Commit e436064d authored by Fei Shao's avatar Fei Shao Committed by Wenyu Huang
Browse files

spi: spi-mt65xx: Fix NULL pointer access in interrupt handler 

stable inclusion
from stable-v4.19.313
commit 2342b05ec5342a519e00524a507f7a6ea6791a38
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9L9O8
CVE: CVE-2024-27028

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.19.y&id=2342b05ec5342a519e00524a507f7a6ea6791a38



--------------------------------

[ Upstream commit a20ad45008a7c82f1184dc6dee280096009ece55 ]

The TX buffer in spi_transfer can be a NULL pointer, so the interrupt
handler may end up writing to the invalid memory and cause crashes.

Add a check to trans->tx_buf before using it.

Fixes: 1ce24864 ("spi: mediatek: Only do dma for 4-byte aligned buffers")
Signed-off-by: default avatarFei Shao <fshao@chromium.org>
Reviewed-by: default avatarAngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://msgid.link/r/20240321070942.1587146-2-fshao@chromium.org


Signed-off-by: default avatarMark Brown <broonie@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarWenyu Huang <huangwenyu5@huawei.com>
parent b9f13a64
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment