[PATCH] regmap: don't corrupt work buffer in _regmap_raw_write()

From: Stephen Warren
Date: Wed Mar 20 2013 - 19:02:17 EST

Next message: Jiri Kosina: "Re: gm45 intel gfx can generate non-MSI irq# in MSI mode (was Re:[PATCH] drm/i915: stop using GMBUS IRQs on Gen4 chips (was Re: [3.9-rc1]irq 16: nobody cared (was [3.9-rc1] very poor interrupt responses"
Previous message: Steven Rostedt: "Re: [PATCH] tracepoints: prevents null probe from being added"
Next in thread: Mark Brown: "Re: [PATCH] regmap: don't corrupt work buffer in _regmap_raw_write()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stephen Warren <swarren@xxxxxxxxxx>

_regmap_raw_write() contains code to call regcache_write() to write
values to the cache. That code calls memcpy() to copy the value data to
the start of the work_buf. However, at least when _regmap_raw_write() is
called from _regmap_bus_raw_write(), the value data is in the work_buf,
and this memcpy() operation may over-write part of that value data,
depending on the value of reg_bytes + pad_bytes. At least when using
reg_bytes==1 and pad_bytes==0, corruption of the value data does occur.

To solve this, remove the memcpy() operation, and modify the subsequent
.parse_val() call to parse the original value buffer directly.

At least in the case of 8-bit register address and 16-bit values, and
writes of single registers at a time, this memcpy-then-parse combination
used to cancel each-other out; for a work-buffer containing xx 89 03,
the memcpy changed it to 89 03 03, and the parse_val changed it back to
89 89 03, thus leaving the value uncorrupted. This appears completely
accidental though. Since commit 8a819ff "regmap: core: Split out in
place value parsing", .parse_val only returns the parsed value, and does
not modify the buffer, and hence does not (accidentally) undo the
corruption caused by memcpy(). This caused bogus values to get written
to HW, thus preventing e.g. audio playback on systems with a WM8903
CODEC. This patch fixes that.

Cc: Laxman Dewangan <ldewangan@xxxxxxxxxx>
Signed-off-by: Stephen Warren <swarren@xxxxxxxxxx>
---
drivers/base/regmap/regmap.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index fed91ac..1ab4498 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -963,8 +963,7 @@ static int _regmap_raw_write(struct regmap *map, unsigned int reg,
unsigned int ival;
int val_bytes = map->format.val_bytes;
for (i = 0; i < val_len / val_bytes; i++) {
- memcpy(map->work_buf, val + (i * val_bytes), val_bytes);
- ival = map->format.parse_val(map->work_buf);
+ ival = map->format.parse_val(val + (i * val_bytes));
ret = regcache_write(map, reg + (i * map->reg_stride),
ival);
if (ret) {
--
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "Re: gm45 intel gfx can generate non-MSI irq# in MSI mode (was Re:[PATCH] drm/i915: stop using GMBUS IRQs on Gen4 chips (was Re: [3.9-rc1]irq 16: nobody cared (was [3.9-rc1] very poor interrupt responses"
Previous message: Steven Rostedt: "Re: [PATCH] tracepoints: prevents null probe from being added"
Next in thread: Mark Brown: "Re: [PATCH] regmap: don't corrupt work buffer in _regmap_raw_write()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]