• Michal Nazarewicz's avatar
    drivers: w1: make w1_slave::flags long to avoid memory corruption · bb670937
    Michal Nazarewicz authored
    On architectures where long is more then 32 bits, modifying a 32-bit field
    with set_bit (and other atomic bit operations) may cause bytes following
    the field to by modified.
    
    Because the endianness of the bits within a field is the native endianness
    of the CPU[1], on big-endian machines, bit number zero is in the last byte
    of the field.
    
    Therefore, `set_bit(0, ptr)' on a 64-bit big-endian machine is roughly
    equivalent to `((char *)ptr)[7] |= 1', and since w1 driver uses a 32-bit
    field for holding the flags, this causes bytes beyond the field to be
    modified.
    
    [1] From Documentation/atomic_ops.txt:
    
        Native atomic bit operations are defined to operate on objects
        aligned to the size of an "unsigned long" C data type, and are
        least of that size.  The endianness of the bits within each
        "unsigned long" are the native endianness of the cpu.
    Signed-off-by: default avatarMichal Nazarewicz <mina86@mina86.com>
    Cc: Evgeniy Polyakov <zbr@ioremap.net>
    Cc: Greg KH <greg@kroah.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    bb670937
w1.c 26.3 KB