Skip to content
Snippets Groups Projects
Select Git revision
  • r128-next default
  • drm-misc-next
  • drm-misc-fixes
  • for-linux-next-fixes
  • drm-misc-next-fixes
  • for-linux-next
  • topic/rust-drm
  • drm-misc-templates protected
  • drm-misc-fixes-2024-09-12
  • drm-misc-fixes-2024-09-05
  • drm-misc-next-fixes-2024-09-05
  • drm-misc-fixes-2024-08-29
  • drm-misc-next-2024-08-29
  • drm-misc-next-2024-08-22
  • drm-misc-fixes-2024-08-22
  • drm-misc-next-2024-08-16
  • drm-misc-fixes-2024-08-15
  • drm-misc-next-2024-08-09
  • drm-misc-fixes-2024-08-08
  • drm-misc-next-2024-08-01
  • drm-misc-fixes-2024-08-01
  • drm-misc-next-fixes-2024-07-25
  • drm-misc-next-fixes-2024-07-19
  • drm-misc-next-fixes-2024-07-11
  • drm-misc-fixes-2024-07-11
  • drm-misc-next-2024-07-04
  • drm-misc-fixes-2024-07-04
  • drm-misc-next-2024-06-27
28 results
Compare
user avatar
drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer
Douglas Anderson authored 
For aux reads, the value `msg->size` indicates the size of the buffer
provided by `msg->buffer`. We should never in any circumstances write
more bytes to the buffer since it may overflow the buffer.

In the ti-sn65dsi86 driver there is one code path that reads the
transfer length from hardware. Even though it's never been seen to be
a problem, we should make extra sure that the hardware isn't
increasing the length since doing so would cause us to overrun the
buffer.

Fixes: 982f589b ("drm/bridge: ti-sn65dsi86: Update reply on aux failures")
Reviewed-by: default avatarStephen Boyd <swboyd@chromium.org>
Reviewed-by: default avatarGuenter Roeck <groeck@chromium.org>
Signed-off-by: default avatarDouglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20231214123752.v3.2.I7b83c0f31aeedc6b1dc98c7c741d3e1f94f040f8@changeid
aca58eac
History
user avatar aca58eac
History
Name Last commit Last update