Using an array allocated on the stack may lead to stack overflows
and other problems. Furthermore, VLAIS doesn't work well with
LLVM compilers, so move the allocation to the heap and avoid the
use of VLAIS here.
Cc: Chen-Yu Tsai <[email protected]>
Cc: Maxime Ripard <[email protected]>
Signed-off-by: Stephen Boyd <[email protected]>
---
drivers/clk/sunxi/clk-sun8i-mbus.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/sunxi/clk-sun8i-mbus.c b/drivers/clk/sunxi/clk-sun8i-mbus.c
index 3aaa9cbef791..8e7128e69823 100644
--- a/drivers/clk/sunxi/clk-sun8i-mbus.c
+++ b/drivers/clk/sunxi/clk-sun8i-mbus.c
@@ -33,7 +33,7 @@ static DEFINE_SPINLOCK(sun8i_a23_mbus_lock);
static void __init sun8i_a23_mbus_setup(struct device_node *node)
{
int num_parents = of_clk_get_parent_count(node);
- const char *parents[num_parents];
+ const char **parents;
const char *clk_name = node->name;
struct resource res;
struct clk_divider *div;
@@ -43,10 +43,14 @@ static void __init sun8i_a23_mbus_setup(struct device_node *node)
void __iomem *reg;
int err;
+ parents = kcalloc(num_parents, sizeof(*parents), GFP_KERNEL);
+ if (!parents)
+ return;
+
reg = of_io_request_and_map(node, 0, of_node_full_name(node));
if (!reg) {
pr_err("Could not get registers for sun8i-mbus-clk\n");
- return;
+ goto err_free_parents;
}
div = kzalloc(sizeof(*div), GFP_KERNEL);
@@ -107,6 +111,8 @@ err_free_div:
kfree(div);
err_unmap:
iounmap(reg);
+err_free_parents:
+ kfree(parents);
of_address_to_resource(node, 0, &res);
release_mem_region(res.start, resource_size(&res));
}
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
On Tue, Mar 1, 2016 at 4:20 PM, Stephen Boyd <[email protected]> wrote:
> Using an array allocated on the stack may lead to stack overflows
> and other problems. Furthermore, VLAIS doesn't work well with
> LLVM compilers, so move the allocation to the heap and avoid the
> use of VLAIS here.
>
> Cc: Chen-Yu Tsai <[email protected]>
> Cc: Maxime Ripard <[email protected]>
> Signed-off-by: Stephen Boyd <[email protected]>
> ---
> drivers/clk/sunxi/clk-sun8i-mbus.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/clk/sunxi/clk-sun8i-mbus.c b/drivers/clk/sunxi/clk-sun8i-mbus.c
> index 3aaa9cbef791..8e7128e69823 100644
> --- a/drivers/clk/sunxi/clk-sun8i-mbus.c
> +++ b/drivers/clk/sunxi/clk-sun8i-mbus.c
> @@ -33,7 +33,7 @@ static DEFINE_SPINLOCK(sun8i_a23_mbus_lock);
> static void __init sun8i_a23_mbus_setup(struct device_node *node)
> {
> int num_parents = of_clk_get_parent_count(node);
> - const char *parents[num_parents];
> + const char **parents;
> const char *clk_name = node->name;
> struct resource res;
> struct clk_divider *div;
> @@ -43,10 +43,14 @@ static void __init sun8i_a23_mbus_setup(struct device_node *node)
> void __iomem *reg;
> int err;
>
> + parents = kcalloc(num_parents, sizeof(*parents), GFP_KERNEL);
> + if (!parents)
> + return;
> +
> reg = of_io_request_and_map(node, 0, of_node_full_name(node));
> if (!reg) {
> pr_err("Could not get registers for sun8i-mbus-clk\n");
> - return;
> + goto err_free_parents;
> }
>
> div = kzalloc(sizeof(*div), GFP_KERNEL);
> @@ -107,6 +111,8 @@ err_free_div:
> kfree(div);
> err_unmap:
> iounmap(reg);
> +err_free_parents:
> + kfree(parents);
AFAIK the CCF makes a deep copy of parents, so you should
always free it? I specifically checked it before using
VLAIS here.
