asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/drivers
History
Jan Nikitenko 1e7439388a V4L/DVB (11999): af9015: fix stack corruption bug 
This patch fixes stack corruption bug present in af9015_eeprom_dump():
the buffer buf is one byte smaller than required - there is 4 chars
for address prefix, 16*3 chars for dump of 16 eeprom bytes per line
and 1 byte for zero ending the string required, i.e. 53 bytes, but
only 52 are provided.
The one byte missing in stack based buffer buf causes following oops
on MIPS little endian platform, because i2c_adap pointer in
af9015_af9013_frontend_attach() is corrupted by inlined function
af9015_eeprom_dump():

CPU 0 Unable to handle kernel paging request at virtual address 00000000, epc ==
803a4488, ra == c049a1c8
Oops[#1]:
Cpu 0
$ 0   : 00000000 10003c00 00000000 803a4468
$ 4   : 8f17c600 8f067b30 00000002 00000038
$ 8   : 00000001 8faf3e98 11da000d 09010002
$12   : 00000000 00000000 00000000 0000000a
$16   : 8f17c600 8f067b68 8faf3c00 8f067c04
$20   : 8f067b9c 00000100 8f067bf0 80104100
$24   : 00000000 2aba9fb0
$28   : 8f066000 8f067af0 802cbc48 c049a1c8
Hi    : 00000000
Lo    : 00000000
epc   : 803a4488 i2c_transfer+0x20/0x104
   Not tainted
ra    : c049a1c8 af9013_read_reg+0x78/0xc4 [af9013]
Status: 10003c03    KERNEL EXL IE
Cause : 00808008
BadVA : 00000000
PrId  : 03030200 (Au1550)
Modules linked in: af9013 dvb_usb_af9015(+) dvb_usb dvb_core firmware_class
i2c_au1550 au1550_spi
Process modprobe (pid: 2757, threadinfo=8f066000, task=8fade098, tls=2aad6470)
Stack : c049f5e0 80163090 805ba880 00000100 8f067bf0 0000d733 8f067b68 8faf3c00
       8f067c04 c049a1c8 80163bc0 8056a630 8f067b40 80163224 80569fc8 8f0033d7
       00000038 80140003 8f067b2c 00010038 c0420001 8f067b28 c049f5e0 00000004
       00000004 c049a524 c049d5a8 c049d5a8 00000000 803a6700 00000000 8f17c600
       c042a7a4 8f17c600 c042a7a4 c049c924 00000000 00000000 00000002 613a6c00
       ...
Call Trace:
[<803a4488>] i2c_transfer+0x20/0x104
[<c049a1c8>] af9013_read_reg+0x78/0xc4 [af9013]
[<c049a524>] af9013_read_reg_bits+0x2c/0x70 [af9013]
[<c049c924>] af9013_attach+0x98/0x65c [af9013]
[<c04257bc>] af9015_af9013_frontend_attach+0x214/0x67c [dvb_usb_af9015]
[<c03e2428>] dvb_usb_adapter_frontend_init+0x20/0x12c [dvb_usb]
[<c03e1ad8>] dvb_usb_device_init+0x374/0x6b0 [dvb_usb]
[<c0426120>] af9015_usb_probe+0x4fc/0xfcc [dvb_usb_af9015]
[<80381024>] usb_probe_interface+0xbc/0x218
[<803227fc>] driver_probe_device+0x12c/0x30c
[<80322a80>] __driver_attach+0xa4/0xac
[<80321ed0>] bus_for_each_dev+0x60/0xd0
[<8032162c>] bus_add_driver+0x1e8/0x2a8
[<80322cdc>] driver_register+0x7c/0x17c
[<80380d30>] usb_register_driver+0xa0/0x12c
[<c042e030>] af9015_usb_module_init+0x30/0x6c [dvb_usb_af9015]
[<8010d2a4>] __kprobes_text_end+0x3c/0x1f4
[<80167150>] sys_init_module+0xb8/0x1cc
[<80102370>] stack_done+0x20/0x3c

Code: afb10018  7000003f  00808021 <8c430000> 7000003f  1060002d  00c09021
8f830014  3c02efff

