diff mbox series

interconnect: qcom: rpm: allocate enough data in probe()

Message ID a0f6184c-c2b5-4e8d-9b8a-867ae83f3094@kili.mountain (mailing list archive)
State Superseded
Headers show
Series interconnect: qcom: rpm: allocate enough data in probe() | expand

Commit Message

Dan Carpenter May 23, 2023, 8:11 a.m. UTC
This was allocating "sizeof(qp->intf_clks)" which is the size of a
pointer instead of "sizeof(*qp->intf_clks)" which is the size of the
struct (8 bytes vs 16 bytes on a 64bit system).

Fixes: 2e2113c8a64f ("interconnect: qcom: rpm: Handle interface clocks")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/interconnect/qcom/icc-rpm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Konrad Dybcio May 23, 2023, 8:31 a.m. UTC | #1
On 23.05.2023 10:11, Dan Carpenter wrote:
> This was allocating "sizeof(qp->intf_clks)" which is the size of a
> pointer instead of "sizeof(*qp->intf_clks)" which is the size of the
> struct (8 bytes vs 16 bytes on a 64bit system).
> 
> Fixes: 2e2113c8a64f ("interconnect: qcom: rpm: Handle interface clocks")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Whoops. Guess I was just really really lucky that nothing blew up for me.

Thanks.

Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>

Konrad
> ---
>  drivers/interconnect/qcom/icc-rpm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/interconnect/qcom/icc-rpm.c b/drivers/interconnect/qcom/icc-rpm.c
> index f4627c4a1bdd..7a21a03a0382 100644
> --- a/drivers/interconnect/qcom/icc-rpm.c
> +++ b/drivers/interconnect/qcom/icc-rpm.c
> @@ -436,7 +436,7 @@ int qnoc_probe(struct platform_device *pdev)
>  	if (!qp)
>  		return -ENOMEM;
>  
> -	qp->intf_clks = devm_kzalloc(dev, sizeof(qp->intf_clks), GFP_KERNEL);
> +	qp->intf_clks = devm_kzalloc(dev, sizeof(*qp->intf_clks), GFP_KERNEL);
>  	if (!qp->intf_clks)
>  		return -ENOMEM;
>
Dan Carpenter May 23, 2023, 9:47 a.m. UTC | #2
On Tue, May 23, 2023 at 10:31:27AM +0200, Konrad Dybcio wrote:
> 
> 
> On 23.05.2023 10:11, Dan Carpenter wrote:
> > This was allocating "sizeof(qp->intf_clks)" which is the size of a
> > pointer instead of "sizeof(*qp->intf_clks)" which is the size of the
> > struct (8 bytes vs 16 bytes on a 64bit system).
> > 
> > Fixes: 2e2113c8a64f ("interconnect: qcom: rpm: Handle interface clocks")
> > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> Whoops. Guess I was just really really lucky that nothing blew up for me.
> 
> Thanks.
> 
> Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>

Hold up.  Wait...  Let's not apply this.  The bug is more severe than I
saw initially.  It should be:

	qp->intf_clks = devm_kcalloc(dev, cd_num, sizeof(*qp->intf_clks),
				     GFP_KERNEL);

Did we only test with cd_num set to zero?

regards,
dan carpenter
Konrad Dybcio May 23, 2023, 10:05 a.m. UTC | #3
On 23.05.2023 11:47, Dan Carpenter wrote:
> On Tue, May 23, 2023 at 10:31:27AM +0200, Konrad Dybcio wrote:
>>
>>
>> On 23.05.2023 10:11, Dan Carpenter wrote:
>>> This was allocating "sizeof(qp->intf_clks)" which is the size of a
>>> pointer instead of "sizeof(*qp->intf_clks)" which is the size of the
>>> struct (8 bytes vs 16 bytes on a 64bit system).
>>>
>>> Fixes: 2e2113c8a64f ("interconnect: qcom: rpm: Handle interface clocks")
>>> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
>> Whoops. Guess I was just really really lucky that nothing blew up for me.
>>
>> Thanks.
>>
>> Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
> 
> Hold up.  Wait...  Let's not apply this.  The bug is more severe than I
> saw initially.  It should be:
> 
> 	qp->intf_clks = devm_kcalloc(dev, cd_num, sizeof(*qp->intf_clks),
> 				     GFP_KERNEL);
> 
> Did we only test with cd_num set to zero?
No, I also had buses using cd_num >= 1..

Interestingly enough the clocks with the higher indices *did*
in fact get enabled (the platform would otherwise crash on set_bw
during sync_state if they didn't), at least in the

probe (-> allocate) -> sync_state

path.


But there's not a whole lot of allocations in between, so perhaps
it must have been luck as well..

TYSM for catching this..

Konrad
> 
> regards,
> dan carpenter
> 
>
diff mbox series

Patch

diff --git a/drivers/interconnect/qcom/icc-rpm.c b/drivers/interconnect/qcom/icc-rpm.c
index f4627c4a1bdd..7a21a03a0382 100644
--- a/drivers/interconnect/qcom/icc-rpm.c
+++ b/drivers/interconnect/qcom/icc-rpm.c
@@ -436,7 +436,7 @@  int qnoc_probe(struct platform_device *pdev)
 	if (!qp)
 		return -ENOMEM;
 
-	qp->intf_clks = devm_kzalloc(dev, sizeof(qp->intf_clks), GFP_KERNEL);
+	qp->intf_clks = devm_kzalloc(dev, sizeof(*qp->intf_clks), GFP_KERNEL);
 	if (!qp->intf_clks)
 		return -ENOMEM;