Hi Marek,
On Thu, 20 May 2021 at 05:25, Marek BehĂșn marek.behun@nic.cz wrote:
There is a serious bug in regmap_read() and regmap_write() functions where an uint pointer is cast to (void *) which is then cast to (u8 *), (u16 *), (u32 *) or (u64 *), depending on register width of the map.
For example given a regmap with 16-bit register width the code int val = 0x12340000; regmap_read(map, 0, &val); only changes the lower 16 bits of val on little-endian machines. The upper 16 bits will remain 0x1234.
Nobody noticed this probably because this bug can be triggered with regmap_write() only on big-endian architectures (which are not used by many people anymore), and on little endian this bug has consequences only if register width is 8 or 16 bits and also the memory place to which regmap_read() should store it's result has non-zero upper bits, which it seems doesn't happen anywhere in U-Boot normally. CI managed to trigger this bug in unit test of dm_test_devm_regmap_field when compiled for sandbox_defconfig using LTO.
Fix this by utilizing an union { u8; u16; u32; u64; } and reading data into this union / writing data from this union.
Signed-off-by: Marek BehĂșn marek.behun@nic.cz Cc: Simon Glass sjg@chromium.org Cc: Heiko Schocher hs@denx.de Cc: Bin Meng bmeng.cn@gmail.com Cc: Pratyush Yadav p.yadav@ti.com
drivers/core/regmap.c | 59 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 57 insertions(+), 2 deletions(-)
I don't see a changelog here but this is v4. Are you using patman?
Regards, Simon