[Bug 207786] gpioiic_callback() dereferences IIC "how" argument incorrectly

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207786

            Bug ID: 207786
           Summary: gpioiic_callback() dereferences IIC "how" argument
                    incorrectly
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: chadf at triularity.org

Created attachment 167825
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=167825&action=edit
Patch file for sys/dev/gpio/gpioiic.c

Instead of casting the "data" parameter to an int pointer and dereferencing, it
dereferences the caddr_t (a char *) and then casts that value to an int.
Currently, on little-endian systems it happens to work as expected, but is
broken for other hardware.

gpioiic_callback(device_t dev, int index, caddr_t data)
{
        struct gpioiic_softc    *sc = device_get_softc(dev);
        int error, how;

        how = GPIOBUS_DONTWAIT;
        if (data != NULL && (int)*data == IIC_WAIT)
                how = GPIOBUS_WAIT;
        error = 0;
        switch (index) {
        case IIC_REQUEST_BUS:
                error = GPIOBUS_ACQUIRE_BUS(sc->sc_busdev, sc->sc_dev, how);
                break;

Patch file included.

Side note: To increase efficiency, it could be changed to an if/else setting of
"how" and moved into the IIC_REQUEST_BUS switch entry, as only that code uses
it.

-- 
You are receiving this mail because:
You are the assignee for the bug.