| Message ID | 20230227102425.793841-1-AVKrasnov@sberdevices.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2343070wrd;
Mon, 27 Feb 2023 02:42:42 -0800 (PST)
X-Google-Smtp-Source:
AK7set9nye1weJ3VgIJZtdYtwrpVMbI3xFaK+PhqxgsUM7ODq/2vOr4ddPV9nnDMT3oHVZZJR3ao
X-Received: by 2002:a05:6a20:1451:b0:cb:c015:92a6 with SMTP id
a17-20020a056a20145100b000cbc01592a6mr8971974pzi.7.1677494561831;
Mon, 27 Feb 2023 02:42:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1677494561; cv=none;
d=google.com; s=arc-20160816;
b=nlOkwhl+RJKEj2UGmhSqgARWmfh4AzJToVeUKc/4nw1h83xA0G96Ph71aEwiQTCuFT
MbeCS2q1kl8tfsjppMxADzrhU2Oa+4XLOiVo7rTg36E16acnP5qpzjrTGWsXjX6tmTMf
Rx4OeKZEFlJBif8oQX7LJjO336u28SIMsKE5+g4KuESVfzkeWVD66YrRSW9t9U+k2JWN
wwrF1+eBDq96rxhvC0+prmyYWmpfAyBZql25vW2DgkKLGyQytqzbpBxEBQuz9aSQD9I3
VohSSetMAkz4D6tzPG8B9D6JyYJEM15OOJ+P59LOXZu/uvYkWl3b0eV+K1U86HD4bXB+
rRJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=MppIxpko7T4GyVpYzjU00G1Fh//Y3U4fwtIp1SQRQQs=;
b=z8jL49kjscah+SMPTHTo/2oKA17jvMKvDUxgWn4ED/3PaFGGwOSkLRaHCh3UDQg58Q
6QXlX45u5CEJgR+RbmyNsaeT67L9SeUq9RwOe8ndDfF+dm2LinQxXoCWMfU6EsQpnYCo
bj/rYHeV4Ifn9/1WRaR3RmVQOICXc5m6BOeuT0fGnd1NRfhPuEAYWLktV4CP/qjCefMp
weZZk9SkgAAfAfIWL5HK2Wy8J1G/Dc2v77GgLQaAkw/addSCQhH/KhCQBFWy1LdjGpyA
9wibTUD//fDiX4kMMP3ITNGYuYvT72zxZwaj56wdIuw5b6M17hjV6ZbpvD4PWm6fcDxH
WYRw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@sberdevices.ru header.s=mail header.b=f2zOtEnY;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=sberdevices.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
n29-20020a63a51d000000b00502d6decabesi6467342pgf.218.2023.02.27.02.42.28;
Mon, 27 Feb 2023 02:42:41 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@sberdevices.ru header.s=mail header.b=f2zOtEnY;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=sberdevices.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229615AbjB0K13 (ORCPT <rfc822;wenzhi022@gmail.com> + 99 others);
Mon, 27 Feb 2023 05:27:29 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37598 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229737AbjB0K11 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 27 Feb 2023 05:27:27 -0500
Received: from mx.sberdevices.ru (mx.sberdevices.ru [45.89.227.171])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B53C2055B
for <linux-kernel@vger.kernel.org>;
Mon, 27 Feb 2023 02:27:23 -0800 (PST)
Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1])
by mx.sberdevices.ru (Postfix) with ESMTP id B35CD5FD10;
Mon, 27 Feb 2023 13:27:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru;
s=mail; t=1677493641;
bh=MppIxpko7T4GyVpYzjU00G1Fh//Y3U4fwtIp1SQRQQs=;
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
b=f2zOtEnYwDtmf4p/2hvUN+8nu7fNT4bz4kUP4hesggNnrWUVp+T7FX3kzffzdZgS9
K6bTHUazjr3jxPPjxccAL53iH59c5SaSb6yBLuy2FfBTsZLacytXn/lSd84pJoS7XL
RW15ufVODD+fkzSKh0piYhpwKO6G5+o/TckjovR5SDv1+e4zHDRc4b1t7s83Y/HXuZ
BLUeWtZvsDvKN0HeqEEVk26zcbBzPaSKpZNOTf9xqP06nFZ7mJqYViDiMKUEprh4KV
l2RrfyIGOXIc/y+pLwJ/bBR4q3syVhodpdhimUhpRmgUDVBBevO7EWd09U07hXOWlO
5wsHW5lm4SY+g==
Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru
[172.16.1.4])
by mx.sberdevices.ru (Postfix) with ESMTP;
Mon, 27 Feb 2023 13:27:20 +0300 (MSK)
From: Arseniy Krasnov <AVKrasnov@sberdevices.ru>
To: Liang Yang <liang.yang@amlogic.com>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
Neil Armstrong <neil.armstrong@linaro.org>,
Kevin Hilman <khilman@baylibre.com>,
Jerome Brunet <jbrunet@baylibre.com>,
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
CC: <linux-mtd@lists.infradead.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-amlogic@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, <kernel@sberdevices.ru>,
<oxffffaa@gmail.com>, Arseniy Krasnov <AVKrasnov@sberdevices.ru>
Subject: [PATCH v4] mtd: rawnand: meson: initialize struct with zeroes
Date: Mon, 27 Feb 2023 13:24:25 +0300
Message-ID: <20230227102425.793841-1-AVKrasnov@sberdevices.ru>
X-Mailer: git-send-email 2.35.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Originating-IP: [172.16.1.6]
X-ClientProxiedBy: S-MS-EXCH02.sberdevices.ru (172.16.1.5) To
S-MS-EXCH01.sberdevices.ru (172.16.1.4)
X-KSMG-Rule-ID: 4
X-KSMG-Message-Action: clean
X-KSMG-AntiSpam-Status: not scanned, disabled by settings
X-KSMG-AntiSpam-Interceptor-Info: not scanned
X-KSMG-AntiPhishing: not scanned, disabled by settings
X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30,
bases: 2023/02/27 08:09:00 #20900247
X-KSMG-AntiVirus-Status: Clean, skipped
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1758980538073529682?=
X-GMAIL-MSGID: =?utf-8?q?1758980538073529682?=
|
| Series |
[v4] mtd: rawnand: meson: initialize struct with zeroes
|
|
Commit Message
Arseniy Krasnov
Feb. 27, 2023, 10:24 a.m. UTC
This structure must be zeroed, because it's field 'hw->core' is used as
'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized.
