From patchwork Fri Aug 2 14:52:35 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Srinivas KANDAGATLA X-Patchwork-Id: 2838003 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 9616F9F479 for ; Fri, 2 Aug 2013 15:05:23 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id CE2F420498 for ; Fri, 2 Aug 2013 15:05:18 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8A02420490 for ; Fri, 2 Aug 2013 15:05:17 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1V5Gup-0005Rr-NC; Fri, 02 Aug 2013 15:05:15 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1V5Gun-0005Vc-Ip; Fri, 02 Aug 2013 15:05:13 +0000 Received: from eu1sys200aog111.obsmtp.com ([207.126.144.131]) by merlin.infradead.org with smtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1V5Guk-0005Uk-OI for linux-arm-kernel@lists.infradead.org; Fri, 02 Aug 2013 15:05:12 +0000 Received: from beta.dmz-eu.st.com ([164.129.1.35]) (using TLSv1) by eu1sys200aob111.postini.com ([207.126.147.11]) with SMTP ID DSNKUfvKjFAFISHaRimVLCZlYjT6W6JHtxQH@postini.com; Fri, 02 Aug 2013 15:05:10 UTC Received: from zeta.dmz-eu.st.com (zeta.dmz-eu.st.com [164.129.230.9]) by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 3F21A235; Fri, 2 Aug 2013 15:04:22 +0000 (GMT) Received: from mail7.sgp.st.com (unknown [164.129.223.81]) by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 75019A3EE; Fri, 2 Aug 2013 15:03:53 +0000 (GMT) Received: from localhost (king.bri.st.com [10.65.51.59]) by mail7.sgp.st.com (MOS 4.3.3-GA) with ESMTP id BIY76709 (AUTH srinivak); Fri, 2 Aug 2013 17:04:27 +0200 From: Srinivas KANDAGATLA To: Mike Turquette Subject: [PATCH] clk: prevent out of bounds access of clock parent arrays Date: Fri, 2 Aug 2013 15:52:35 +0100 Message-Id: <1375455155-10610-1-git-send-email-srinivas.kandagatla@st.com> X-Mailer: git-send-email 1.7.6.5 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20130802_110511_160256_B97C338E X-CRM114-Status: GOOD ( 18.68 ) X-Spam-Score: -4.2 (----) Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, stephen.gallimore@st.com X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Stephen Gallimore Clocks implementing the get_parent() op may return an invalid parent index if the hardware is in an undefined state when the clock is created. However the calls of get_parent() in clk.c do not check that the returned index is in range before using it to dereference the clock's parents[] and parent_names[] arrays. This patch adds checks against the number of clock parents to prevent an incorrect access to the clock state. This does not otherwise change the use of get_parent() and will leave a clock, with an undefined parent, orphaned until a valid parent is set through the clock API. Signed-off-by: Stephen Gallimore --- Notes: There are two clocks, clk-mux and the OMAP2 dpll, that currently return -EINVAL, which as the return type of get_parent() is a u8 will result in an index value of 234. Mike is aware of this and was already thinking about changing the get_parent() prototype and usage. That should not remove the need for the tests added by this patch, but may require them to be modified later depending on exactly what Mike decides to do. drivers/clk/clk.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index 54a191c..b5032d0 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -1309,6 +1309,8 @@ static struct clk *__clk_init_parent(struct clk *clk) */ index = clk->ops->get_parent(clk->hw); + if (index >= clk->num_parents) + goto out; if (!clk->parents) clk->parents = @@ -1630,8 +1632,9 @@ int __clk_init(struct device *dev, struct clk *clk) hlist_for_each_entry_safe(orphan, tmp2, &clk_orphan_list, child_node) { if (orphan->ops->get_parent) { i = orphan->ops->get_parent(orphan->hw); - if (!strcmp(clk->name, orphan->parent_names[i])) - __clk_reparent(orphan, clk); + if (i < orphan->num_parents) + if (!strcmp(clk->name, orphan->parent_names[i])) + __clk_reparent(orphan, clk); continue; }