i2c: s3c2410: fix possible NULL pointer deref on read message after write
Krzysztof Kozlowski authored
Interrupt handler processes multiple message write requests one after
another, till the driver message queue is drained.  However if driver
encounters a read message without preceding START, it stops the I2C
transfer as it is an invalid condition for the controller.  At least the
comment describes a requirement "the controller forces us to send a new
START when we change direction".  This stop results in clearing the
message queue (i2c->msg = NULL).

The code however immediately jumped back to label "retry_write" which
dereferenced the "i2c->msg" making it a possible NULL pointer
dereference.

The Coverity analysis:
1. Condition !is_msgend(i2c), taking false branch.
   if (!is_msgend(i2c)) {

2. Condition !is_lastmsg(i2c), taking true branch.
   } else if (!is_lastmsg(i2c)) {

3. Condition i2c->msg->flags & 1, taking true branch.
   if (i2c->msg->flags & I2C_M_RD) {

4. write_zero_model: Passing i2c to s3c24xx_i2c_stop, which sets i...
24990423
Name Last commit Last update
Documentation dt-bindings: i2c: mpc: Add fsl,i2c-erratum-a004447 flag
LICENSES LICENSES: Add the CC-BY-4.0 license
arch powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
block Merge tag 'block-5.13-2021-05-22' of git://git.kernel.dk/linux-block
certs Merge tag 'kbuild-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
crypto Merge tag 'for-5.13/drivers-2021-04-27' of git://git.kernel.dk/linux-block
drivers i2c: s3c2410: fix possible NULL pointer deref on read message after write
fs userfaultfd: hugetlbfs: fix new flag usage in error path
include linux/bits.h: fix compilation error with GENMASK
init Merge branch 'akpm' (patches from Andrew)
ipc ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
kernel Merge tag 'locking-urgent-2021-05-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
lib lib: kunit: suppress a compilation warning of frame size
mm userfaultfd: hugetlbfs: fix new flag usage in error path
net Merge tag 'char-misc-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
samples Merge tag 'kbuild-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
scripts kbuild: dummy-tools: adjust to stricter stackprotector check
security trusted-keys: match tpm_get_ops on all return paths
sound Merge tag 'sound-5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
tools Merge tag 'powerpc-5.13-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
usr .gitignore: prefix local generated files with a slash
virt kvm: Cap halt polling at kvm->max_halt_poll_ns
.clang-format Merge tag 'cxl-for-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
.cocciconfig scripts: add Linux .cocciconfig for coccinelle
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl
.gitattributes .gitattributes: use 'dts' diff driver for dts files
.gitignore .gitignore: ignore only top-level modules.builtin
.mailmap Merge drm/drm-fixes into drm-misc-fixes
COPYING COPYING: state that all contributions really are covered by this file
CREDITS MAINTAINERS: move Murali Karicheri to credits
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y
Kconfig kbuild: ensure full rebuild when the compiler is updated
MAINTAINERS proc: remove Alexey from MAINTAINERS
Makefile Linux 5.13-rc3
README Drop all 00-INDEX files from Documentation/
Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.