OpenCloudOS-Kernel/drivers/spi
Zhou Qingyang ab3824427b
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(),
which could lead to a NULL pointer dereference on failure of
kzalloc().

Fix this bug by adding a check of tmpbuf.

This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.

Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.

Builds with CONFIG_SPI_ZYNQ_QSPI=m show no new warnings,
and our static analyzer no longer warns about this code.

Fixes: 67dca5e580 ("spi: spi-mem: Add support for Zynq QSPI controller")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Link: https://lore.kernel.org/r/20211130172253.203700-1-zhou1615@umn.edu
Signed-off-by: Mark Brown <broonie@kernel.org>
2022-02-08 13:37:50 +00:00
..
Kconfig spi: xlp: Remove Netlogic XLP variants 2021-11-15 13:27:17 +00:00
Makefile spi: cadence: add support for Cadence XSPI controller 2021-09-27 13:02:33 +01:00
atmel-quadspi.c spi: Fixed division by zero warning 2021-09-20 13:38:18 +01:00
internals.h
spi-altera-core.c spi: altera: separate core code from platform code 2021-04-20 17:26:40 +01:00
spi-altera-dfl.c spi: altera: Change to dynamic allocation of spi id 2021-10-20 01:53:15 +01:00
spi-altera-platform.c spi: altera: Change to dynamic allocation of spi id 2021-10-20 01:53:15 +01:00
spi-amd.c spi: amd: Don't wait for a write-only transfer to finish 2021-09-13 02:00:32 +01:00
spi-ar934x.c spi: ar934x: fix transfer size 2022-01-04 14:59:40 +00:00
spi-armada-3700.c spi: change clk_disable_unprepare to clk_unprepare 2022-01-26 12:58:14 +00:00
spi-at91-usart.c spi: at91-usart: replacing legacy gpio interface for gpiod 2021-10-20 00:23:21 +01:00
spi-ath79.c spi: ath79: set number of chipselect lines 2021-05-24 09:51:38 +01:00
spi-atmel.c spi: atmel: Fix typo 2022-01-07 13:36:37 +00:00
spi-au1550.c spi: spi-au1550: Fix various whitespace warnings 2021-01-22 16:26:21 +00:00
spi-axi-spi-engine.c spi: spi-axi-spi-engine: remove usage of delay_usecs 2021-03-12 14:30:42 +00:00
spi-bcm-qspi.c spi: bcm-qspi: check for valid cs before applying chip select 2022-01-28 13:05:20 +00:00
spi-bcm-qspi.h
spi-bcm63xx-hsspi.c spi: bcm63xx-hsspi: fix pm_runtime 2021-03-10 12:25:12 +00:00
spi-bcm63xx.c spi: bcm63xx-spi: don't check 'delay_usecs' field 2021-03-12 14:30:43 +00:00
spi-bcm2835.c spi: spi-bcm2835: Fix deadlock 2021-07-20 13:34:05 +01:00
spi-bcm2835aux.c spi: bcm2835aux: use 'unsigned int' instead of 'unsigned' 2021-08-03 18:27:25 +01:00
spi-bitbang-txrx.h
spi-bitbang.c spi: Cleanup on failure of initial setup 2021-06-01 14:03:12 +01:00
spi-brcmstb-qspi.c
spi-butterfly.c spi: butterfly: Switch to use module_parport_driver() 2021-03-10 12:46:05 +00:00
spi-cadence-quadspi.c spi: cadence-quadspi: fix write completion support 2021-11-12 18:17:59 +00:00
spi-cadence-xspi.c spi: cadence: Add of_node_put() before return 2021-10-15 16:11:00 +01:00
spi-cadence.c spi: cadence: Correct initialisation of runtime PM again 2021-07-19 12:58:44 +01:00
spi-cavium-octeon.c
spi-cavium-thunderx.c spi: spi-cavium-thunderx: flag controller as half duplex 2020-06-16 00:38:39 +01:00
