If a mux clock is initialised (by hardware or firmware) with an
invalid parent, its ->get_parent() can return an out of range
index. For example, the generic mux clock attempts to return
-EINVAL, which due to the u8 return type ends up a rather large
number. Using this index with the parent_names[] array results
in an invalid pointer and (usually) a crash in the following
strcmp().
This patch adds a check for the parent index being in range,
ignoring clocks reporting invalid values.
Signed-off-by: Mans Rullgard <[email protected]>
Cc: Rhyland Klein <[email protected]>
---
drivers/clk/clk.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c
index d48ac71..bc0662b 100644
--- a/drivers/clk/clk.c
+++ b/drivers/clk/clk.c
@@ -1950,7 +1950,8 @@ int __clk_init(struct device *dev, struct clk *clk)
hlist_for_each_entry_safe(orphan, tmp2, &clk_orphan_list, child_node) {
if (orphan->num_parents && orphan->ops->get_parent) {
i = orphan->ops->get_parent(orphan->hw);
- if (!strcmp(clk->name, orphan->parent_names[i]))
+ if (i >= 0 && i < orphan->num_parents &&
+ !strcmp(clk->name, orphan->parent_names[i]))
__clk_reparent(orphan, clk);
continue;
}
--
2.3.0
On 2/15/2015 7:33 AM, Mans Rullgard wrote:
> If a mux clock is initialised (by hardware or firmware) with an
> invalid parent, its ->get_parent() can return an out of range
> index. For example, the generic mux clock attempts to return
> -EINVAL, which due to the u8 return type ends up a rather large
> number. Using this index with the parent_names[] array results
> in an invalid pointer and (usually) a crash in the following
> strcmp().
>
> This patch adds a check for the parent index being in range,
> ignoring clocks reporting invalid values.
>
> Signed-off-by: Mans Rullgard <[email protected]>
> Cc: Rhyland Klein <[email protected]>
> ---
> drivers/clk/clk.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c
> index d48ac71..bc0662b 100644
> --- a/drivers/clk/clk.c
> +++ b/drivers/clk/clk.c
> @@ -1950,7 +1950,8 @@ int __clk_init(struct device *dev, struct clk *clk)
> hlist_for_each_entry_safe(orphan, tmp2, &clk_orphan_list, child_node) {
> if (orphan->num_parents && orphan->ops->get_parent) {
> i = orphan->ops->get_parent(orphan->hw);
> - if (!strcmp(clk->name, orphan->parent_names[i]))
> + if (i >= 0 && i < orphan->num_parents &&
> + !strcmp(clk->name, orphan->parent_names[i]))
> __clk_reparent(orphan, clk);
> continue;
> }
>
This works for me and is less invasive than the original patch series.
Tested-by: Rhyland Klein <[email protected]>
-rhyland
--
nvpublic
Quoting Rhyland Klein (2015-02-17 08:58:29)
> On 2/15/2015 7:33 AM, Mans Rullgard wrote:
> > If a mux clock is initialised (by hardware or firmware) with an
> > invalid parent, its ->get_parent() can return an out of range
> > index. For example, the generic mux clock attempts to return
> > -EINVAL, which due to the u8 return type ends up a rather large
> > number. Using this index with the parent_names[] array results
> > in an invalid pointer and (usually) a crash in the following
> > strcmp().
> >
> > This patch adds a check for the parent index being in range,
> > ignoring clocks reporting invalid values.
> >
> > Signed-off-by: Mans Rullgard <[email protected]>
> > Cc: Rhyland Klein <[email protected]>
> > ---
> > drivers/clk/clk.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c
> > index d48ac71..bc0662b 100644
> > --- a/drivers/clk/clk.c
> > +++ b/drivers/clk/clk.c
> > @@ -1950,7 +1950,8 @@ int __clk_init(struct device *dev, struct clk *clk)
> > hlist_for_each_entry_safe(orphan, tmp2, &clk_orphan_list, child_node) {
> > if (orphan->num_parents && orphan->ops->get_parent) {
> > i = orphan->ops->get_parent(orphan->hw);
> > - if (!strcmp(clk->name, orphan->parent_names[i]))
> > + if (i >= 0 && i < orphan->num_parents &&
> > + !strcmp(clk->name, orphan->parent_names[i]))
> > __clk_reparent(orphan, clk);
> > continue;
> > }
> >
>
> This works for me and is less invasive than the original patch series.
>
> Tested-by: Rhyland Klein <[email protected]>
Applied.
Thanks,
Mike
>
> -rhyland
>
> --
> nvpublic