mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-30 14:19:16 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/clk
History
Andrey Skvortsov 66fbfb35da clk: Fix slab-out-of-bounds error in devm_clk_release() 
Problem can be reproduced by unloading snd_soc_simple_card, because in
devm_get_clk_from_child() devres data is allocated as `struct clk`, but
devm_clk_release() expects devres data to be `struct devm_clk_state`.

KASAN report:
 ==================================================================
 BUG: KASAN: slab-out-of-bounds in devm_clk_release+0x20/0x54
 Read of size 8 at addr ffffff800ee09688 by task (udev-worker)/287

 Call trace:
  dump_backtrace+0xe8/0x11c
  show_stack+0x1c/0x30
  dump_stack_lvl+0x60/0x78
  print_report+0x150/0x450
  kasan_report+0xa8/0xf0
  __asan_load8+0x78/0xa0
  devm_clk_release+0x20/0x54
  release_nodes+0x84/0x120
  devres_release_all+0x144/0x210
  device_unbind_cleanup+0x1c/0xac
  really_probe+0x2f0/0x5b0
  __driver_probe_device+0xc0/0x1f0
  driver_probe_device+0x68/0x120
  __driver_attach+0x140/0x294
  bus_for_each_dev+0xec/0x160
  driver_attach+0x38/0x44
  bus_add_driver+0x24c/0x300
  driver_register+0xf0/0x210
  __platform_driver_register+0x48/0x54
  asoc_simple_card_init+0x24/0x1000 [snd_soc_simple_card]
  do_one_initcall+0xac/0x340
  do_init_module+0xd0/0x300
  load_module+0x2ba4/0x3100
  __do_sys_init_module+0x2c8/0x300
  __arm64_sys_init_module+0x48/0x5c
  invoke_syscall+0x64/0x190
  el0_svc_common.constprop.0+0x124/0x154
  do_el0_svc+0x44/0xdc
  el0_svc+0x14/0x50
  el0t_64_sync_handler+0xec/0x11c
  el0t_64_sync+0x14c/0x150

 Allocated by task 287:
  kasan_save_stack+0x38/0x60
  kasan_set_track+0x28/0x40
  kasan_save_alloc_info+0x20/0x30
  __kasan_kmalloc+0xac/0xb0
  __kmalloc_node_track_caller+0x6c/0x1c4
  __devres_alloc_node+0x44/0xb4
  devm_get_clk_from_child+0x44/0xa0
  asoc_simple_parse_clk+0x1b8/0x1dc [snd_soc_simple_card_utils]
  simple_parse_node.isra.0+0x1ec/0x230 [snd_soc_simple_card]
  simple_dai_link_of+0x1bc/0x334 [snd_soc_simple_card]
  __simple_for_each_link+0x2ec/0x320 [snd_soc_simple_card]
  asoc_simple_probe+0x468/0x4dc [snd_soc_simple_card]
  platform_probe+0x90/0xf0
  really_probe+0x118/0x5b0
  __driver_probe_device+0xc0/0x1f0
  driver_probe_device+0x68/0x120
  __driver_attach+0x140/0x294
  bus_for_each_dev+0xec/0x160
  driver_attach+0x38/0x44
  bus_add_driver+0x24c/0x300
  driver_register+0xf0/0x210
  __platform_driver_register+0x48/0x54
  asoc_simple_card_init+0x24/0x1000 [snd_soc_simple_card]
  do_one_initcall+0xac/0x340
  do_init_module+0xd0/0x300
  load_module+0x2ba4/0x3100
  __do_sys_init_module+0x2c8/0x300
  __arm64_sys_init_module+0x48/0x5c
  invoke_syscall+0x64/0x190
  el0_svc_common.constprop.0+0x124/0x154
  do_el0_svc+0x44/0xdc
  el0_svc+0x14/0x50
  el0t_64_sync_handler+0xec/0x11c
  el0t_64_sync+0x14c/0x150

 The buggy address belongs to the object at ffffff800ee09600
  which belongs to the cache kmalloc-256 of size 256
 The buggy address is located 136 bytes inside of
  256-byte region [ffffff800ee09600, ffffff800ee09700)

 The buggy address belongs to the physical page:
 page:000000002d97303b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ee08
 head:000000002d97303b order:1 compound_mapcount:0 compound_pincount:0
 flags: 0x10200(slab|head|zone=0)
 raw: 0000000000010200 0000000000000000 dead000000000122 ffffff8002c02480
 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
 page dumped because: kasan: bad access detected