spi-cavium.c spi: use new `spi_transfer_delay_exec` helper where straightforward 2019-10-15 11:51:57 +01:00
spi-cavium.h
spi-clps711x.c spi: clps711xx: remove redundant white-space 2021-02-04 18:45:59 +00:00
spi-coldfire-qspi.c spi: coldfire-qspi: Use clk_disable_unprepare in the remove function 2021-08-19 18:20:10 +01:00
spi-davinci.c spi: davinci: invoke chipselect callback 2021-08-24 20:53:24 +01:00
spi-dln2.c spi: dln2: Propagate firmware node 2021-12-23 13:38:38 +00:00
spi-dw-bt1.c spi: dw: Put the driver entities naming in order 2021-11-16 14:30:05 +00:00
spi-dw-core.c spi: dw: Propagate firmware node 2021-12-23 13:38:39 +00:00
spi-dw-dma.c spi: dw: Put the driver entities naming in order 2021-11-16 14:30:05 +00:00
spi-dw-mmio.c spi: dw: Replace DWC_HSSI capability with IP-core version checker 2021-11-16 14:30:09 +00:00
spi-dw-pci.c spi: dw: Put the driver entities naming in order 2021-11-16 14:30:05 +00:00
spi-dw.h spi: dw: Define the capabilities in a continuous bit-flags set 2021-11-16 14:30:10 +00:00
spi-ep93xx.c spi: spi-ep93xx: Prepare clock before using it 2021-08-03 18:27:24 +01:00
spi-falcon.c spi: spi-falcon: remove check for 'delay_usecs' 2021-03-12 14:30:48 +00:00
spi-fsi.c spi: fsi: Fix contention in the FSI2SPI engine 2021-10-27 11:31:27 +01:00
spi-fsl-cpm.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
spi-fsl-cpm.h
spi-fsl-dspi.c spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config 2021-08-10 13:22:19 +01:00
spi-fsl-espi.c spi: fsl-espi: remove usage of 'delay_usecs' field 2021-03-12 14:30:49 +00:00
spi-fsl-lib.c
spi-fsl-lib.h
spi-fsl-lpspi.c spi: lpspi: release requested DMA channels 2021-11-15 13:27:16 +00:00
spi-fsl-qspi.c spi: Fix SPI NOR and SPI NAND acronyms 2020-07-17 00:55:25 +01:00
spi-fsl-spi.c spi: Cleanup on failure of initial setup 2021-06-01 14:03:12 +01:00
spi-fsl-spi.h
spi-geni-qcom.c spi: qcom: geni: handle timeout for gpi mode 2022-01-06 16:16:44 +00:00
spi-gpio.c spi: gpio: Don't leak SPI master in probe error path 2020-12-07 14:18:54 +00:00
spi-hisi-kunpeng.c spi: hisi-kunpeng: Fix the debugfs directory name incorrect 2021-11-17 13:04:54 +00:00
spi-hisi-sfc-v3xx.c spi: hisi-sfc-v3xx: drop unnecessary ACPI_PTR and related ifendif protection 2021-04-12 17:07:38 +01:00
spi-img-spfi.c spi: img-spfi: fix reference leak in img_spfi_resume 2020-11-02 15:53:25 +00:00
spi-imx.c ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
spi-ingenic.c SPI: add Ingenic JZ47xx driver. 2021-09-13 02:00:26 +01:00
spi-iproc-qspi.c
spi-jcore.c spi: jcore: Fix trailing statements should be on next line 2021-03-24 19:51:09 +00:00
spi-lantiq-ssc.c spi: lantiq: remove redundant irqsave and irqrestore in hardIRQ 2020-09-17 19:56:02 +01:00
spi-lm70llp.c spi: lm70llp: add parenthesis for sizeof 2021-05-20 18:00:34 +01:00
spi-loopback-test.c spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' 2021-05-10 13:07:53 +01:00
spi-lp8841-rtc.c
spi-mem.c spi: spi-mem: fix doc warning in spi-mem.c 2021-06-14 15:05:00 +01:00
spi-meson-spicc.c spi: meson-spicc: add IRQ check in meson_spicc_probe 2022-01-26 13:32:36 +00:00
