Patch "iio: adc: meson-saradc: fix potential crash in meson_sar_adc_clear_fifo" has been added to the 4.11-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 18 Jun 2017 09:23:03 +0800

This is a note to let you know that I've just added the patch titled

    iio: adc: meson-saradc: fix potential crash in meson_sar_adc_clear_fifo

to the 4.11-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     iio-adc-meson-saradc-fix-potential-crash-in-meson_sar_adc_clear_fifo.patch
and it can be found in the queue-4.11 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 103a07d4278203d6299798cd74cdc4d209801cac Mon Sep 17 00:00:00 2001
From: Martin Blumenstingl <martin.blumenstingl@xxxxxxxxxxxxxx>
Date: Sun, 4 Jun 2017 15:28:23 +0200
Subject: iio: adc: meson-saradc: fix potential crash in meson_sar_adc_clear_fifo

From: Martin Blumenstingl <martin.blumenstingl@xxxxxxxxxxxxxx>

commit 103a07d4278203d6299798cd74cdc4d209801cac upstream.

meson_sar_adc_clear_fifo passes a 0 as value-pointer to regmap_read().
In case of the meson-saradc driver this ends up in regmap_mmio_read(),
where the value-pointer is de-referenced unconditionally to assign the
value which was read.
Fix this by passing an actual pointer, even though all we want to do is
to discard the value.

As a side-effect this fixes a sparse warning ("Using plain integer as
NULL pointer") as reported by Paolo Cretaro.

Fixes: 3adbf3427330 ("iio: adc: add a driver for the SAR ADC found in Amlogic Meson SoCs")
Reported-by: Paolo Cretaro <paolocretaro@xxxxxxxxx>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@xxxxxxxxxxxxxx>
Signed-off-by: Jonathan Cameron <jic23@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/iio/adc/meson_saradc.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/iio/adc/meson_saradc.c
+++ b/drivers/iio/adc/meson_saradc.c
@@ -440,13 +440,13 @@ static void meson_sar_adc_unlock(struct
 static void meson_sar_adc_clear_fifo(struct iio_dev *indio_dev)
 {
 	struct meson_sar_adc_priv *priv = iio_priv(indio_dev);
-	int count;
+	unsigned int count, tmp;
 
 	for (count = 0; count < MESON_SAR_ADC_MAX_FIFO_SIZE; count++) {
 		if (!meson_sar_adc_get_fifo_count(indio_dev))
 			break;
 
-		regmap_read(priv->regmap, MESON_SAR_ADC_FIFO_RD, 0);
+		regmap_read(priv->regmap, MESON_SAR_ADC_FIFO_RD, &tmp);
 	}
 }
 


Patches currently in stable-queue which might be from martin.blumenstingl@xxxxxxxxxxxxxx are

queue-4.11/iio-adc-meson-saradc-fix-potential-crash-in-meson_sar_adc_clear_fifo.patch






