| Message ID | 20240425-cbl-bcm-assign-counted-by-val-before-access-v1-1-e2db3b82d5ef@kernel.org (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 9368cdf90f52a68120d039887ccff74ff33b4444 |
| Headers | show |
| Series | clk: bcm: Move a couple of __counted_by initializations | expand |
On Thu, Apr 25, 2024 at 09:55:51AM -0700, Nathan Chancellor wrote: > Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with > __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' > with __counted_by, which informs the bounds sanitizer about the number > of elements in hws, so that it can warn when hws is accessed out of > bounds. As noted in that change, the __counted_by member must be > initialized with the number of elements before the first array access > happens, otherwise there will be a warning from each access prior to the > initialization because the number of elements is zero. This occurs in > clk_dvp_probe() due to ->num being assigned after ->hws has been > accessed: > > UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2 > index 0 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]') > > Move the ->num initialization to before the first access of ->hws, which > clears up the warning. > > Cc: stable@vger.kernel.org > Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") > Signed-off-by: Nathan Chancellor <nathan@kernel.org> Thanks for finding this! Reviewed-by: Kees Cook <keescook@chromium.org>
On 4/25/24 09:55, Nathan Chancellor wrote: > Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with > __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' > with __counted_by, which informs the bounds sanitizer about the number > of elements in hws, so that it can warn when hws is accessed out of > bounds. As noted in that change, the __counted_by member must be > initialized with the number of elements before the first array access > happens, otherwise there will be a warning from each access prior to the > initialization because the number of elements is zero. This occurs in > clk_dvp_probe() due to ->num being assigned after ->hws has been > accessed: > > UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2 > index 0 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]') > > Move the ->num initialization to before the first access of ->hws, which > clears up the warning. > > Cc: stable@vger.kernel.org > Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") > Signed-off-by: Nathan Chancellor <nathan@kernel.org> Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Quoting Nathan Chancellor (2024-04-25 09:55:51) > Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with > __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' > with __counted_by, which informs the bounds sanitizer about the number > of elements in hws, so that it can warn when hws is accessed out of > bounds. As noted in that change, the __counted_by member must be > initialized with the number of elements before the first array access > happens, otherwise there will be a warning from each access prior to the > initialization because the number of elements is zero. This occurs in > clk_dvp_probe() due to ->num being assigned after ->hws has been > accessed: > > UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2 > index 0 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]') > > Move the ->num initialization to before the first access of ->hws, which > clears up the warning. > > Cc: stable@vger.kernel.org > Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") > Signed-off-by: Nathan Chancellor <nathan@kernel.org> > --- Applied to clk-next
diff --git a/drivers/clk/bcm/clk-bcm2711-dvp.c b/drivers/clk/bcm/clk-bcm2711-dvp.c index e4fbbf3c40fe..3cb235df9d37 100644 --- a/drivers/clk/bcm/clk-bcm2711-dvp.c +++ b/drivers/clk/bcm/clk-bcm2711-dvp.c @@ -56,6 +56,8 @@ static int clk_dvp_probe(struct platform_device *pdev) if (ret) return ret; + data->num = NR_CLOCKS; + data->hws[0] = clk_hw_register_gate_parent_data(&pdev->dev, "hdmi0-108MHz", &clk_dvp_parent, 0, @@ -76,7 +78,6 @@ static int clk_dvp_probe(struct platform_device *pdev) goto unregister_clk0; } - data->num = NR_CLOCKS; ret = of_clk_add_hw_provider(pdev->dev.of_node, of_clk_hw_onecell_get, data); if (ret)
Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer about the number of elements in hws, so that it can warn when hws is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialization because the number of elements is zero. This occurs in clk_dvp_probe() due to ->num being assigned after ->hws has been accessed: UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2 index 0 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]') Move the ->num initialization to before the first access of ->hws, which clears up the warning. Cc: stable@vger.kernel.org Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") Signed-off-by: Nathan Chancellor <nathan@kernel.org> --- drivers/clk/bcm/clk-bcm2711-dvp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)