From patchwork Tue Feb 21 06:29:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arseniy Krasnov X-Patchwork-Id: 59775 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1709881wrn; Mon, 20 Feb 2023 22:44:54 -0800 (PST) X-Google-Smtp-Source: AK7set/ARCXf/3skvcj1al5P4XYSDDcw+EDJd5d9nNES9LnXpB1hD1faRI4xv+6LlfUrmLtUvoLJ X-Received: by 2002:a17:906:dac1:b0:8b1:2b8b:a1fa with SMTP id xi1-20020a170906dac100b008b12b8ba1famr17987636ejb.47.1676961894335; Mon, 20 Feb 2023 22:44:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676961894; cv=none; d=google.com; s=arc-20160816; b=tkWJcZzor8UIzNxEoGd6YzqIOI4T03RiItyaByiUtEArQP7PXSzsNcQG13ryuKnBPg 77YCBQMdxyHYqeL1DXn6yOgD/fG+J0S4bg/R/Vx1yFWP4bVYEKnqrO1Nw1+bd/o9JdnH b+wKwmiYxw2N+nlRiALWvpDbY+lyzgMnsmAQp6nsBRUlNgLZqXPRJf9ryFsQFFaJiTYz 4ShqhKuiKFGsB80vdxNglvriST0lpASxx17QtklYT/lJvM4oZFSVylbC/RtZ4GUZZPun Xbl1zAzDSwG1yUd4wnh8IYLOPeGbzDuyO3CRzWSufdHEDFCpC7hug+zbp7iAkgbZHPzU ilyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :content-id:content-language:accept-language:message-id:date :thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=J4GGD+2l/dLrAC7SommQy5cNs2a8BqaY2AypKovMSnw=; b=swV7jWI5/aZlU29CzqCTCKvCNXmBlf5e1T84uFtJhFnS1a7LlpZ4IVEnXD19mTu1DV 28PwaG3azh5BPVGY6EY+LcMNWDFA+3lVOg0sQcjzGERzlRpUT13+8Q+5jSHgGpjID7pX mCgtNhPdaAyODV25NL0aWPZxe9t3zCnNbfzDTv7D9l/E5iBI+vi16TrqJD/NDXqF2HSu bLbnEVhlHvXX+52NdYZxu9nXOirQINXdOhuGapby/shF1fFZrQQpuEJUAcKTs9/upmVe hGvtGsq2e44Ut57XR+vY37OMlYieTw70Fs9Fxt6Z2QayiXzhcLcPfn2AIQnb0fvIx6ms XEzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sberdevices.ru header.s=mail header.b=d01pEWMK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=sberdevices.ru Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cp18-20020a17090793d200b008c0bf3018b4si9553031ejc.901.2023.02.20.22.44.31; Mon, 20 Feb 2023 22:44:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@sberdevices.ru header.s=mail header.b=d01pEWMK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=sberdevices.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232954AbjBUG3V (ORCPT + 99 others); Tue, 21 Feb 2023 01:29:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231396AbjBUG3U (ORCPT ); Tue, 21 Feb 2023 01:29:20 -0500 Received: from mx.sberdevices.ru (mx.sberdevices.ru [45.89.227.171]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 174442201E for ; Mon, 20 Feb 2023 22:29:17 -0800 (PST) Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id B26885FD49; Tue, 21 Feb 2023 09:29:13 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1676960953; bh=J4GGD+2l/dLrAC7SommQy5cNs2a8BqaY2AypKovMSnw=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=d01pEWMKvO/OxR3qkpqsGI0Y6AzK34Xjh/y99ZrzKJ/CtUTXBjmk6ICO7DnISVuzV 7hCxRLG1MI3/iXbsCjmmTV7OaI8lunF6RaddES8RNTZ0hwLo0b1kAHPWy0gPjUxyE7 rizvVouo3Z/RCh1jbhz03ygk1Y4jpJFW+ZMLfe308hAW1l3WEQbjps6ZFjPDezTq/M OioG7M6/sna6dQs0jE4coJ5UVzejIB2we4T6gsAkLiZQX7cx/HKjH6aY8HB0dig5JG Nl+am+UQgeiznyCbFkpfZIcfDkKekb4i6PRwLHTwfLJcwF0QidFTU10AsXXb0eNlSN K3pIsYKZ8ZJeA== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Tue, 21 Feb 2023 09:29:11 +0300 (MSK) From: Arseniy Krasnov To: Liang Yang , Miquel Raynal , Richard Weinberger , "Vignesh Raghavendra" , Neil Armstrong , Kevin Hilman , Jerome Brunet , Martin Blumenstingl CC: "linux-mtd@lists.infradead.org" , "linux-arm-kernel@lists.infradead.org" , "linux-amlogic@lists.infradead.org" , "linux-kernel@vger.kernel.org" Subject: [PATCH] mtd: rawnand: meson: initialize struct with zeroes Thread-Topic: [PATCH] mtd: rawnand: meson: initialize struct with zeroes Thread-Index: AQHZRb3PAtJycZT9oEiE8E6P9L5Dug== Date: Tue, 21 Feb 2023 06:29:11 +0000 Message-ID: <60729500-b6ad-6ffe-0550-80d9d61cc3ed@sberdevices.ru> Accept-Language: en-US, ru-RU Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.16.1.12] Content-ID: <0BA35F9B4A40D0469BBEC1BD52087B87@sberdevices.ru> MIME-Version: 1.0 X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/02/21 02:56:00 #20885447 X-KSMG-AntiVirus-Status: Clean, skipped X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758421994945093393?= X-GMAIL-MSGID: =?utf-8?q?1758421994945093393?= This structure must be zeroed, because it's field 'hw->core' is used as 'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized. This happens, because when this struct is not zeroed, pointer 'hw' is "initialized" by garbage, which is valid pointer, but points to some garbage. So 'hw' will be dereferenced, but 'core' contains some random data which will be interpreted as pointer. The following backtrace is result of dereference of such pointer: [ 1.081319] __clk_register+0x414/0x820 [ 1.085113] devm_clk_register+0x64/0xd0 [ 1.088995] meson_nfc_probe+0x258/0x6ec [ 1.092875] platform_probe+0x70/0xf0 [ 1.096498] really_probe+0xc8/0x3e0 [ 1.100034] __driver_probe_device+0x84/0x190 [ 1.104346] driver_probe_device+0x44/0x120 [ 1.108487] __driver_attach+0xb4/0x220 [ 1.112282] bus_for_each_dev+0x78/0xd0 [ 1.116077] driver_attach+0x2c/0x40 [ 1.119613] bus_add_driver+0x184/0x240 [ 1.123408] driver_register+0x80/0x140 [ 1.127203] __platform_driver_register+0x30/0x40 [ 1.131860] meson_nfc_driver_init+0x24/0x30 Signed-off-by: Arseniy Krasnov --- drivers/mtd/nand/raw/meson_nand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.35.0 diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c index 5ee01231ac4c..30e326adabfc 100644 --- a/drivers/mtd/nand/raw/meson_nand.c +++ b/drivers/mtd/nand/raw/meson_nand.c @@ -991,7 +991,7 @@ static const struct mtd_ooblayout_ops meson_ooblayout_ops = { static int meson_nfc_clk_init(struct meson_nfc *nfc) { - struct clk_parent_data nfc_divider_parent_data[1]; + struct clk_parent_data nfc_divider_parent_data[1] = {0}; struct clk_init_data init = {0}; int ret;