[U-Boot] spmi: Fix sandbox spmi driver memory corruption

Message ID	1459792559-24652-1-git-send-email-mateusz.kulikowski@gmail.com
State	Accepted
Commit	aafa64827f30a7d2aa2c2cc2a60906eabd0272b8
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Mateusz Kulikowski <mateusz.kulikowski@gmail.com> To: Tom Rini <trini@konsulko.com>, swarren@wwwdotorg.org, Simon Glass <sjg@chromium.org> Date: Mon, 4 Apr 2016 19:55:58 +0200 Message-Id: <1459792559-24652-1-git-send-email-mateusz.kulikowski@gmail.com> Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH] spmi: Fix sandbox spmi driver memory corruption Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Message ID

1459792559-24652-1-git-send-email-mateusz.kulikowski@gmail.com

State

Accepted

Commit

aafa64827f30a7d2aa2c2cc2a60906eabd0272b8

Delegated to:

Tom Rini

Headers

show

Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id 3qf06G5yDlz9t0r
	for <incoming@patchwork.ozlabs.org>;
	Tue,  5 Apr 2016 03:56:22 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=c1CZb4pm;
	dkim-atps=neutral
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 6CDCDA7620;
	Mon,  4 Apr 2016 19:56:20 +0200 (CEST)
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id JLRPl1wS5uaz; Mon,  4 Apr 2016 19:56:20 +0200 (CEST)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id B9D8BA7519;
	Mon,  4 Apr 2016 19:56:19 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 6BBB2A7519
	for <u-boot@lists.denx.de>; Mon,  4 Apr 2016 19:56:18 +0200 (CEST)
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id MTZUcu4RCfFB for <u-boot@lists.denx.de>;
	Mon,  4 Apr 2016 19:56:18 +0200 (CEST)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from mail-lf0-f48.google.com (mail-lf0-f48.google.com
	[209.85.215.48]) by theia.denx.de (Postfix) with ESMTPS id 357F8A748A
	for <u-boot@lists.denx.de>; Mon,  4 Apr 2016 19:56:15 +0200 (CEST)
Received: by mail-lf0-f48.google.com with SMTP id c126so63677478lfb.2
	for <u-boot@lists.denx.de>; Mon, 04 Apr 2016 10:56:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=VS4IAyYujT95RA1/moa2Q8k9El7/Gb6BLbbL2IjxQo0=;
	b=c1CZb4pm4vY7SSHNNb6G8xJP7Jc3sBghVwxwjKgbf6zIbO86rY/nIi6eqA0NMhlXYM
	1IJ9mL5xVJyZO85TnKvORcAI/30ONX6r9svXJWBp41jFj7cJCIYTolytp1A3NIadO+fN
	FKQOKH1tyH47mxlkQw1pOKiK5STr9bfHtvRtmeuGu2m57dV1smSHp8xSNT4CxfBJwXi2
	yWhof/xhpaB0rT/jQstmio2KO6YHDKLPrwR05eF9e8JVLt/9DhtBJB/fNpA1pMusQceG
	Vq926n9cgM2Y9yrDtD5BvR4NLpNamoSfPFG13kcOCC2YXi/du54NoLRUO0pvIMfKF4sq
	bhpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=VS4IAyYujT95RA1/moa2Q8k9El7/Gb6BLbbL2IjxQo0=;
	b=c2E0ljX0DAj0FFdUrpvLZj1FdZ/r4xxwnrTxxjojqp1rit6VlCZ3ksDG5cE1JQRLpo
	+IWAFcaLcAFMhZ39tctgJL6KLCCvxbSF8uoMT3W/WjXXAft9H/8MgKX1E2k5/wqbCScw
	YOovny9w6GJfcEJB+ziclygXW8qiZKTDx/OQ+gGqM/YpiDcDuXE5jdqsaVJeqZyamVkU
	xuSj5ZZ29Wje858uweAFIsxMUOqeF90n9v6F+MJoTxaO3g+PX6in8SvFUu8Ffp/jkJTM
	lU3V3HnYx5h862ipGByyPr/l2Rhd7yDV1V3VapfDYWx2m1ZAAPA0iV4xdVACwPcba30r
	jbfA==
X-Gm-Message-State: AD7BkJKedlbvysjnV1bangccu7XWRhdoyTO10JHS9DfyVsGqIKmrsLBWc6/ezkyCH/ilWg==
X-Received: by 10.25.27.200 with SMTP id b191mr9589975lfb.8.1459792574659;
	Mon, 04 Apr 2016 10:56:14 -0700 (PDT)
Received: from localhost.localdomain (095160097038.warszawa.vectranet.pl.
	[95.160.97.38]) by smtp.gmail.com with ESMTPSA id
	f134sm5012341lff.34.2016.04.04.10.56.13
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 04 Apr 2016 10:56:13 -0700 (PDT)
From: Mateusz Kulikowski <mateusz.kulikowski@gmail.com>
To: Tom Rini <trini@konsulko.com>, swarren@wwwdotorg.org,
	Simon Glass <sjg@chromium.org>
Date: Mon,  4 Apr 2016 19:55:58 +0200
Message-Id: <1459792559-24652-1-git-send-email-mateusz.kulikowski@gmail.com>
X-Mailer: git-send-email 2.5.0
Cc: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH] spmi: Fix sandbox spmi driver memory corruption
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Commit Message

