diff options
| author | Dan Carpenter <dan.carpenter@oracle.com> | 2015-01-15 06:42:27 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-02-03 18:48:51 -0500 |
| commit | 63e144c9d6ffa791c1402f4ee4551c1b9f5a336a (patch) | |
| tree | 1d21080184560b6814080cb8d5e704a5ab6d4c6b | |
| parent | 663b7ee9517eec6deea9a48c7a1392a9a34f7809 (diff) | |
ti-st: clean up data types (fix harmless memory corruption)
The big issue here is:
of_property_read_u32(np, "flow_cntrl", (u32 *)&dt_pdata->flow_cntrl);
"->flow_cntrl" is a char so when we write a 32 bit number to it then it
corrupts past the end of the char. It's probably hard to notice because
the struct has padding so the code works on little endian systems. But
on a big endian system the code would fail and on a 64 bit, big endian
systems then "nshutdown_gpio" and "baud_rate" would be buggy as well.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/misc/ti-st/st_kim.c | 12 | ||||
| -rw-r--r-- | include/linux/ti_wilink_st.h | 12 |
2 files changed, 12 insertions, 12 deletions
diff --git a/drivers/misc/ti-st/st_kim.c b/drivers/misc/ti-st/st_kim.c index 8fb116f8a152..18e7a03985d4 100644 --- a/drivers/misc/ti-st/st_kim.c +++ b/drivers/misc/ti-st/st_kim.c | |||
| @@ -638,7 +638,7 @@ static ssize_t show_baud_rate(struct device *dev, | |||
| 638 | struct device_attribute *attr, char *buf) | 638 | struct device_attribute *attr, char *buf) |
| 639 | { | 639 | { |
| 640 | struct kim_data_s *kim_data = dev_get_drvdata(dev); | 640 | struct kim_data_s *kim_data = dev_get_drvdata(dev); |
| 641 | return sprintf(buf, "%ld\n", kim_data->baud_rate); | 641 | return sprintf(buf, "%d\n", kim_data->baud_rate); |
| 642 | } | 642 | } |
| 643 | 643 | ||
| 644 | static ssize_t show_flow_cntrl(struct device *dev, | 644 | static ssize_t show_flow_cntrl(struct device *dev, |
| @@ -760,9 +760,9 @@ static struct ti_st_plat_data *get_platform_data(struct device *dev) | |||
| 760 | if (dt_property) | 760 | if (dt_property) |
| 761 | memcpy(&dt_pdata->dev_name, dt_property, len); | 761 | memcpy(&dt_pdata->dev_name, dt_property, len); |
| 762 | of_property_read_u32(np, "nshutdown_gpio", | 762 | of_property_read_u32(np, "nshutdown_gpio", |
| 763 | (u32 *)&dt_pdata->nshutdown_gpio); | 763 | &dt_pdata->nshutdown_gpio); |
| 764 | of_property_read_u32(np, "flow_cntrl", (u32 *)&dt_pdata->flow_cntrl); | 764 | of_property_read_u32(np, "flow_cntrl", &dt_pdata->flow_cntrl); |
| 765 | of_property_read_u32(np, "baud_rate", (u32 *)&dt_pdata->baud_rate); | 765 | of_property_read_u32(np, "baud_rate", &dt_pdata->baud_rate); |
| 766 | 766 | ||
| 767 | return dt_pdata; | 767 | return dt_pdata; |
| 768 | } | 768 | } |
| @@ -812,14 +812,14 @@ static int kim_probe(struct platform_device *pdev) | |||
| 812 | kim_gdata->nshutdown = pdata->nshutdown_gpio; | 812 | kim_gdata->nshutdown = pdata->nshutdown_gpio; |
| 813 | err = gpio_request(kim_gdata->nshutdown, "kim"); | 813 | err = gpio_request(kim_gdata->nshutdown, "kim"); |