 Memory state around the buggy address:
  ffffff800ee09580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
  ffffff800ee09600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 >ffffff800ee09680: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                       ^
  ffffff800ee09700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
  ffffff800ee09780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ==================================================================

Fixes: abae8e57e4 ("clk: generalize devm_clk_get() a bit")
Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Link: https://lore.kernel.org/r/20230805084847.3110586-1-andrej.skvortzov@gmail.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
2023-08-22 15:25:18 -07:00
..
actions clk: actions: composite: fact: Switch to determine_rate 2023-06-08 18:39:32 -07:00
analogbits
at91 Merge branches 'clk-qcom' and 'clk-microchip' into clk-next 2023-06-26 16:36:14 -07:00
axis
axs10x clk: axs10x: Use managed of_clk_add_hw_provider() 2023-04-10 12:45:12 -07:00
baikal-t1
bcm clk: bcm: rpi: Fix off by one in raspberrypi_discover_clocks() 2023-06-14 17:21:00 -07:00
berlin clk: berlin: div: Add a determine_rate hook 2023-06-08 18:39:26 -07:00
davinci clk: da8xx: clk48: Switch to determine_rate 2023-06-08 18:39:34 -07:00
hisilicon Nothing looks out of the ordinary in this batch of clk driver updates. There 2023-04-29 17:29:39 -07:00
imgtec
imx clk: imx93: Propagate correct error in imx93_clocks_probe() 2023-07-19 14:05:24 -07:00
ingenic clk: ingenic: tcu: Switch to determine_rate 2023-06-08 18:39:34 -07:00
keystone clk: keystone: syscon-clk: Fix audio refclk 2023-08-04 18:10:21 -07:00
mediatek clk: mediatek: mt8183: Add back SSPM related clocks 2023-07-19 12:40:22 -07:00
meson clk: meson: change usleep_range() to udelay() for atomic context 2023-07-11 11:35:42 +02:00
microchip clk: microchip: Use of_property_read_bool() for boolean properties 2023-05-22 11:57:31 +03:00
mmp clk: mmp: Convert to platform remove callback returning void 2023-03-28 19:31:44 -07:00
mstar
mvebu clk: mvebu: Iterate over possible CPUs instead of DT CPU nodes 2023-06-20 11:56:28 -07:00
mxs
nuvoton clk: nuvoton: Use clk_parent_data instead of string for parent clock 2023-06-22 17:02:50 +02:00
nxp
pistachio
pxa ARM: SoC changes for 6.5 2023-06-29 15:28:33 -07:00
qcom Another set of clk driver updates and fixes for the merge window. The 2023-07-04 11:07:45 -07:00
ralink clk: ralink: mtmips: Fix uninitialized use of ret in mtmips_register_{fixed,factor}_clocks() 2023-06-23 14:59:59 +02:00
renesas Merge branches 'clk-renesas', 'clk-determine-rate', 'clk-allwinner', 'clk-samsung' and 'clk-amlogic' into clk-next 2023-06-26 08:55:04 -07:00
rockchip Merge branches 'clk-of', 'clk-samsung', 'clk-rockchip' and 'clk-qcom' into clk-next 2023-04-25 11:52:25 -07:00
samsung clk: samsung: add CONFIG_OF dependency 2023-06-12 11:45:20 +02:00
sifive clk: sifive: Use devm_platform_ioremap_resource() 2023-06-14 17:20:13 -07:00
socfpga clk: socfpga: gate: Add a determine_rate hook 2023-06-08 18:39:29 -07:00
spear
sprd clk: sprd: composite: Simplify determine_rate implementation 2023-06-14 12:43:26 -07:00
st clk: st: flexgen: Switch to determine_rate 2023-06-08 18:39:35 -07:00