ChenYu
> of_address_to_resource(node, 0, &res);
> release_mem_region(res.start, resource_size(&res));
> }
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>
On 03/03, Chen-Yu Tsai wrote:
> On Tue, Mar 1, 2016 at 4:20 PM, Stephen Boyd <[email protected]> wrote:
> > div = kzalloc(sizeof(*div), GFP_KERNEL);
> > @@ -107,6 +111,8 @@ err_free_div:
> > kfree(div);
> > err_unmap:
> > iounmap(reg);
> > +err_free_parents:
> > + kfree(parents);
>
> AFAIK the CCF makes a deep copy of parents, so you should
> always free it? I specifically checked it before using
> VLAIS here.
>
Yes. Good catch. Here's the update.
--8<---
From: Stephen Boyd <[email protected]>
Subject: [PATCH] clk: sunxi: Remove use of VLAIS
Using an array allocated on the stack may lead to stack overflows
and other problems. Furthermore, VLAIS doesn't work well with
LLVM compilers, so move the allocation to the heap and avoid the
use of VLAIS here.
Cc: Chen-Yu Tsai <[email protected]>
Cc: Maxime Ripard <[email protected]>
Signed-off-by: Stephen Boyd <[email protected]>
---
drivers/clk/sunxi/clk-sun8i-mbus.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/sunxi/clk-sun8i-mbus.c b/drivers/clk/sunxi/clk-sun8i-mbus.c
index 3aaa9cbef791..90acc8549d60 100644
--- a/drivers/clk/sunxi/clk-sun8i-mbus.c
+++ b/drivers/clk/sunxi/clk-sun8i-mbus.c
@@ -33,7 +33,7 @@ static DEFINE_SPINLOCK(sun8i_a23_mbus_lock);
static void __init sun8i_a23_mbus_setup(struct device_node *node)
{
int num_parents = of_clk_get_parent_count(node);
- const char *parents[num_parents];
+ const char **parents;
const char *clk_name = node->name;
struct resource res;
struct clk_divider *div;
@@ -43,10 +43,14 @@ static void __init sun8i_a23_mbus_setup(struct device_node *node)
void __iomem *reg;
int err;
+ parents = kcalloc(num_parents, sizeof(*parents), GFP_KERNEL);
+ if (!parents)
+ return;
+
reg = of_io_request_and_map(node, 0, of_node_full_name(node));
if (!reg) {
pr_err("Could not get registers for sun8i-mbus-clk\n");
- return;
+ goto err_free_parents;
}
div = kzalloc(sizeof(*div), GFP_KERNEL);
@@ -90,6 +94,7 @@ static void __init sun8i_a23_mbus_setup(struct device_node *node)
if (err)
goto err_unregister_clk;
+ kfree(parents); /* parents is deep copied */
/* The MBUS clocks needs to be always enabled */
__clk_get(clk);
clk_prepare_enable(clk);
@@ -107,6 +112,8 @@ err_free_div:
kfree(div);
err_unmap:
iounmap(reg);
+err_free_parents:
+ kfree(parents);
of_address_to_resource(node, 0, &res);
release_mem_region(res.start, resource_size(&res));
}
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
Hi,
On Thu, Mar 03, 2016 at 11:16:04AM -0800, Stephen Boyd wrote:
> On 03/03, Chen-Yu Tsai wrote:
> > On Tue, Mar 1, 2016 at 4:20 PM, Stephen Boyd <[email protected]> wrote:
> > > div = kzalloc(sizeof(*div), GFP_KERNEL);
> > > @@ -107,6 +111,8 @@ err_free_div:
> > > kfree(div);
> > > err_unmap:
> > > iounmap(reg);
> > > +err_free_parents:
> > > + kfree(parents);
> >
> > AFAIK the CCF makes a deep copy of parents, so you should
> > always free it? I specifically checked it before using
> > VLAIS here.
> >
>
> Yes. Good catch. Here's the update.
>
> --8<---
> From: Stephen Boyd <[email protected]>
> Subject: [PATCH] clk: sunxi: Remove use of VLAIS
VLAIS?
> Using an array allocated on the stack may lead to stack overflows
> and other problems. Furthermore, VLAIS doesn't work well with
> LLVM compilers, so move the allocation to the heap and avoid the
> use of VLAIS here.