| 814 | if (unlikely(err)) { | 814 | if (unlikely(err)) { |
| 815 | pr_err(" gpio %ld request failed ", kim_gdata->nshutdown); | 815 | pr_err(" gpio %d request failed ", kim_gdata->nshutdown); |
| 816 | return err; | 816 | return err; |
| 817 | } | 817 | } |
| 818 | 818 | ||
| 819 | /* Configure nShutdown GPIO as output=0 */ | 819 | /* Configure nShutdown GPIO as output=0 */ |
| 820 | err = gpio_direction_output(kim_gdata->nshutdown, 0); | 820 | err = gpio_direction_output(kim_gdata->nshutdown, 0); |
| 821 | if (unlikely(err)) { | 821 | if (unlikely(err)) { |
| 822 | pr_err(" unable to configure gpio %ld", kim_gdata->nshutdown); | 822 | pr_err(" unable to configure gpio %d", kim_gdata->nshutdown); |
| 823 | return err; | 823 | return err; |
| 824 | } | 824 | } |
| 825 | /* get reference of pdev for request_firmware | 825 | /* get reference of pdev for request_firmware |
diff --git a/include/linux/ti_wilink_st.h b/include/linux/ti_wilink_st.h index 9072d9f95cff..c78dcfeaf25f 100644 --- a/include/linux/ti_wilink_st.h +++ b/include/linux/ti_wilink_st.h | |||
| @@ -262,7 +262,7 @@ struct kim_data_s { | |||
| 262 | struct completion kim_rcvd, ldisc_installed; | 262 | struct completion kim_rcvd, ldisc_installed; |
| 263 | char resp_buffer[30]; | 263 | char resp_buffer[30]; |
| 264 | const struct firmware *fw_entry; | 264 | const struct firmware *fw_entry; |
| 265 | long nshutdown; | 265 | unsigned nshutdown; |
| 266 | unsigned long rx_state; | 266 | unsigned long rx_state; |
| 267 | unsigned long rx_count; | 267 | unsigned long rx_count; |
| 268 | struct sk_buff *rx_skb; | 268 | struct sk_buff *rx_skb; |
| @@ -270,8 +270,8 @@ struct kim_data_s { | |||
| 270 | struct chip_version version; | 270 | struct chip_version version; |
| 271 | unsigned char ldisc_install; | 271 | unsigned char ldisc_install; |
| 272 | unsigned char dev_name[UART_DEV_NAME_LEN + 1]; | 272 | unsigned char dev_name[UART_DEV_NAME_LEN + 1]; |
| 273 | unsigned char flow_cntrl; | 273 | unsigned flow_cntrl; |
| 274 | unsigned long baud_rate; | 274 | unsigned baud_rate; |
| 275 | }; | 275 | }; |
| 276 | 276 | ||
| 277 | /** | 277 | /** |
| @@ -437,10 +437,10 @@ struct gps_event_hdr { | |||
| 437 | * | 437 | * |
| 438 | */ | 438 | */ |
| 439 | struct ti_st_plat_data { | 439 | struct ti_st_plat_data { |
| 440 | long nshutdown_gpio; | 440 | u32 nshutdown_gpio; |
| 441 | unsigned char dev_name[UART_DEV_NAME_LEN]; /* uart name */ | 441 | unsigned char dev_name[UART_DEV_NAME_LEN]; /* uart name */ |
| 442 | unsigned char flow_cntrl; /* flow control flag */ | 442 | u32 flow_cntrl; /* flow control flag */ |
| 443 | unsigned long baud_rate; | 443 | u32 baud_rate; |
| 444 | int (*suspend)(struct platform_device *, pm_message_t); | 444 | int (*suspend)(struct platform_device *, pm_message_t); |
| 445 | int (*resume)(struct platform_device *); | 445 | int (*resume)(struct platform_device *); |
| 446 | int (*chip_enable) (struct kim_data_s *); | 446 | int (*chip_enable) (struct kim_data_s *); |