On Tue, Dec 10, 2013 at 03:35:18PM -0800, Stephen Boyd wrote:
> + while (val_size) {
> + ret = ssbi_read(context, *(u16 *)reg, val, 1);
> + if (ret)
> + return ret;
> + reg += sizeof(u16);
> + val += sizeof(u8);
> + val_size -= sizeof(u8);
I'd expect this to generate out of bounds accesses and bad interactions
on the bus if we go through the loop more than once since it appears to
incrementing the address of reg for every register. I'm also having a
hard time understanding why this is doing a read per byte, ssbi_read()
seems to map fairly directly onto the interface of the operation so
there doesn't seem to be any reason for this loop to exist in the first
place.
Has this been tested?
It'd be helpful to CC the entire series, or at least the patches this
builds on...
Attachment:
signature.asc
Description: Digital signature