This happens, because when this struct is not zeroed, pointer 'hw' is
"initialized" by garbage, which is valid pointer, but points to some
garbage. So 'hw' will be dereferenced, but 'core' contains some random
data which will be interpreted as a pointer. The following backtrace is
result of dereference of such pointer:
[ 1.081319] __clk_register+0x414/0x820
[ 1.085113] devm_clk_register+0x64/0xd0
[ 1.088995] meson_nfc_probe+0x258/0x6ec
[ 1.092875] platform_probe+0x70/0xf0
[ 1.096498] really_probe+0xc8/0x3e0
[ 1.100034] __driver_probe_device+0x84/0x190
[ 1.104346] driver_probe_device+0x44/0x120
[ 1.108487] __driver_attach+0xb4/0x220
[ 1.112282] bus_for_each_dev+0x78/0xd0
[ 1.116077] driver_attach+0x2c/0x40
[ 1.119613] bus_add_driver+0x184/0x240
[ 1.123408] driver_register+0x80/0x140
[ 1.127203] __platform_driver_register+0x30/0x40
[ 1.131860] meson_nfc_driver_init+0x24/0x30
Changelog:
v1 -> v2:
* More details in the commit message.
v2 -> v3:
* Add 'a' article to "interpreted as a pointer".
v3 -> v4:
* Add changelog.
Fixes: 1e4d3ba66888 ("mtd: rawnand: meson: fix the clock")
Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
---
drivers/mtd/nand/raw/meson_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Mon, 2023-02-27 at 10:24:25 UTC, Arseniy Krasnov wrote: > This structure must be zeroed, because it's field 'hw->core' is used as > 'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized. > This happens, because when this struct is not zeroed, pointer 'hw' is > "initialized" by garbage, which is valid pointer, but points to some > garbage. So 'hw' will be dereferenced, but 'core' contains some random > data which will be interpreted as a pointer. The following backtrace is > result of dereference of such pointer: > > [ 1.081319] __clk_register+0x414/0x820 > [ 1.085113] devm_clk_register+0x64/0xd0 > [ 1.088995] meson_nfc_probe+0x258/0x6ec > [ 1.092875] platform_probe+0x70/0xf0 > [ 1.096498] really_probe+0xc8/0x3e0 > [ 1.100034] __driver_probe_device+0x84/0x190 > [ 1.104346] driver_probe_device+0x44/0x120 > [ 1.108487] __driver_attach+0xb4/0x220 > [ 1.112282] bus_for_each_dev+0x78/0xd0 > [ 1.116077] driver_attach+0x2c/0x40 > [ 1.119613] bus_add_driver+0x184/0x240 > [ 1.123408] driver_register+0x80/0x140 > [ 1.127203] __platform_driver_register+0x30/0x40 > [ 1.131860] meson_nfc_driver_init+0x24/0x30 > > Changelog: > v1 -> v2: > * More details in the commit message. > v2 -> v3: > * Add 'a' article to "interpreted as a pointer". > v3 -> v4: > * Add changelog. > > Fixes: 1e4d3ba66888 ("mtd: rawnand: meson: fix the clock") > Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru> > Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> > Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git mtd/fixes, thanks. Miquel
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c index 5ee01231ac4c..30e326adabfc 100644 --- a/drivers/mtd/nand/raw/meson_nand.c +++ b/drivers/mtd/nand/raw/meson_nand.c @@ -991,7 +991,7 @@ static const struct mtd_ooblayout_ops meson_ooblayout_ops = { static int meson_nfc_clk_init(struct meson_nfc *nfc) { - struct clk_parent_data nfc_divider_parent_data[1]; + struct clk_parent_data nfc_divider_parent_data[1] = {0}; struct clk_init_data init = {0}; int ret;