diff mbox series

[3/3] i2c: stm32f7: prevent calling slave handling if no slave running

Message ID 1625062303-15327-4-git-send-email-alain.volmat@foss.st.com (mailing list archive)
State New, archived
Headers show
Series i2c: stm32f7: several fixes in error cases | expand

Commit Message

Alain Volmat June 30, 2021, 2:11 p.m. UTC
Slave interrupt handler should only be called if there is actually
a slave registered and running to avoid accessing an invalid pointer.

Without this commit, an OOPS can be generated due to a NULL ptr dereference
while receiving an IT when there is no master transfer and no slave
running:
  - stm32f7_i2c_isr_event
  - no master_mode hence calling stm32f7_i2c_slave_isr_event
  - access to i2c_dev->slave_running leading to oops due to
slave_running being NULL.

Fixes: 60d609f30de2 ("i2c: i2c-stm32f7: Add slave support")

Signed-off-by: Alain Volmat <alain.volmat@foss.st.com>
---
 drivers/i2c/busses/i2c-stm32f7.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Comments

Wolfram Sang Nov. 29, 2021, 12:21 p.m. UTC | #1
On Wed, Jun 30, 2021 at 04:11:43PM +0200, Alain Volmat wrote:
> Slave interrupt handler should only be called if there is actually
> a slave registered and running to avoid accessing an invalid pointer.
> 
> Without this commit, an OOPS can be generated due to a NULL ptr dereference
> while receiving an IT when there is no master transfer and no slave
> running:
>   - stm32f7_i2c_isr_event
>   - no master_mode hence calling stm32f7_i2c_slave_isr_event
>   - access to i2c_dev->slave_running leading to oops due to
> slave_running being NULL.
> 
> Fixes: 60d609f30de2 ("i2c: i2c-stm32f7: Add slave support")
> 
> Signed-off-by: Alain Volmat <alain.volmat@foss.st.com>

Is this one still of interest? You resent patches 1 and 2 but not this
one?
Alain Volmat Nov. 29, 2021, 12:25 p.m. UTC | #2
Hi Wolfram,

On Mon, Nov 29, 2021 at 01:21:05PM +0100, Wolfram Sang wrote:
> On Wed, Jun 30, 2021 at 04:11:43PM +0200, Alain Volmat wrote:
> > Slave interrupt handler should only be called if there is actually
> > a slave registered and running to avoid accessing an invalid pointer.
> > 
> > Without this commit, an OOPS can be generated due to a NULL ptr dereference
> > while receiving an IT when there is no master transfer and no slave
> > running:
> >   - stm32f7_i2c_isr_event
> >   - no master_mode hence calling stm32f7_i2c_slave_isr_event
> >   - access to i2c_dev->slave_running leading to oops due to
> > slave_running being NULL.
> > 
> > Fixes: 60d609f30de2 ("i2c: i2c-stm32f7: Add slave support")
> > 
> > Signed-off-by: Alain Volmat <alain.volmat@foss.st.com>
> 
> Is this one still of interest? You resent patches 1 and 2 but not this
> one?

No you can ignore it. Thanks.
diff mbox series

Patch

diff --git a/drivers/i2c/busses/i2c-stm32f7.c b/drivers/i2c/busses/i2c-stm32f7.c
index 0d99c075deb2..2cc9bb0f6d7f 100644
--- a/drivers/i2c/busses/i2c-stm32f7.c
+++ b/drivers/i2c/busses/i2c-stm32f7.c
@@ -1497,10 +1497,14 @@  static irqreturn_t stm32f7_i2c_isr_event(int irq, void *data)
 	u32 status, mask;
 	int ret = IRQ_HANDLED;
 
-	/* Check if the interrupt if for a slave device */
+	/* Check if the interrupt is for a slave device */
 	if (!i2c_dev->master_mode) {
-		ret = stm32f7_i2c_slave_isr_event(i2c_dev);
-		return ret;
+		if (i2c_dev->slave_running)
+			return stm32f7_i2c_slave_isr_event(i2c_dev);
+
+		dev_warn_ratelimited(i2c_dev->dev,
+				"Unexpected IT received: ISR:0x%x\n",
+				readl_relaxed(i2c_dev->base + STM32F7_I2C_ISR));
 	}
 
 	status = readl_relaxed(i2c_dev->base + STM32F7_I2C_ISR);