Signed-off-by: Jan Nikitenko <jan.nikitenko@gmail.com>
Acked-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2009-06-16 19:07:55 -03:00
..
accessibility
acpi Merge branch 'acpica' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2009-06-16 11:24:23 -07:00
amba
ata Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-06-14 13:46:25 -07:00
atm
auxdisplay
base Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-06-14 13:46:25 -07:00
block Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block 2009-06-16 11:46:45 -07:00
bluetooth Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2009-06-15 03:02:23 -07:00
cdrom block: Use accessor functions for queue limits 2009-05-22 23:22:54 +02:00
char Merge branch 'serial' 2009-06-16 12:03:43 -07:00
clocksource clocksource: sh_mtu2/cmt_register() should be static. 2009-05-03 18:05:42 +09:00
connector trivial: Kconfig: .ko is normally not included in module names 2009-06-12 18:01:50 +02:00
cpufreq cpumask: alloc zeroed cpumask for static cpumask_var_ts 2009-06-09 22:30:27 +09:30
cpuidle
crypto Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-06-14 13:46:25 -07:00
dca
dio
dma Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2009-05-30 07:57:44 -07:00
edac trivial: fix typos s/paramter/parameter/ and s/excute/execute/ in documentation and source comments. 2009-06-12 18:01:46 +02:00
eisa
firewire
firmware [libata] ahci: Restore SB600 SATA controller 64 bit DMA 2009-06-10 11:05:00 -04:00
gpio microblaze: Kconfig: Enable drivers for Microblaze 2009-05-21 15:56:04 +02:00
gpu Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-06-12 18:09:18 -07:00
hid Merge branches 'upstream' and 'ntrig-multitouch' into for-linus 2009-06-12 17:42:13 +02:00
hwmon hwmon: (max6650) Add support for alarms 2009-06-15 18:39:52 +02:00
i2c Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2009-06-16 11:29:17 -07:00
ide Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-06-14 13:46:25 -07:00
idle i7300_idle: allow testing on i5000-series hardware w/o re-compile 2009-05-28 20:52:40 -04:00
ieee1394 fs: Remove i_cindex from struct inode 2009-06-11 21:36:09 -04:00
ieee802154 ieee802154: fix kconfig bool/tristate muckup 2009-06-13 23:36:29 -07:00
infiniband Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2009-06-15 03:02:23 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-06-14 13:46:25 -07:00
isdn Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2009-06-15 03:02:23 -07:00
leds [ARM] S3C24XX: GPIO: Move gpio functions out of <mach/hardware.h> 2009-05-18 16:25:40 +01:00
lguest Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-lguest 2009-06-12 09:32:26 -07:00
macintosh Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2009-06-16 11:29:17 -07:00
mca
md block: remove some includings of blktrace_api.h 2009-06-16 11:19:36 +02:00
media V4L/DVB (11999): af9015: fix stack corruption bug 2009-06-16 19:07:55 -03:00
memstick block: Do away with the notion of hardsect_size 2009-05-22 23:22:54 +02:00
message Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2009-06-15 03:02:23 -07:00
mfd MFD,mmc: tmio_mmc: make HCLK configurable 2009-06-13 22:42:59 +02:00
misc Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2009-06-16 11:29:17 -07:00
mmc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/drzeus/mmc 2009-06-14 13:46:57 -07:00
mtd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-06-14 13:46:25 -07:00
net Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2009-06-16 11:30:37 -07:00
nubus
of Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-06-15 09:40:05 -07:00
oprofile oprofile: fix cpu buffer size 2009-05-07 17:28:59 +02:00
parisc irq: change ->set_affinity() to return status 2009-04-28 12:21:16 +02:00
parport parport_pc: clean up the modified while loops using for 2009-06-11 08:51:03 -07:00
pci Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-06-15 09:40:05 -07:00
pcmcia [ARM] pxa/stargate2: add support for Compact Flash/PCMCIA 2009-06-05 10:46:32 +08:00
platform sony-laptop: no need to unblock rfkill on load 2009-06-10 13:28:37 -04:00
pnp Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-06-12 18:09:18 -07:00
power
ps3 drivers/ps3: Add missing annotations 2009-06-15 16:47:25 +10:00
rapidio rapidio: fix section mismatch warnings 2009-05-19 00:50:41 -05:00
regulator regulator/max1586: fix V3 gain calculation integer overflow 2009-06-15 11:18:27 +01:00
rtc Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm 2009-06-14 13:42:43 -07:00
s390 [S390] pm: dcssblk power management callbacks. 2009-06-16 10:31:22 +02:00
sbus openprom: Squelch useless GCC warning. 2009-06-16 04:56:57 -07:00
scsi Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2009-06-15 03:02:23 -07:00
serial imx: Check for NULL pointer deref before calling tty_encode_baud_rate 2009-06-16 12:01:17 -07:00
sh sh: Tie sparseirq in to Kconfig. 2009-06-11 10:33:09 +03:00
sn
spi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/vapier/blackfin 2009-06-16 11:49:58 -07:00
ssb SSB: BCM47xx: Export ssb_watchdog_timer_set 2009-06-08 16:57:50 +01:00
staging Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2009-06-15 03:02:23 -07:00
tc
telephony
thermal thermal: fix off-by-1 error in trip point trigger condition 2009-05-14 13:40:53 -04:00
uio
usb Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2009-06-16 11:30:37 -07:00
uwb
video Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next-2.6 2009-06-16 11:52:41 -07:00
virtio virtio: enhance id_matching for virtio drivers 2009-06-12 22:16:40 +09:30
w1 trivial: Kconfig: .ko is normally not included in module names 2009-06-12 18:01:50 +02:00
watchdog Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-06-14 13:46:25 -07:00
xen PM core: rename suspend and resume functions 2009-06-12 21:32:31 +02:00
zorro
Kconfig
Makefile ieee802154: add simple HardMAC driver sample 2009-06-09 05:25:34 -07:00