OpenCloudOS-Kernel

Author SHA1 Message Date

Author	SHA1	Message	Date
Dan Carpenter	d72cf01f41	drm/mipi-dbi: fix a loop in debugfs code This code will likely crash if we try to do a zero byte write. The code looks like this: /* strip trailing whitespace */ for (i = count - 1; i > 0; i--) if (isspace(buf[i])) ... We're writing zero bytes so count = 0. You would think that "count - 1" would be negative one, but because "i" is unsigned it is a large positive numer instead. The "i > 0" condition is true and the "buf[i]" access will be out of bounds. The fix is to make "i" signed and now everything works as expected. The upper bound of "count" is capped in __kernel_write() at MAX_RW_COUNT so we don't have to worry about it being higher than INT_MAX. Fixes: `02dd95fe31` ("drm/tinydrm: Add MIPI DBI support") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> [noralf: Adjust title] Signed-off-by: Noralf Trønnes <noralf@tronnes.org> Link: https://patchwork.freedesktop.org/patch/msgid/20190821072456.GJ26957@mwanda	2019-08-26 14:50:55 +02:00
Noralf Trønnes	174102f4de	drm/tinydrm: Move mipi-dbi This moves mipi-dbi to be a core helper with the name drm_mipi_dbi. Fixup include's in drivers. Move the docs entry and delete tinydrm.rst. Delete the last tinydrm todo entry. v2: Make DRM_MIPI_DBI tristate to enable it being built as a module. Cc: Eric Anholt <eric@anholt.net> Cc: David Lechner <david@lechnology.com> Reviewed-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Noralf Trønnes <noralf@tronnes.org> Acked-by: David Lechner <david@lechnology.com> Acked-by: Eric Anholt <eric@anholt.net> Link: https://patchwork.freedesktop.org/patch/msgid/20190722104312.16184-9-noralf@tronnes.org	2019-07-25 10:45:07 +02:00

Dan Carpenter

d72cf01f41

drm/mipi-dbi: fix a loop in debugfs code

This code will likely crash if we try to do a zero byte write.  The code
looks like this:

        /* strip trailing whitespace */
        for (i = count - 1; i > 0; i--)
                if (isspace(buf[i]))
			...

We're writing zero bytes so count = 0.  You would think that "count - 1"
would be negative one, but because "i" is unsigned it is a large
positive numer instead.  The "i > 0" condition is true and the "buf[i]"
access will be out of bounds.

The fix is to make "i" signed and now everything works as expected.  The
upper bound of "count" is capped in __kernel_write() at MAX_RW_COUNT so
we don't have to worry about it being higher than INT_MAX.

Fixes: 02dd95fe31 ("drm/tinydrm: Add MIPI DBI support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[noralf: Adjust title]
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20190821072456.GJ26957@mwanda

2019-08-26 14:50:55 +02:00

Noralf Trønnes

174102f4de

drm/tinydrm: Move mipi-dbi

This moves mipi-dbi to be a core helper with the name drm_mipi_dbi.

Fixup include's in drivers.
Move the docs entry and delete tinydrm.rst.
Delete the last tinydrm todo entry.

v2: Make DRM_MIPI_DBI tristate to enable it being built as a module.

Cc: Eric Anholt <eric@anholt.net>
Cc: David Lechner <david@lechnology.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
Acked-by: David Lechner <david@lechnology.com>
Acked-by: Eric Anholt <eric@anholt.net>
Link: https://patchwork.freedesktop.org/patch/msgid/20190722104312.16184-9-noralf@tronnes.org

2019-07-25 10:45:07 +02:00

2 Commits