On Tue, Feb 21, 2017 at 09:14:03PM +0100, Wolfram Sang wrote:
>
> > >On Thu, Feb 16, 2017 at 09:20:45PM +0000, Stefan Wahren wrote:
> > >>Since commit e2474541032d ("bcm2835: Fix hang for writing messages
> > >>larger than 16 bytes") the interrupt handler is prone to a possible
> > >>NULL pointer dereference. This could happen if an interrupt fires
> > >>before curr_msg is set by bcm2835_i2c_xfer_msg() and randomly occurs
> > >>on the RPi 3. Even this is an unexpected behavior the driver must
> > >>handle that with an error instead of a crash.
> > >>
> > >>CC: Noralf Trønnes <noralf@xxxxxxxxxxx>
> > >>CC: Martin Sperl <kernel@xxxxxxxxxxxxxxxx>
> > >>Reported-by: Peter Robinson <pbrobinson@xxxxxxxxx>
> > >>Fixes: e2474541032d ("bcm2835: Fix hang for writing messages larger than 16 bytes")
> > >>Signed-off-by: Stefan Wahren <stefan.wahren@xxxxxxxx>
> > >Applied to for-next, thanks (will be in 4.11)!
> > >
> >
> > since this patch is too late for 4.10, should i resent with CC to stable in
> > order to get it into the next 4.10 release?
>
> It has the Fixes: tag, that will do.
But it moves it much lower on my "this needs to get into stable now!"
priority list. I'll try to remember this one when it goes by...
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
