[PATCH master] clk: rockchip: pll fix out of bounds read

mail archive of the barebox mailing list
 help / color / mirror / Atom feed

* [PATCH master] clk: rockchip: pll fix out of bounds read
@ 2023-12-05  8:10 Ahmad Fatoum
  2023-12-05  8:23 ` Sascha Hauer
  0 siblings, 1 reply; 2+ messages in thread
From: Ahmad Fatoum @ 2023-12-05  8:10 UTC (permalink / raw)
  To: barebox; +Cc: Ahmad Fatoum

parent_names[1] is only valid for PLLs that are not of the type pll_rk3328.
Yet, the code references it anyway unconditionally, triggering a KASan
error. Fix this by slightly reworking the code.

This issue also seems to exist upstream in Linux.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 drivers/clk/rockchip/clk-pll.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/clk/rockchip/clk-pll.c b/drivers/clk/rockchip/clk-pll.c
index ee0603557567..b4152b03b19f 100644
--- a/drivers/clk/rockchip/clk-pll.c
+++ b/drivers/clk/rockchip/clk-pll.c
@@ -1101,19 +1101,21 @@ struct clk *rockchip_clk_register_pll(struct rockchip_clk_provider *ctx,
 	    pll_type == pll_rk3588_core)
 		pll_mux->flags |= CLK_MUX_HIWORD_MASK;
 
-	/* the actual muxing is xin24m, pll-output, xin32k */
-	pll_parents[0] = parent_names[0];
-	pll_parents[1] = pll_name;
-	pll_parents[2] = parent_names[1];
-
 	init.name = name;
 	init.flags = CLK_SET_RATE_PARENT;
 	init.ops = pll->pll_mux_ops;
 	init.parent_names = pll_parents;
-	if (pll_type == pll_rk3328)
+
+	/* the actual muxing is xin24m, pll-output, xin32k */
+	pll_parents[0] = parent_names[0];
+	pll_parents[1] = pll_name;
+
+	if (pll_type == pll_rk3328) {
 		init.num_parents = 2;
-	else
+	} else {
+		pll_parents[2] = parent_names[1];
 		init.num_parents = ARRAY_SIZE(pll_parents);
+	}
 
 	mux_clk = clk_register(NULL, &pll_mux->hw);
 	if (IS_ERR(mux_clk))
-- 
2.39.2




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH master] clk: rockchip: pll fix out of bounds read
  2023-12-05  8:10 [PATCH master] clk: rockchip: pll fix out of bounds read Ahmad Fatoum
@ 2023-12-05  8:23 ` Sascha Hauer
  0 siblings, 0 replies; 2+ messages in thread
From: Sascha Hauer @ 2023-12-05  8:23 UTC (permalink / raw)
  To: Ahmad Fatoum; +Cc: barebox

On Tue, Dec 05, 2023 at 09:10:52AM +0100, Ahmad Fatoum wrote:
> parent_names[1] is only valid for PLLs that are not of the type pll_rk3328.
> Yet, the code references it anyway unconditionally, triggering a KASan
> error. Fix this by slightly reworking the code.
> 
> This issue also seems to exist upstream in Linux.
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
>  drivers/clk/rockchip/clk-pll.c | 16 +++++++++-------
>  1 file changed, 9 insertions(+), 7 deletions(-)

Applied, thanks

Sascha

> 
> diff --git a/drivers/clk/rockchip/clk-pll.c b/drivers/clk/rockchip/clk-pll.c
> index ee0603557567..b4152b03b19f 100644
> --- a/drivers/clk/rockchip/clk-pll.c
> +++ b/drivers/clk/rockchip/clk-pll.c
> @@ -1101,19 +1101,21 @@ struct clk *rockchip_clk_register_pll(struct rockchip_clk_provider *ctx,
>  	    pll_type == pll_rk3588_core)
>  		pll_mux->flags |= CLK_MUX_HIWORD_MASK;
>  
> -	/* the actual muxing is xin24m, pll-output, xin32k */
> -	pll_parents[0] = parent_names[0];
> -	pll_parents[1] = pll_name;
> -	pll_parents[2] = parent_names[1];
> -
>  	init.name = name;
>  	init.flags = CLK_SET_RATE_PARENT;
>  	init.ops = pll->pll_mux_ops;
>  	init.parent_names = pll_parents;
> -	if (pll_type == pll_rk3328)
> +
> +	/* the actual muxing is xin24m, pll-output, xin32k */
> +	pll_parents[0] = parent_names[0];
> +	pll_parents[1] = pll_name;
> +
> +	if (pll_type == pll_rk3328) {
>  		init.num_parents = 2;
> -	else
> +	} else {
> +		pll_parents[2] = parent_names[1];
>  		init.num_parents = ARRAY_SIZE(pll_parents);
> +	}
>  
>  	mux_clk = clk_register(NULL, &pll_mux->hw);
>  	if (IS_ERR(mux_clk))
> -- 
> 2.39.2
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-12-05  8:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-05  8:10 [PATCH master] clk: rockchip: pll fix out of bounds read Ahmad Fatoum
2023-12-05  8:23 ` Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox