| Message ID | 20230227095906.754178-1-AVKrasnov@sberdevices.ru (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] mtd: rawnand: meson: initialize struct with zeroes | expand |
On 27/02/2023 10:59, Arseniy Krasnov wrote: > This structure must be zeroed, because it's field 'hw->core' is used as > 'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized. > This happens, because when this struct is not zeroed, pointer 'hw' is > "initialized" by garbage, which is valid pointer, but points to some > garbage. So 'hw' will be dereferenced, but 'core' contains some random > data which will be interpreted as a pointer. The following backtrace is > result of dereference of such pointer: > > [ 1.081319] __clk_register+0x414/0x820 > [ 1.085113] devm_clk_register+0x64/0xd0 > [ 1.088995] meson_nfc_probe+0x258/0x6ec > [ 1.092875] platform_probe+0x70/0xf0 > [ 1.096498] really_probe+0xc8/0x3e0 > [ 1.100034] __driver_probe_device+0x84/0x190 > [ 1.104346] driver_probe_device+0x44/0x120 > [ 1.108487] __driver_attach+0xb4/0x220 > [ 1.112282] bus_for_each_dev+0x78/0xd0 > [ 1.116077] driver_attach+0x2c/0x40 > [ 1.119613] bus_add_driver+0x184/0x240 > [ 1.123408] driver_register+0x80/0x140 > [ 1.127203] __platform_driver_register+0x30/0x40 > [ 1.131860] meson_nfc_driver_init+0x24/0x30 > > Fixes: 1e4d3ba66888 ("mtd: rawnand: meson: fix the clock") > Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru> > Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> > --- > drivers/mtd/nand/raw/meson_nand.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c > index 5ee01231ac4c..30e326adabfc 100644 > --- a/drivers/mtd/nand/raw/meson_nand.c > +++ b/drivers/mtd/nand/raw/meson_nand.c > @@ -991,7 +991,7 @@ static const struct mtd_ooblayout_ops meson_ooblayout_ops = { > > static int meson_nfc_clk_init(struct meson_nfc *nfc) > { > - struct clk_parent_data nfc_divider_parent_data[1]; > + struct clk_parent_data nfc_divider_parent_data[1] = {0}; > struct clk_init_data init = {0}; > int ret; > Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Hi Arseniy, AVKrasnov@sberdevices.ru wrote on Mon, 27 Feb 2023 12:59:06 +0300: > This structure must be zeroed, because it's field 'hw->core' is used as > 'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized. > This happens, because when this struct is not zeroed, pointer 'hw' is > "initialized" by garbage, which is valid pointer, but points to some > garbage. So 'hw' will be dereferenced, but 'core' contains some random > data which will be interpreted as a pointer. The following backtrace is > result of dereference of such pointer: > > [ 1.081319] __clk_register+0x414/0x820 > [ 1.085113] devm_clk_register+0x64/0xd0 > [ 1.088995] meson_nfc_probe+0x258/0x6ec > [ 1.092875] platform_probe+0x70/0xf0 > [ 1.096498] really_probe+0xc8/0x3e0 > [ 1.100034] __driver_probe_device+0x84/0x190 > [ 1.104346] driver_probe_device+0x44/0x120 > [ 1.108487] __driver_attach+0xb4/0x220 > [ 1.112282] bus_for_each_dev+0x78/0xd0 > [ 1.116077] driver_attach+0x2c/0x40 > [ 1.119613] bus_add_driver+0x184/0x240 > [ 1.123408] driver_register+0x80/0x140 > [ 1.127203] __platform_driver_register+0x30/0x40 > [ 1.131860] meson_nfc_driver_init+0x24/0x30 > > Fixes: 1e4d3ba66888 ("mtd: rawnand: meson: fix the clock") > Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru> > Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> > --- The changelog is missing, I need to know what's different. Also if you resend with a changelog, please include Neil's tag. > drivers/mtd/nand/raw/meson_nand.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c > index 5ee01231ac4c..30e326adabfc 100644 > --- a/drivers/mtd/nand/raw/meson_nand.c > +++ b/drivers/mtd/nand/raw/meson_nand.c > @@ -991,7 +991,7 @@ static const struct mtd_ooblayout_ops meson_ooblayout_ops = { > > static int meson_nfc_clk_init(struct meson_nfc *nfc) > { > - struct clk_parent_data nfc_divider_parent_data[1]; > + struct clk_parent_data nfc_divider_parent_data[1] = {0}; > struct clk_init_data init = {0}; > int ret; > Thanks, Miquèl
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c index 5ee01231ac4c..30e326adabfc 100644 --- a/drivers/mtd/nand/raw/meson_nand.c +++ b/drivers/mtd/nand/raw/meson_nand.c @@ -991,7 +991,7 @@ static const struct mtd_ooblayout_ops meson_ooblayout_ops = { static int meson_nfc_clk_init(struct meson_nfc *nfc) { - struct clk_parent_data nfc_divider_parent_data[1]; + struct clk_parent_data nfc_divider_parent_data[1] = {0}; struct clk_init_data init = {0}; int ret;
This structure must be zeroed, because it's field 'hw->core' is used as 'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized. This happens, because when this struct is not zeroed, pointer 'hw' is "initialized" by garbage, which is valid pointer, but points to some garbage. So 'hw' will be dereferenced, but 'core' contains some random data which will be interpreted as a pointer. The following backtrace is result of dereference of such pointer: [ 1.081319] __clk_register+0x414/0x820 [ 1.085113] devm_clk_register+0x64/0xd0 [ 1.088995] meson_nfc_probe+0x258/0x6ec [ 1.092875] platform_probe+0x70/0xf0 [ 1.096498] really_probe+0xc8/0x3e0 [ 1.100034] __driver_probe_device+0x84/0x190 [ 1.104346] driver_probe_device+0x44/0x120 [ 1.108487] __driver_attach+0xb4/0x220 [ 1.112282] bus_for_each_dev+0x78/0xd0 [ 1.116077] driver_attach+0x2c/0x40 [ 1.119613] bus_add_driver+0x184/0x240 [ 1.123408] driver_register+0x80/0x140 [ 1.127203] __platform_driver_register+0x30/0x40 [ 1.131860] meson_nfc_driver_init+0x24/0x30 Fixes: 1e4d3ba66888 ("mtd: rawnand: meson: fix the clock") Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru> Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> --- drivers/mtd/nand/raw/meson_nand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)