>
> Cc: Chen-Yu Tsai <[email protected]>
> Cc: Maxime Ripard <[email protected]>
> Signed-off-by: Stephen Boyd <[email protected]>
> ---
> drivers/clk/sunxi/clk-sun8i-mbus.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/clk/sunxi/clk-sun8i-mbus.c b/drivers/clk/sunxi/clk-sun8i-mbus.c
> index 3aaa9cbef791..90acc8549d60 100644
> --- a/drivers/clk/sunxi/clk-sun8i-mbus.c
> +++ b/drivers/clk/sunxi/clk-sun8i-mbus.c
> @@ -33,7 +33,7 @@ static DEFINE_SPINLOCK(sun8i_a23_mbus_lock);
> static void __init sun8i_a23_mbus_setup(struct device_node *node)
> {
> int num_parents = of_clk_get_parent_count(node);
> - const char *parents[num_parents];
> + const char **parents;
> const char *clk_name = node->name;
> struct resource res;
> struct clk_divider *div;
> @@ -43,10 +43,14 @@ static void __init sun8i_a23_mbus_setup(struct device_node *node)
> void __iomem *reg;
> int err;
>
> + parents = kcalloc(num_parents, sizeof(*parents), GFP_KERNEL);
> + if (!parents)
> + return;
> +
> reg = of_io_request_and_map(node, 0, of_node_full_name(node));
> if (!reg) {
> pr_err("Could not get registers for sun8i-mbus-clk\n");
> - return;
> + goto err_free_parents;
> }
>
> div = kzalloc(sizeof(*div), GFP_KERNEL);
> @@ -90,6 +94,7 @@ static void __init sun8i_a23_mbus_setup(struct device_node *node)
> if (err)
> goto err_unregister_clk;
>
> + kfree(parents); /* parents is deep copied */
> /* The MBUS clocks needs to be always enabled */
> __clk_get(clk);
> clk_prepare_enable(clk);
> @@ -107,6 +112,8 @@ err_free_div:
> kfree(div);
> err_unmap:
> iounmap(reg);
> +err_free_parents:
> + kfree(parents);
> of_address_to_resource(node, 0, &res);
> release_mem_region(res.start, resource_size(&res));
The error path is wrong here, if you jump here from a failing call to
of_io_request_and_map, you'll end up releasing a memory region which
is not requested.
Thanks!
Maxime
--
Maxime Ripard, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
On 03/04, Maxime Ripard wrote:
> On Thu, Mar 03, 2016 at 11:16:04AM -0800, Stephen Boyd wrote:
> > From: Stephen Boyd <[email protected]>
> > Subject: [PATCH] clk: sunxi: Remove use of VLAIS
>
> VLAIS?
Hmm I guess it's just VLA, so llvm won't break. I'll reword
commit text.
>
> > @@ -107,6 +112,8 @@ err_free_div:
> > kfree(div);
> > err_unmap:
> > iounmap(reg);
> > +err_free_parents:
> > + kfree(parents);
> > of_address_to_resource(node, 0, &res);
> > release_mem_region(res.start, resource_size(&res));
>
> The error path is wrong here, if you jump here from a failing call to
> of_io_request_and_map, you'll end up releasing a memory region which
> is not requested.
>
Oh right. Let's hope third time is the last.
---8<---
From: Stephen Boyd <[email protected]>
Subject: [PATCH] clk: sunxi: Remove use of variable length array
Using an array allocated on the stack may lead to stack overflows
and other problems so let's move the allocation to the heap
instead. This silences the following checker warning as well.
drivers/clk/sunxi/clk-sun8i-mbus.c:36:29: warning: Variable length array is used.