Mateusz Kulikowski April 4, 2016, 5:55 p.m. UTC

There is off-by-one error in sandbox_emul_gpio that causes
segfault of certain tests.

EMUL_GPIO_REG_END is the address of last valid (emulated) register.
This patch fixed this (by adding one more element to emulated register array).

Signed-off-by: Mateusz Kulikowski <mateusz.kulikowski@gmail.com>
---

 drivers/spmi/spmi-sandbox.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Stephen Warren April 4, 2016, 6:06 p.m. UTC | #1

On 04/04/2016 11:55 AM, Mateusz Kulikowski wrote:
> There is off-by-one error in sandbox_emul_gpio that causes
> segfault of certain tests.
>
> EMUL_GPIO_REG_END is the address of last valid (emulated) register.
> This patch fixed this (by adding one more element to emulated register array).

Tested-by: Stephen Warren <swarren@nvidia.com>

Tom Rini April 12, 2016, 2:29 a.m. UTC | #2

On Mon, Apr 04, 2016 at 07:55:58PM +0200, Mateusz Kulikowski wrote:

> There is off-by-one error in sandbox_emul_gpio that causes
> segfault of certain tests.
> 
> EMUL_GPIO_REG_END is the address of last valid (emulated) register.
> This patch fixed this (by adding one more element to emulated register array).
> 
> Signed-off-by: Mateusz Kulikowski <mateusz.kulikowski@gmail.com>
> Tested-by: Stephen Warren <swarren@nvidia.com>

Applied to u-boot/master, thanks!

diff --git a/drivers/spmi/spmi-sandbox.c b/drivers/spmi/spmi-sandbox.c
index 2f0fea0..980aff2 100644
--- a/drivers/spmi/spmi-sandbox.c
+++ b/drivers/spmi/spmi-sandbox.c
@@ -35,7 +35,8 @@  struct sandbox_emul_fake_regs {
 };
 
 struct sandbox_emul_gpio {
-	struct sandbox_emul_fake_regs r[EMUL_GPIO_REG_END]; /* Fake registers */
+	/* Fake registers - need one more entry as REG_END is valid address. */
+	struct sandbox_emul_fake_regs r[EMUL_GPIO_REG_END + 1];
 };
 
 struct sandbox_spmi_priv {

[U-Boot] spmi: Fix sandbox spmi driver memory corruption

Commit Message

Comments

Patch