From patchwork Mon Feb 27 10:24:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arseniy Krasnov X-Patchwork-Id: 13153165 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 98829C64ED8 for ; Mon, 27 Feb 2023 10:28:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=J0hAXxoBhZppL3tcadRe9WvMpcQu+iJosKaHwmfM9Rg=; b=AITDvtTqW5vT9Y ochfi9BIkkDfSkUXVXeDAAFJIj4PI32vB332TVRdhf1GNu84Vpt2QhQyriMeXclrw0/lb7x9qea1I vX/Fj/mlZHLZ8uX6M0J4TrI9wtcIgcKGO71rWYr+sNltW8DkwoGYCqdpqTBaW08iVpa7jeg4AHIyF KMVkw1gettn4AyfjTeK2/CZf1no/3dBc9sj3NfMryZgqtJoR0P1bn+fwXrfdb/XDZsb8a1l2vL45p nHQiYow8b1Xne7JnmcopxH/8Nkoa5VNkLXZWAwrGFurqPKocKejf6yB1gedfVREXiNhXdmEbx1cs2 mgllIzZMciydE5eiUJFw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pWajA-009DiE-SI; Mon, 27 Feb 2023 10:27:28 +0000 Received: from mx.sberdevices.ru ([45.89.227.171]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pWaj6-009Dge-66; Mon, 27 Feb 2023 10:27:26 +0000 Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id B35CD5FD10; Mon, 27 Feb 2023 13:27:21 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1677493641; bh=MppIxpko7T4GyVpYzjU00G1Fh//Y3U4fwtIp1SQRQQs=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=f2zOtEnYwDtmf4p/2hvUN+8nu7fNT4bz4kUP4hesggNnrWUVp+T7FX3kzffzdZgS9 K6bTHUazjr3jxPPjxccAL53iH59c5SaSb6yBLuy2FfBTsZLacytXn/lSd84pJoS7XL RW15ufVODD+fkzSKh0piYhpwKO6G5+o/TckjovR5SDv1+e4zHDRc4b1t7s83Y/HXuZ BLUeWtZvsDvKN0HeqEEVk26zcbBzPaSKpZNOTf9xqP06nFZ7mJqYViDiMKUEprh4KV l2RrfyIGOXIc/y+pLwJ/bBR4q3syVhodpdhimUhpRmgUDVBBevO7EWd09U07hXOWlO 5wsHW5lm4SY+g== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Mon, 27 Feb 2023 13:27:20 +0300 (MSK) From: Arseniy Krasnov To: Liang Yang , Miquel Raynal , Richard Weinberger , Vignesh Raghavendra , Neil Armstrong , Kevin Hilman , Jerome Brunet , Martin Blumenstingl CC: , , , , , , Arseniy Krasnov Subject: [PATCH v4] mtd: rawnand: meson: initialize struct with zeroes Date: Mon, 27 Feb 2023 13:24:25 +0300 Message-ID: <20230227102425.793841-1-AVKrasnov@sberdevices.ru> X-Mailer: git-send-email 2.35.0 MIME-Version: 1.0 X-Originating-IP: [172.16.1.6] X-ClientProxiedBy: S-MS-EXCH02.sberdevices.ru (172.16.1.5) To S-MS-EXCH01.sberdevices.ru (172.16.1.4) X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/02/27 08:09:00 #20900247 X-KSMG-AntiVirus-Status: Clean, skipped X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230227_022724_628009_BB19B590 X-CRM114-Status: GOOD ( 12.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This structure must be zeroed, because it's field 'hw->core' is used as 'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized. This happens, because when this struct is not zeroed, pointer 'hw' is "initialized" by garbage, which is valid pointer, but points to some garbage. So 'hw' will be dereferenced, but 'core' contains some random data which will be interpreted as a pointer. The following backtrace is result of dereference of such pointer: [ 1.081319] __clk_register+0x414/0x820 [ 1.085113] devm_clk_register+0x64/0xd0 [ 1.088995] meson_nfc_probe+0x258/0x6ec [ 1.092875] platform_probe+0x70/0xf0 [ 1.096498] really_probe+0xc8/0x3e0 [ 1.100034] __driver_probe_device+0x84/0x190 [ 1.104346] driver_probe_device+0x44/0x120 [ 1.108487] __driver_attach+0xb4/0x220 [ 1.112282] bus_for_each_dev+0x78/0xd0 [ 1.116077] driver_attach+0x2c/0x40 [ 1.119613] bus_add_driver+0x184/0x240 [ 1.123408] driver_register+0x80/0x140 [ 1.127203] __platform_driver_register+0x30/0x40 [ 1.131860] meson_nfc_driver_init+0x24/0x30 Changelog: v1 -> v2: * More details in the commit message. v2 -> v3: * Add 'a' article to "interpreted as a pointer". v3 -> v4: * Add changelog. Fixes: 1e4d3ba66888 ("mtd: rawnand: meson: fix the clock") Signed-off-by: Arseniy Krasnov Acked-by: Martin Blumenstingl Reviewed-by: Neil Armstrong --- drivers/mtd/nand/raw/meson_nand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c index 5ee01231ac4c..30e326adabfc 100644 --- a/drivers/mtd/nand/raw/meson_nand.c +++ b/drivers/mtd/nand/raw/meson_nand.c @@ -991,7 +991,7 @@ static const struct mtd_ooblayout_ops meson_ooblayout_ops = { static int meson_nfc_clk_init(struct meson_nfc *nfc) { - struct clk_parent_data nfc_divider_parent_data[1]; + struct clk_parent_data nfc_divider_parent_data[1] = {0}; struct clk_init_data init = {0}; int ret;