Cc: Chen-Yu Tsai <[email protected]>
Cc: Maxime Ripard <[email protected]>
Signed-off-by: Stephen Boyd <[email protected]>
---
drivers/clk/sunxi/clk-sun8i-mbus.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/sunxi/clk-sun8i-mbus.c b/drivers/clk/sunxi/clk-sun8i-mbus.c
index 3aaa9cbef791..411d3033a96e 100644
--- a/drivers/clk/sunxi/clk-sun8i-mbus.c
+++ b/drivers/clk/sunxi/clk-sun8i-mbus.c
@@ -33,7 +33,7 @@ static DEFINE_SPINLOCK(sun8i_a23_mbus_lock);
static void __init sun8i_a23_mbus_setup(struct device_node *node)
{
int num_parents = of_clk_get_parent_count(node);
- const char *parents[num_parents];
+ const char **parents;
const char *clk_name = node->name;
struct resource res;
struct clk_divider *div;
@@ -43,10 +43,14 @@ static void __init sun8i_a23_mbus_setup(struct device_node *node)
void __iomem *reg;
int err;
+ parents = kcalloc(num_parents, sizeof(*parents), GFP_KERNEL);
+ if (!parents)
+ return;
+
reg = of_io_request_and_map(node, 0, of_node_full_name(node));
if (!reg) {
pr_err("Could not get registers for sun8i-mbus-clk\n");
- return;
+ goto err_free_parents;
}
div = kzalloc(sizeof(*div), GFP_KERNEL);
@@ -90,6 +94,7 @@ static void __init sun8i_a23_mbus_setup(struct device_node *node)
if (err)
goto err_unregister_clk;
+ kfree(parents); /* parents is deep copied */
/* The MBUS clocks needs to be always enabled */
__clk_get(clk);
clk_prepare_enable(clk);
@@ -109,5 +114,7 @@ err_unmap:
iounmap(reg);
of_address_to_resource(node, 0, &res);
release_mem_region(res.start, resource_size(&res));
+err_free_parents:
+ kfree(parents);
}
CLK_OF_DECLARE(sun8i_a23_mbus, "allwinner,sun8i-a23-mbus-clk", sun8i_a23_mbus_setup);
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
On Fri, Mar 04, 2016 at 09:18:41AM -0800, Stephen Boyd wrote:
> On 03/04, Maxime Ripard wrote:
> > On Thu, Mar 03, 2016 at 11:16:04AM -0800, Stephen Boyd wrote:
> > > From: Stephen Boyd <[email protected]>
> > > Subject: [PATCH] clk: sunxi: Remove use of VLAIS
> >
> > VLAIS?
>
> Hmm I guess it's just VLA, so llvm won't break. I'll reword
> commit text.
>
> >
> > > @@ -107,6 +112,8 @@ err_free_div:
> > > kfree(div);
> > > err_unmap:
> > > iounmap(reg);
> > > +err_free_parents:
> > > + kfree(parents);
> > > of_address_to_resource(node, 0, &res);
> > > release_mem_region(res.start, resource_size(&res));
> >
> > The error path is wrong here, if you jump here from a failing call to
> > of_io_request_and_map, you'll end up releasing a memory region which
> > is not requested.
> >
>
> Oh right. Let's hope third time is the last.
>
> ---8<---
> From: Stephen Boyd <[email protected]>
> Subject: [PATCH] clk: sunxi: Remove use of variable length array
>
> Using an array allocated on the stack may lead to stack overflows
> and other problems so let's move the allocation to the heap
> instead. This silences the following checker warning as well.
>
> drivers/clk/sunxi/clk-sun8i-mbus.c:36:29: warning: Variable length array is used.
>
> Cc: Chen-Yu Tsai <[email protected]>
> Cc: Maxime Ripard <[email protected]>
> Signed-off-by: Stephen Boyd <[email protected]>
Acked-by: Maxime Ripard <[email protected]>
Thanks!
Maxime
--
Maxime Ripard, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
On 03/08, Maxime Ripard wrote:
> On Fri, Mar 04, 2016 at 09:18:41AM -0800, Stephen Boyd wrote:
> > Oh right. Let's hope third time is the last.
> >
> > ---8<---
> > From: Stephen Boyd <[email protected]>
> > Subject: [PATCH] clk: sunxi: Remove use of variable length array
> >
> > Using an array allocated on the stack may lead to stack overflows
> > and other problems so let's move the allocation to the heap
> > instead. This silences the following checker warning as well.
> >
> > drivers/clk/sunxi/clk-sun8i-mbus.c:36:29: warning: Variable length array is used.
> >
> > Cc: Chen-Yu Tsai <[email protected]>
> > Cc: Maxime Ripard <[email protected]>
> > Signed-off-by: Stephen Boyd <[email protected]>
>
> Acked-by: Maxime Ripard <[email protected]>
>
Applied to clk-next.
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project