starfive clk: starfive: Fix RESET_STARFIVE_JH7110 can't be selected in a specified case 2023-05-02 18:34:49 -07:00
stm32 clk: stm32: composite: Switch to determine_rate 2023-06-08 18:39:35 -07:00
sunxi
sunxi-ng clk: sunxi-ng: a64: force select PLL_MIPI in TCON0 mux 2023-05-18 23:07:09 +02:00
tegra clk: tegra: Avoid calling an uninitialized function 2023-07-04 08:54:37 -07:00
ti clk: ti: clkctrl: check return value of kasprintf() 2023-06-16 21:52:50 -07:00
uniphier clk: uniphier: Use managed of_clk_add_hw_provider() 2023-04-10 12:56:25 -07:00
ux500 clk: ux500: sysctrl: Add a determine_rate hook 2023-06-08 18:39:30 -07:00
versatile clk: versatile: sp810: Add a determine_rate hook 2023-06-08 18:39:31 -07:00
visconti clk: visconti: remove unused visconti_pll_provider::regmap 2023-03-06 11:43:29 -08:00
x86 clk: x86: Convert to platform remove callback returning void 2023-03-28 19:31:45 -07:00
xilinx Merge branches 'clk-imx', 'clk-microchip', 'clk-cleanup', 'clk-bindings', 'clk-ti' and 'clk-kasprintf' into clk-next 2023-06-26 08:55:22 -07:00
zynq
zynqmp clk: zynqmp: pll: Remove the limit 2023-03-27 12:08:28 -07:00
.kunitconfig
clk-apple-nco.c
clk-asm9260.c
clk-aspeed.c
clk-aspeed.h
clk-ast2600.c clk: ast2600: Add comment about combined clock + reset handling 2023-03-06 14:11:29 -08:00
clk-axi-clkgen.c clk: axi-clkgen: Switch to determine_rate 2023-06-08 18:39:33 -07:00
clk-axm5516.c clk: axm5516: Use managed of_clk_add_hw_provider() 2023-04-10 12:45:12 -07:00
clk-bd718x7.c
clk-bm1880.c clk: bm1880: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:50 -07:00
clk-bulk.c
clk-cdce706.c Merge branches 'clk-renesas', 'clk-determine-rate', 'clk-allwinner', 'clk-samsung' and 'clk-amlogic' into clk-next 2023-06-26 08:55:04 -07:00
clk-cdce925.c Merge branches 'clk-imx', 'clk-microchip', 'clk-cleanup', 'clk-bindings', 'clk-ti' and 'clk-kasprintf' into clk-next 2023-06-26 08:55:22 -07:00
clk-clps711x.c
clk-composite.c clk: composite: Fix handling of high clock rates 2023-06-12 17:42:10 -07:00
clk-conf.c clk: add missing of_node_put() in "assigned-clocks" property parsing 2023-03-29 13:53:28 -07:00
clk-cs2000-cp.c clk: Switch i2c drivers back to use .probe() 2023-05-10 14:05:34 -07:00
clk-devres.c clk: Fix slab-out-of-bounds error in devm_clk_release() 2023-08-22 15:25:18 -07:00
clk-divider.c
clk-en7523.c
clk-fixed-factor.c clk: fixed-factor: Convert to platform remove callback returning void 2023-03-28 19:23:36 -07:00
clk-fixed-mmio.c Nothing looks out of the ordinary in this batch of clk driver updates. There 2023-04-29 17:29:39 -07:00
clk-fixed-rate.c clk: fixed-rate: Convert to platform remove callback returning void 2023-03-28 19:23:36 -07:00
clk-fractional-divider.c clk: Compute masks for fractional_divider clk when needed. 2023-04-05 12:09:26 -07:00
clk-fractional-divider.h
clk-fsl-flexspi.c
clk-fsl-sai.c kbuild, clk: remove MODULE_LICENSE in non-modules 2023-03-06 11:29:18 -08:00
clk-gate.c
clk-gate_test.c
clk-gemini.c
clk-gpio.c
clk-hi655x.c
clk-highbank.c
clk-hsdk-pll.c clk: hsdk-pll: Use managed of_clk_add_hw_provider() 2023-04-10 12:45:12 -07:00
clk-k210.c clk: k210: mux: Add a determine_rate hook 2023-06-08 18:39:27 -07:00
clk-lan966x.c clk: lan966x: Remove unused round_rate hook 2023-06-08 18:39:25 -07:00
clk-lmk04832.c clk: lmk04832: clkout: Add a determine_rate hook 2023-06-08 18:39:27 -07:00
