1. Patchew
  2. linux
  3. View series

[PATCH] spi: cs42l43: Property entry should be a null-terminated array

Simon Trimmer posted 1 patch 2 months ago 
drivers/spi/spi-cs42l43.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] spi: cs42l43: Property entry should be a null-terminated array
Posted by Simon Trimmer 2 months ago 
The software node does not specify a count of property entries, so the
array must be null-terminated.

When unterminated, this can lead to a fault in the downstream cs35l56
amplifier driver, because the node parse walks off the end of the
array into unknown memory.

Fixes: 0ca645ab5b15 ("spi: cs42l43: Add speaker id support to the bridge configuration")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220371
Signed-off-by: Simon Trimmer <simont@opensource.cirrus.com>
---
 drivers/spi/spi-cs42l43.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/spi/spi-cs42l43.c b/drivers/spi/spi-cs42l43.c
index b28a840b3b04..14307dd800b7 100644
--- a/drivers/spi/spi-cs42l43.c
+++ b/drivers/spi/spi-cs42l43.c
@@ -295,7 +295,7 @@ static struct spi_board_info *cs42l43_create_bridge_amp(struct cs42l43_spi *priv
 	struct spi_board_info *info;
 
 	if (spkid >= 0) {
-		props = devm_kmalloc(priv->dev, sizeof(*props), GFP_KERNEL);
+		props = devm_kcalloc(priv->dev, 2, sizeof(*props), GFP_KERNEL);
 		if (!props)
 			return NULL;
 
-- 
2.43.0
Re: [PATCH] spi: cs42l43: Property entry should be a null-terminated array
Posted by Mark Brown 2 months ago 
On Thu, 31 Jul 2025 16:01:09 +0000, Simon Trimmer wrote:
> The software node does not specify a count of property entries, so the
> array must be null-terminated.
> 
> When unterminated, this can lead to a fault in the downstream cs35l56
> amplifier driver, because the node parse walks off the end of the
> array into unknown memory.
> 
> [...]

Applied to

   https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next

Thanks!

[1/1] spi: cs42l43: Property entry should be a null-terminated array
      commit: a735ee58c0d673d630a10ac2939dccb54df0622a

All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.

You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.

If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.

Please add any relevant lists and maintainers to the CCs when replying
to this mail.

Thanks,
Mark
Re: [PATCH] spi: cs42l43: Property entry should be a null-terminated array
Posted by Mark Brown 2 months ago 
On Thu, 31 Jul 2025 16:01:09 +0000, Simon Trimmer wrote:
> The software node does not specify a count of property entries, so the
> array must be null-terminated.
> 
> When unterminated, this can lead to a fault in the downstream cs35l56
> amplifier driver, because the node parse walks off the end of the
> array into unknown memory.
> 
> [...]

Applied to

   https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next

Thanks!

[1/1] spi: cs42l43: Property entry should be a null-terminated array
      commit: a735ee58c0d673d630a10ac2939dccb54df0622a

All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.

You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.

If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.

Please add any relevant lists and maintainers to the CCs when replying
to this mail.

Thanks,
Mark
Re: [PATCH] spi: cs42l43: Property entry should be a null-terminated array
Posted by Mark Brown 2 months ago 
On Thu, Jul 31, 2025 at 04:01:09PM +0000, Simon Trimmer wrote:
> The software node does not specify a count of property entries, so the
> array must be null-terminated.
> 
> When unterminated, this can lead to a fault in the downstream cs35l56
> amplifier driver, because the node parse walks off the end of the
> array into unknown memory.

>  	if (spkid >= 0) {
> -		props = devm_kmalloc(priv->dev, sizeof(*props), GFP_KERNEL);
> +		props = devm_kcalloc(priv->dev, 2, sizeof(*props), GFP_KERNEL);

Does kcalloc() zero initialise the data?
Re: [PATCH] spi: cs42l43: Property entry should be a null-terminated array
Posted by Richard Fitzgerald 2 months ago 
On 31/07/2025 5:20 pm, Mark Brown wrote:
> On Thu, Jul 31, 2025 at 04:01:09PM +0000, Simon Trimmer wrote:
>> The software node does not specify a count of property entries, so the
>> array must be null-terminated.
>>
>> When unterminated, this can lead to a fault in the downstream cs35l56
>> amplifier driver, because the node parse walks off the end of the
>> array into unknown memory.
> 
>>   	if (spkid >= 0) {
>> -		props = devm_kmalloc(priv->dev, sizeof(*props), GFP_KERNEL);
>> +		props = devm_kcalloc(priv->dev, 2, sizeof(*props), GFP_KERNEL);
> 
> Does kcalloc() zero initialise the data?

"kcalloc — allocate memory for an array. The memory is set to zero. "

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.