768033cf47
commit 03cd45d2e219301880cabc357e3cf478a500080f upstream.
The driver does not populate .reg_read callback for the non-active NVMem
because the file is supposed to be write-only. However, it turns out
NVMem subsystem does not yet support this and expects that the .reg_read
callback is provided. If user reads the binary attribute it triggers
NULL pointer dereference like this one:
BUG: kernel NULL pointer dereference, address: 0000000000000000
...
Call Trace:
bin_attr_nvmem_read+0x64/0x80
kernfs_fop_read+0xa7/0x180
vfs_read+0xbd/0x170
ksys_read+0x5a/0xd0
do_syscall_64+0x43/0x150
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fix this in the driver by providing .reg_read callback that always
returns an error.
Reported-by: Nicholas Johnson <nicholas.johnson-opensource@outlook.com.au>
Fixes:
|
||
---|---|---|
.. | ||
cap.c | ||
ctl.c | ||
ctl.h | ||
dma_port.c | ||
dma_port.h | ||
domain.c | ||
eeprom.c | ||
icm.c | ||
Kconfig | ||
Makefile | ||
nhi.c | ||
nhi.h | ||
nhi_regs.h | ||
path.c | ||
property.c | ||
switch.c | ||
tb.c | ||
tb.h | ||
tb_msgs.h | ||
tb_regs.h | ||
tunnel_pci.c | ||
tunnel_pci.h | ||
xdomain.c |