clk-lochnagar.c clk: lochnagar: Add a determine_rate hook 2023-06-08 18:39:27 -07:00
clk-loongson1.c clk: loongson1: Re-implement the clock driver 2023-03-21 16:34:23 -07:00
clk-loongson2.c clk: clk-loongson2: Zero init clk_init_data 2023-06-12 18:30:46 -07:00
clk-max9485.c clk: Switch i2c drivers back to use .probe() 2023-05-10 14:05:34 -07:00
clk-max77686.c
clk-milbeaut.c clock: milbeaut: use devm_platform_get_and_ioremap_resource() 2023-03-29 14:48:32 -07:00
clk-moxart.c
clk-multiplier.c
clk-mux.c
clk-nomadik.c
clk-npcm7xx.c
clk-nspire.c
clk-oxnas.c
clk-palmas.c clk: palmas: Convert to platform remove callback returning void 2023-03-28 19:23:37 -07:00
clk-plldig.c
clk-pwm.c clk: pwm: Convert to platform remove callback returning void 2023-03-28 19:23:37 -07:00
clk-qoriq.c clk: qoriq: Add a determine_rate hook 2023-06-08 18:39:27 -07:00
clk-renesas-pcie.c Merge branches 'clk-platform', 'clk-i2c', 'clk-mediatek', 'clk-i2cid' and 'clk-vc5' into clk-next 2023-06-26 08:54:19 -07:00
clk-rk808.c clk: RK808: Reduce 'struct rk808' usage 2023-05-15 16:13:56 +01:00
clk-s2mps11.c clk: s2mps11: Convert to platform remove callback returning void 2023-03-28 19:23:37 -07:00
clk-scmi.c
clk-scpi.c clk: scpi: Convert to platform remove callback returning void 2023-03-28 19:23:37 -07:00
clk-si514.c clk: Switch i2c drivers back to use .probe() 2023-05-10 14:05:34 -07:00
clk-si521xx.c clk: si521xx: Switch i2c driver back to use .probe() 2023-06-12 18:16:43 -07:00
clk-si544.c clk: Switch i2c drivers back to use .probe() 2023-05-10 14:05:34 -07:00
clk-si570.c clk: Switch i2c drivers back to use .probe() 2023-05-10 14:05:34 -07:00
clk-si5341.c Merge branches 'clk-imx', 'clk-microchip', 'clk-cleanup', 'clk-bindings', 'clk-ti' and 'clk-kasprintf' into clk-next 2023-06-26 08:55:22 -07:00
clk-si5351.c Merge branches 'clk-renesas', 'clk-determine-rate', 'clk-allwinner', 'clk-samsung' and 'clk-amlogic' into clk-next 2023-06-26 08:55:04 -07:00
clk-si5351.h
clk-sp7021.c clk: sp7021: Adjust width of _m in HWM_FIELD_PREP() 2023-05-02 18:34:26 -07:00
clk-sparx5.c
clk-stm32f4.c clk: stm32f4: mux: Add a determine_rate hook 2023-06-08 18:39:27 -07:00
clk-stm32h7.c clk: stm32h7: Remove an unused field in struct stm32_fractional_divider 2023-04-03 14:10:42 -07:00
clk-stm32mp1.c clk: stm32mp1: Convert to platform remove callback returning void 2023-03-28 19:23:37 -07:00
clk-tps68470.c
clk-twl6040.c
clk-versaclock5.c Merge branches 'clk-imx', 'clk-microchip', 'clk-cleanup', 'clk-bindings', 'clk-ti' and 'clk-kasprintf' into clk-next 2023-06-26 08:55:22 -07:00
clk-versaclock7.c Merge branches 'clk-platform', 'clk-i2c', 'clk-mediatek', 'clk-i2cid' and 'clk-vc5' into clk-next 2023-06-26 08:54:19 -07:00
clk-vt8500.c
clk-wm831x.c clk: wm831x: clkout: Add a determine_rate hook 2023-06-08 18:39:28 -07:00
clk-xgene.c
clk.c Merge branches 'clk-imx', 'clk-microchip', 'clk-cleanup', 'clk-bindings', 'clk-ti' and 'clk-kasprintf' into clk-next 2023-06-26 08:55:22 -07:00
clk.h
clk_test.c clk: test: Add a determine_rate hook 2023-06-08 18:39:25 -07:00
clkdev.c
Kconfig clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM 2023-07-19 14:50:21 -07:00
Makefile clk: nuvoton: Add clock driver for ma35d1 clock controller 2023-06-05 13:18:08 +02:00