From: Russ Dill <Russ.Dill@xxxxxx>
In the case that the FIFO threshold handler gets called when the
FIFO has not actually reached the threshold, the driver will pass
uninitialized memory to the IIO subsystem.
In the past, this would occur due to bugs in the driver, those bugs
have been fixed. However, it is still a good idea to close this just
in case additional bugs in hardware or software exist.
Signed-off-by: Russ Dill <Russ.Dill@xxxxxx>
Signed-off-by: Zubair Lutfullah <zubair.lutfullah@xxxxxxxxx>
---
drivers/iio/adc/ti_am335x_adc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/iio/adc/ti_am335x_adc.c b/drivers/iio/adc/ti_am335x_adc.c
index 6957011..1b0af2a 100644
--- a/drivers/iio/adc/ti_am335x_adc.c
+++ b/drivers/iio/adc/ti_am335x_adc.c
@@ -203,6 +203,13 @@ static void tiadc_poll_handler(struct work_struct *work_s)
u32 *inputbuffer;
fifo1count = tiadc_readl(adc_dev, REG_FIFO1CNT);
+ if (fifo1count * sizeof(u32) <
+ buffer->access->get_bytes_per_datum(buffer)) {
+ dev_err(adc_dev->mfd_tscadc->dev, "%s: Short FIFO event\n",
+ __func__);
+ goto out;
+ }
+
inputbuffer = kmalloc((fifo1count + 1) * sizeof(u32), GFP_KERNEL);
if (inputbuffer == NULL)
return;
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-iio" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
