Hi Greg,
Am 22.02.2017 um 08:20 schrieb Greg Kroah-Hartman:
On Tue, Feb 21, 2017 at 09:14:03PM +0100, Wolfram Sang wrote:
On Thu, Feb 16, 2017 at 09:20:45PM +0000, Stefan Wahren wrote:
Since commit e2474541032d ("bcm2835: Fix hang for writing messages
larger than 16 bytes") the interrupt handler is prone to a possible
NULL pointer dereference. This could happen if an interrupt fires
before curr_msg is set by bcm2835_i2c_xfer_msg() and randomly occurs
on the RPi 3. Even this is an unexpected behavior the driver must
handle that with an error instead of a crash.
CC: Noralf Trønnes <noralf@xxxxxxxxxxx>
CC: Martin Sperl <kernel@xxxxxxxxxxxxxxxx>
Reported-by: Peter Robinson <pbrobinson@xxxxxxxxx>
Fixes: e2474541032d ("bcm2835: Fix hang for writing messages larger than 16 bytes")
Signed-off-by: Stefan Wahren <stefan.wahren@xxxxxxxx>
Applied to for-next, thanks (will be in 4.11)!
since this patch is too late for 4.10, should i resent with CC to stable in
order to get it into the next 4.10 release?
It has the Fixes: tag, that will do.
But it moves it much lower on my "this needs to get into stable now!"
priority list. I'll try to remember this one when it goes by...
thanks,
greg k-h
should i resend, since i didn't send you the initial patch?
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