spi-meson-spifc.c spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe 2022-01-07 13:36:38 +00:00
spi-mpc52xx-psc.c spi: mpc52xx-psc: add parenthesis for sizeof 2021-05-20 18:00:37 +01:00
spi-mpc52xx.c spi: mpc52xx: add parenthesis for sizeof 2021-05-20 18:00:36 +01:00
spi-mpc512x-psc.c spi: mpc512x-psc: add parenthesis for sizeof 2021-05-20 18:00:35 +01:00
spi-mt65xx.c spi: mediatek: Avoid NULL pointer crash in interrupt 2022-01-31 15:24:05 +00:00
spi-mt7621.c spi: mt7621: Don't leak SPI master in probe error path 2020-12-07 14:18:59 +00:00
spi-mtk-nor.c spi: Fixed division by zero warning 2021-09-20 13:38:18 +01:00
spi-mux.c spi-mux: Fix false-positive lockdep splats 2021-10-14 13:32:19 +01:00
spi-mxic.c spi: mxic: add missing braces 2021-08-12 12:19:19 +01:00
spi-mxs.c spi: mxs: fix reference leak in mxs_spi_probe 2020-11-18 18:00:26 +00:00
spi-npcm-fiu.c spi: npcm-fiu: Disable clock in probe error path 2020-12-07 14:19:00 +00:00
spi-npcm-pspi.c spi: npcm-pspi: Use SPI_MODE_X_MASK 2021-05-11 15:42:48 +01:00
spi-nxp-fspi.c spi: spi-nxp-fspi: don't depend on a specific node name erratum workaround 2021-10-02 01:31:49 +01:00
spi-oc-tiny.c spi: oc-tiny: Use SPI_MODE_X_MASK 2021-05-11 15:42:49 +01:00
spi-omap-100k.c spi: fix some invalid char occurrences 2021-05-20 17:58:33 +01:00
spi-omap-uwire.c Merge branch 'for-5.13' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-5.14 2021-06-01 18:33:33 +01:00
spi-omap2-mcspi.c Merge branch 'for-5.13' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi into spi-5.14 2021-06-01 18:33:33 +01:00
spi-orion.c spi: orion: Add of_node_put() before goto 2021-10-15 16:10:59 +01:00
spi-pic32-sqi.c
spi-pic32.c spi: spi-pic32: Fix issue with uninitialized dma_slave_config 2021-08-10 13:22:20 +01:00
spi-pl022.c spi: spl022: fix Microwire full duplex mode 2021-10-26 11:53:57 +01:00
spi-ppc4xx.c spi: ppc4xx: add parenthesis for sizeof 2021-05-20 18:00:40 +01:00
spi-pxa2xx-dma.c spi: pxa2xx: Fix style of and typos in the comments and messages 2021-05-18 14:05:35 +01:00
spi-pxa2xx-pci.c spi: pxa2xx: Fix inconsistent indenting 2021-05-21 13:13:42 +01:00
spi-pxa2xx.c spi: pxa2xx: Propagate firmware node 2021-12-23 13:38:40 +00:00
spi-pxa2xx.h spi: pxa2xx: Get rid of unused ->cs_control() 2021-11-29 12:19:59 +00:00
spi-qcom-qspi.c spi: spi-qcom-qspi: Convert to use resource-managed OPP API 2021-03-16 10:14:11 +05:30
spi-qup.c spi: qup: fix PM reference leak in spi_qup_remove() 2021-04-09 13:44:03 +01:00
spi-rb4xx.c spi: rb4xx: Don't leak SPI master in probe error path 2020-12-07 14:18:55 +00:00
spi-realtek-rtl.c spi: realtek-rtl: Add support for Realtek RTL838x/RTL839x SPI controllers 2021-02-04 18:45:57 +00:00
spi-rockchip-sfc.c spi: rockchip-sfc: Fix assigned but never used return error codes 2021-08-23 16:41:08 +01:00
spi-rockchip.c spi: rockchip: handle zero length transfers without timing out 2021-09-03 13:31:49 +01:00
spi-rpc-if.c spi: spi-rpc-if: Check return value of rpcif_sw_init() 2021-10-26 20:04:00 +01:00
spi-rspi.c spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() 2021-11-18 13:57:55 +00:00
