| Age | Commit message (Collapse) | Author |
|---|
|
[ Upstream commit fc92d9e3de0b2d30a3ccc08048a5fad533e4672b ]
KASAN report out-of-bounds read as follows:
BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380
Read of size 4 at addr ffffffffc00e4658 by task cat/278
Call Trace:
afe4404_read_raw
iio_read_channel_info
dev_attr_show
The buggy address belongs to the variable:
afe4404_channel_leds+0x18/0xffffffffffffe9c0
This issue can be reproduce by singe command:
$ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw
The array size of afe4404_channel_leds and afe4404_channel_offdacs
are less than channels, so access with chan->address cause OOB read
in afe4404_[read|write]_raw. Fix it by moving access before use them.
Fixes: b36e8257641a ("iio: health/afe440x: Use regmap fields")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Andrew Davis <afd@ti.com>
Link: https://lore.kernel.org/r/20221107152010.95937-1-weiyongjun@huaweicloud.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit f88ecccac4be348bbcc6d056bdbc622a8955c04d ]
One of a class of bugs pointed out by Lars in a recent review.
iio_push_to_buffers_with_timestamp assumes the buffer used is aligned
to the size of the timestamp (8 bytes). This is not guaranteed in
this driver which uses a 40 byte array of smaller elements on the stack.
As Lars also noted this anti pattern can involve a leak of data to
userspace and that indeed can happen here. We close both issues by
moving to a suitable structure in the iio_priv() data with alignment
explicitly requested. This data is allocated with kzalloc so no
data can leak appart from previous readings.
Fixes: 87aec56e27ef ("iio: health: Add driver for the TI AFE4404 heart monitor")
Reported-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Acked-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
The equivalent of both of these are now done via macro magic when
the relevant register calls are made. The actual structure
elements will shortly go away.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
|
|
The suspend/resume functions were using dev_to_iio_dev() to get
the iio_dev. That only works on IIO dev's. Replace it with i2c
functions to get the correct iio_dev.
Signed-off-by: Alison Schofield <amsfield22@gmail.com>
Acked-by: Andrew F. Davis <afd@ti.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
Rename this definition, no functional changes.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
These definitions are not currently used and if the functionality
they represent is needed the values should be added back to a table
for easy userspace use.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
The current channel number for the LEDs should match the stage
number that they are active during, fix this here.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
Currently the TIA gain settings are exported to userspace as sysfs
entries that do not clearly represent their internal relation to the
sampling stages. The gain settings are enabled on a per-stage basis,
this can be seen in figure 24 of the current AFE4404 datasheet.
These gain settings should therefore be tied to the channels that are
read during these stages. Make this change here.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
These drivers can use regmap fields to access fields in registers, this
allows us to remove some macros/defines and simplify code, do this here.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
These AFEs have 4 ADC mesuring stages (called LED2, ALED2, LED1, and
ALED1 in the datasheet), we map these as channels, these stages can serve
different purposes depending on the application. For instance the AFE4404
has an additional LED (LED3), this LED can be timed to be active during
stage 2 (or anystage, but the datasheet describes this case and the name
of the stage reflects this use). This ability is used further in upcoming
parts that tie the front-end gain and the LED timings together. For these
reasons we remove explicit naming the channels.
Without channel names it is best that the index numbers are in order to
match the stage number, reorder the channel numbers.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
Input channel LED3 is only an alias for stage ALED2, this virtual channel
does nothing for us, remove this channel.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
Locking the two gain stages to the same setting adds no value for us,
so initialize them as unlocked and remove the sysfs for unlocking them.
This also allows us to greatly simplify showing and setting the gain
registers.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
The drivers set some register values during initialization that can be
set at runtime, these defaults were used in testing but are not
necessary, remove these.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
The drivers DT tables are not built-in when OF is not enabled, this does
not save us enough to justify ugly ifdefs. Clean this up.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
Fix kernel-doc formatting for structs, and while we are making little
fixes, clarify the module description and update the copywrite.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
The newly added afe4404 driver implements suspend/resume using the
SIMPLE_DEV_PM_OPS() macro, which leaves out references to the actual
functions when CONFIG_PM is disabled, causing a harmless warning:
health/afe4404.c:509:12: error: 'afe4404_suspend' defined but not used
health/afe4404.c:530:12: error: 'afe4404_resume' defined but not used
This marks the functions as __maybe_unused so we don't get those
warnings.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 87aec56e27ef ("iio: health: Add driver for the TI AFE4404 heart monitor")
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
|
Add driver for the TI AFE4404 heart rate monitor and pulse oximeter.
This device detects reflected LED light fluctuations and presents an ADC
value to the user space for further signal processing.
Datasheet: http://www.ti.com/product/AFE4404/datasheet
Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
|
Wei Yongjun
Jonathan Cameron
Jonathan Cameron
Alison Schofield
Andrew F. Davis
Arnd Bergmann