
kfifo_buf.c staging:iio: Remove noop call to __iio_update_buffer 2013-01-31 17:56:44 +00:00
Makefile iio: Restore alphabetic order in Makefile 2013-08-17 15:50:54 +01:00