spi-s3c24xx-regs.h ARM: s3c24xx: move regs-spi.h into spi driver 2020-08-19 21:40:14 +02:00
spi-s3c24xx.c ARM: SoC platform updates 2020-10-24 10:33:08 -07:00
spi-s3c64xx.c spi: s3c64xx: constify driver/match data 2021-04-15 16:07:58 +01:00
spi-sc18is602.c spi: sc18is602: implement .max_{transfer,message}_size() for the controller 2021-05-21 13:13:33 +01:00
spi-sh-hspi.c spi: use new `spi_transfer_delay_exec` helper where straightforward 2019-10-15 11:51:57 +01:00
spi-sh-msiof.c spi: sh-msiof: drop unneeded MODULE_ALIAS 2021-09-17 13:17:50 +01:00
spi-sh-sci.c
spi-sh.c spi: spi-sh: replace 'delay_usecs' with 'delay.value' in pr_debug 2021-03-12 14:30:45 +00:00
spi-sifive.c spi: sifive: disable clk when probe fails and remove 2019-11-04 13:26:11 +00:00
spi-slave-mt27xx.c spi: mediatek: add mt8195 spi slave support 2021-03-23 17:19:45 +00:00
spi-slave-system-control.c
spi-slave-time.c
spi-sprd-adi.c spi: sprd: Add ADI r3 support 2021-08-26 12:09:38 +01:00
spi-sprd.c spi: sprd: Add missing MODULE_DEVICE_TABLE 2021-05-12 13:01:43 +01:00
spi-st-ssc4.c spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path 2020-11-12 15:16:35 +00:00
spi-stm32-qspi.c spi: stm32-qspi: Update spi registering 2022-01-19 16:47:41 +00:00
spi-stm32.c spi: stm32: make SPI_MASTER_MUST_TX flags only specific to STM32F4 2022-01-19 16:47:43 +00:00
spi-sun4i.c spi: sun4i: update max transfer size reported 2020-07-27 14:55:21 +01:00
spi-sun6i.c spi: spi-sun6i: Fix chipselect/clock bug 2021-06-23 11:48:36 +01:00
spi-synquacer.c spi: spi-synquacer: fix set_cs handling 2021-02-03 16:23:07 +00:00
spi-tegra20-sflash.c spi: spi-tegra20-flash: don't check 'delay_usecs' field for spi transfer 2021-03-12 14:30:46 +00:00
spi-tegra20-slink.c spi: Updates for v5.16 2021-11-01 19:09:04 -07:00
spi-tegra114.c spi: modify set_cs_timing parameter 2021-08-05 16:42:54 +01:00
spi-tegra210-quad.c spi: tegra210-quad: use devm call for cdata memory 2021-11-26 13:24:39 +00:00
spi-test.h
spi-ti-qspi.c spi: spi-ti-qspi: Free DMA resources 2021-03-10 12:25:09 +00:00
spi-tle62x0.c spi: replace snprintf in show functions with sysfs_emit 2021-10-15 16:11:01 +01:00
spi-topcliff-pch.c spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() 2021-05-10 13:17:16 +01:00
spi-uniphier.c spi: uniphier: fix reference count leak in uniphier_spi_probe() 2022-01-26 15:52:05 +00:00
spi-xcomm.c spi: use new `spi_transfer_delay_exec` helper where straightforward 2019-10-15 11:51:57 +01:00
spi-xilinx.c spi: xilinx: Fix info message during probe 2020-09-17 19:56:01 +01:00
spi-xlp.c spi: xlp: Remove Netlogic XLP variants 2021-11-15 13:27:17 +00:00
spi-xtensa-xtfpga.c spi: xtensa-xtfpga: Use devm_platform_ioremap_resource() in xtfpga_spi_probe() 2019-10-01 12:35:18 +01:00
spi-zynq-qspi.c spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() 2022-02-08 13:37:50 +00:00
spi-zynqmp-gqspi.c spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails 2021-04-16 13:44:15 +01:00
spi.c spi: don't include ptp_clock_kernel.h in spi.h 2022-01-07 17:14:30 +00:00
spidev.c spi: spidev: Make probe to fail early if a spidev compatible is used 2021-11-24 12:57:40 +00:00