[PATCH 5.11 034/601] iio: inv_mpu6050: Fully validate gyro and accel scale writes

From: Greg Kroah-Hartman
Date: Wed May 12 2021 - 12:53:26 EST

Next message: cy_huang: "[PATCH v7 2/4] backlight: rt4831: Adds DT binding document for Richtek RT4831 backlight"
Previous message: Greg Kroah-Hartman: "[PATCH 5.11 026/601] MIPS: pci-rt2880: fix slot 0 configuration"
In reply to: Greg Kroah-Hartman: "[PATCH 5.11 026/601] MIPS: pci-rt2880: fix slot 0 configuration"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.11 016/601] usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lars-Peter Clausen <lars@xxxxxxxxxx>

commit e09fe9135399807b8397798a53160e055dc6c29f upstream.

When setting the gyro or accelerometer scale the inv_mpu6050 driver ignores
the integer part of the value. As a result e.g. all of 0.13309, 1.13309,
12345.13309, ... are accepted as a valid gyro scale and 0.13309 is the
scale that gets set in all those cases.

Make sure to check that the integer part of the scale value is 0 and reject
it otherwise.

Fixes: 09a642b78523 ("Invensense MPU6050 Device Driver.")
Signed-off-by: Lars-Peter Clausen <lars@xxxxxxxxxx>
Acked-by: Jean-Baptiste Maneyrol <jmaneyrol@xxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20210405114441.24167-1-lars@xxxxxxxxxx
Cc: <Stable@xxxxxxxxxxxxxxx>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)

--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c
+++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c
@@ -723,12 +723,16 @@ inv_mpu6050_read_raw(struct iio_dev *ind
}
}

-static int inv_mpu6050_write_gyro_scale(struct inv_mpu6050_state *st, int val)
+static int inv_mpu6050_write_gyro_scale(struct inv_mpu6050_state *st, int val,
+ int val2)
{
int result, i;

+ if (val != 0)
+ return -EINVAL;
+
for (i = 0; i < ARRAY_SIZE(gyro_scale_6050); ++i) {
- if (gyro_scale_6050[i] == val) {
+ if (gyro_scale_6050[i] == val2) {
result = inv_mpu6050_set_gyro_fsr(st, i);
if (result)
return result;
@@ -759,13 +763,17 @@ static int inv_write_raw_get_fmt(struct
return -EINVAL;
}

-static int inv_mpu6050_write_accel_scale(struct inv_mpu6050_state *st, int val)
+static int inv_mpu6050_write_accel_scale(struct inv_mpu6050_state *st, int val,
+ int val2)
{
int result, i;
u8 d;

+ if (val != 0)
+ return -EINVAL;
+
for (i = 0; i < ARRAY_SIZE(accel_scale); ++i) {
- if (accel_scale[i] == val) {
+ if (accel_scale[i] == val2) {
d = (i << INV_MPU6050_ACCL_CONFIG_FSR_SHIFT);
result = regmap_write(st->map, st->reg->accl_config, d);
if (result)
@@ -806,10 +814,10 @@ static int inv_mpu6050_write_raw(struct
case IIO_CHAN_INFO_SCALE:
switch (chan->type) {
case IIO_ANGL_VEL:
- result = inv_mpu6050_write_gyro_scale(st, val2);
+ result = inv_mpu6050_write_gyro_scale(st, val, val2);
break;
case IIO_ACCEL:
- result = inv_mpu6050_write_accel_scale(st, val2);
+ result = inv_mpu6050_write_accel_scale(st, val, val2);
break;
default:
result = -EINVAL;

Next message: cy_huang: "[PATCH v7 2/4] backlight: rt4831: Adds DT binding document for Richtek RT4831 backlight"
Previous message: Greg Kroah-Hartman: "[PATCH 5.11 026/601] MIPS: pci-rt2880: fix slot 0 configuration"
In reply to: Greg Kroah-Hartman: "[PATCH 5.11 026/601] MIPS: pci-rt2880: fix slot 0 configuration"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.11 016/601] usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]