From patchwork Thu Feb 29 12:22:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Duoming Zhou X-Patchwork-Id: 13577061 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E782EC54798 for ; Thu, 29 Feb 2024 12:23:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:Subject:Cc:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=NOHH8HR8b5uX+4jKo6QZyAE/nfpMHbn7Z5sh3OIxUVk=; b=sbMItNQGe9tmX5 B1W/41cN7pNFHUJ80QM8L4kAaoJLt7YPHTmUN0TVycCynqL63r65TrbBAhLEOEj8uSYy+ppUU1hQe PgNA2At27zkeyxSWiMV6zbHcU8E/bo2rS59t8wF6JpYedHW+nQU+QhRhmqbaGCfh+A2nHjW4U/rCk pgPOMLxsToMYvTB8ZNAPAl/+017zoreINNhd2fwGlbfDL9SVvEFl7+/k2/xjNh1mBEtcwu9KOzhz+ 9EP25sZnNDmc3bW6lzAdW9s3m7xSf3zIV74MfZ5L/2tD5s3+OrDFak/caXfqu33t9dE/uAcBo8LE3 wdXcCMjCtcn/qJbE/kng==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rffRa-0000000DUxo-2Oan; Thu, 29 Feb 2024 12:23:22 +0000 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rffRW-0000000DUx3-2gcX for linux-arm-kernel@lists.infradead.org; Thu, 29 Feb 2024 12:23:21 +0000 Received: from ubuntu.localdomain (unknown [218.12.19.137]) by mail-app2 (Coremail) with SMTP id by_KCgB3uKcbd+BlOY1oAg--.37484S2; Thu, 29 Feb 2024 20:23:00 +0800 (CST) From: Duoming Zhou To: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, linux-clk@vger.kernel.org, michal.simek@amd.com, sboyd@kernel.org, mturquette@baylibre.com, Duoming Zhou Subject: [PATCH v2] clk: zynq: Prevent null pointer dereference caused by kmalloc failure Date: Thu, 29 Feb 2024 20:22:50 +0800 Message-Id: <20240229122250.24786-1-duoming@zju.edu.cn> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: by_KCgB3uKcbd+BlOY1oAg--.37484S2 X-Coremail-Antispam: 1UD129KBjvJXoWrtw1fCr1xCFW3XF1fKFy3urg_yoW8JF1xpF WxWrn0yF4DWr4qgFZrCFyxZrWS9ay7Wa42g34Iq34vvrn8JFWUWFW5CF95ZF18XrWfWFW3 tF4Utr48W3WUC3JanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUkC14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4U JVWxJr1l84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_Gc CE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E 2Ix0cI8IcVAFwI0_JrI_JrylYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWUJV W8JwACjcxG0xvY0x0EwIxGrwACjI8F5VA0II8E6IAqYI8I648v4I1lc7CjxVAaw2AFwI0_ JF0_Jw1l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67 AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMIIY rxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14 v26r1j6r4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8 JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjfUr2-eDU UUU X-CM-SenderInfo: qssqjiasttq6lmxovvfxof0/1tbiAwIGAWXfgNMODgAmsJ X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240229_042318_878098_5536C1F6 X-CRM114-Status: GOOD ( 10.75 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf to write data to the null address, the null pointer dereference bug will happen. This patch adds a stack variable to replace the kmalloc(). Fixes: 0ee52b157b8e ("clk: zynq: Add clock controller driver") Signed-off-by: Duoming Zhou --- Changes in v2: - Use stack variable to replace kmalloc(). drivers/clk/zynq/clkc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/clk/zynq/clkc.c b/drivers/clk/zynq/clkc.c index 7bdeaff2bfd..e4c4c9adf79 100644 --- a/drivers/clk/zynq/clkc.c +++ b/drivers/clk/zynq/clkc.c @@ -427,7 +427,7 @@ static void __init zynq_clk_setup(struct device_node *np) SLCR_GEM1_CLK_CTRL, 0, 0, &gem1clk_lock); tmp = strlen("mio_clk_00x"); - clk_name = kmalloc(tmp, GFP_KERNEL); + char clk_name[tmp]; for (i = 0; i < NUM_MIO_PINS; i++) { int idx; @@ -439,7 +439,6 @@ static void __init zynq_clk_setup(struct device_node *np) else can_mio_mux_parents[i] = dummy_nm; } - kfree(clk_name); clk_register_mux(NULL, "can_mux", periph_parents, 4, CLK_SET_RATE_NO_REPARENT, SLCR_CAN_CLK_CTRL, 4, 2, 0, &canclk_lock);