* [PATCH 1/2] mailbox: mtk-cmdq: Validate alias_id on probe
@ 2021-10-14 9:31 Fei Shao
2021-10-14 9:31 ` [PATCH 2/2] mailbox: mtk-cmdq: Fix local clock ID usage Fei Shao
2021-10-14 10:47 ` [PATCH 1/2] mailbox: mtk-cmdq: Validate alias_id on probe Tzung-Bi Shih
0 siblings, 2 replies; 6+ messages in thread
From: Fei Shao @ 2021-10-14 9:31 UTC (permalink / raw)
To: Jassi Brar
Cc: Chun-Kuang Hu, Fei Shao, Jassi Brar, Matthias Brugger,
jason-jh.lin, linux-arm-kernel, linux-kernel, linux-mediatek
of_alias_get_id() may return -ENODEV which leads to illegal access to
the cmdq->clocks array.
Adding a check over alias_id to prevent the unexpected behavior.
Fixes: 85dfdbfc13ea ("mailbox: cmdq: add multi-gce clocks support for
mt8195")
Signed-off-by: Fei Shao <fshao@chromium.org>
---
drivers/mailbox/mtk-cmdq-mailbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mailbox/mtk-cmdq-mailbox.c b/drivers/mailbox/mtk-cmdq-mailbox.c
index 64175a893312..f3e52dddd422 100644
--- a/drivers/mailbox/mtk-cmdq-mailbox.c
+++ b/drivers/mailbox/mtk-cmdq-mailbox.c
@@ -573,7 +573,7 @@ static int cmdq_probe(struct platform_device *pdev)
char clk_id[8];
alias_id = of_alias_get_id(node, clk_name);
- if (alias_id < cmdq->gce_num) {
+ if (alias_id >= 0 && alias_id < cmdq->gce_num) {
snprintf(clk_id, sizeof(clk_id), "%s%d", clk_name, alias_id);
cmdq->clocks[alias_id].id = clk_id;
cmdq->clocks[alias_id].clk = of_clk_get(node, 0);
--
2.33.0.882.g93a45727a2-goog
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] mailbox: mtk-cmdq: Fix local clock ID usage
2021-10-14 9:31 [PATCH 1/2] mailbox: mtk-cmdq: Validate alias_id on probe Fei Shao
@ 2021-10-14 9:31 ` Fei Shao
2021-10-14 10:47 ` Tzung-Bi Shih
2021-10-14 10:47 ` [PATCH 1/2] mailbox: mtk-cmdq: Validate alias_id on probe Tzung-Bi Shih
1 sibling, 1 reply; 6+ messages in thread
From: Fei Shao @ 2021-10-14 9:31 UTC (permalink / raw)
To: Jassi Brar
Cc: Chun-Kuang Hu, Fei Shao, Jassi Brar, Matthias Brugger,
jason-jh.lin, linux-arm-kernel, linux-kernel, linux-mediatek
In the probe function, the clock IDs were pointed to local variables
which should only be used in the same code block, and any access to them
after the probing stage becomes a use-after-free case.
Since there are only limited variants of the gce clock names so far, we
can just declare them as global constants to fix the issue.
Fixes: 85dfdbfc13ea ("mailbox: cmdq: add multi-gce clocks support for
mt8195")
Signed-off-by: Fei Shao <fshao@chromium.org>
---
drivers/mailbox/mtk-cmdq-mailbox.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/mailbox/mtk-cmdq-mailbox.c b/drivers/mailbox/mtk-cmdq-mailbox.c
index f3e52dddd422..27248b31cd51 100644
--- a/drivers/mailbox/mtk-cmdq-mailbox.c
+++ b/drivers/mailbox/mtk-cmdq-mailbox.c
@@ -90,6 +90,9 @@ struct gce_plat {
u32 gce_num;
};
+const char *clk_name = "gce";
+const char *clk_names[] = { "gce0", "gce1" };
+
u8 cmdq_get_shift_pa(struct mbox_chan *chan)
{
struct cmdq *cmdq = container_of(chan->mbox, struct cmdq, mbox);
@@ -532,7 +535,6 @@ static int cmdq_probe(struct platform_device *pdev)
struct device_node *phandle = dev->of_node;
struct device_node *node;
int alias_id = 0;
- char clk_name[4] = "gce";
cmdq = devm_kzalloc(dev, sizeof(*cmdq), GFP_KERNEL);
if (!cmdq)
@@ -570,12 +572,9 @@ static int cmdq_probe(struct platform_device *pdev)
if (cmdq->gce_num > 1) {
for_each_child_of_node(phandle->parent, node) {
- char clk_id[8];
-
alias_id = of_alias_get_id(node, clk_name);
if (alias_id >= 0 && alias_id < cmdq->gce_num) {
- snprintf(clk_id, sizeof(clk_id), "%s%d", clk_name, alias_id);
- cmdq->clocks[alias_id].id = clk_id;
+ cmdq->clocks[alias_id].id = clk_names[alias_id];
cmdq->clocks[alias_id].clk = of_clk_get(node, 0);
if (IS_ERR(cmdq->clocks[alias_id].clk)) {
dev_err(dev, "failed to get gce clk: %d\n", alias_id);
--
2.33.0.882.g93a45727a2-goog
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] mailbox: mtk-cmdq: Validate alias_id on probe
2021-10-14 9:31 [PATCH 1/2] mailbox: mtk-cmdq: Validate alias_id on probe Fei Shao
2021-10-14 9:31 ` [PATCH 2/2] mailbox: mtk-cmdq: Fix local clock ID usage Fei Shao
@ 2021-10-14 10:47 ` Tzung-Bi Shih
1 sibling, 0 replies; 6+ messages in thread
From: Tzung-Bi Shih @ 2021-10-14 10:47 UTC (permalink / raw)
To: Fei Shao
Cc: Jassi Brar, Chun-Kuang Hu, Jassi Brar, Matthias Brugger,
jason-jh.lin, linux-arm-kernel, linux-kernel, linux-mediatek
On Thu, Oct 14, 2021 at 05:31:10PM +0800, Fei Shao wrote:
> of_alias_get_id() may return -ENODEV which leads to illegal access to
> the cmdq->clocks array.
> Adding a check over alias_id to prevent the unexpected behavior.
>
> Fixes: 85dfdbfc13ea ("mailbox: cmdq: add multi-gce clocks support for
> mt8195")
> Signed-off-by: Fei Shao <fshao@chromium.org>
Reviewed-by: Tzung-Bi Shih <tzungbi@google.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] mailbox: mtk-cmdq: Fix local clock ID usage
2021-10-14 9:31 ` [PATCH 2/2] mailbox: mtk-cmdq: Fix local clock ID usage Fei Shao
@ 2021-10-14 10:47 ` Tzung-Bi Shih
2021-10-14 11:32 ` Fei Shao
0 siblings, 1 reply; 6+ messages in thread
From: Tzung-Bi Shih @ 2021-10-14 10:47 UTC (permalink / raw)
To: Fei Shao
Cc: Jassi Brar, Chun-Kuang Hu, Jassi Brar, Matthias Brugger,
jason-jh.lin, linux-arm-kernel, linux-kernel, linux-mediatek
On Thu, Oct 14, 2021 at 05:31:11PM +0800, Fei Shao wrote:
> +const char *clk_name = "gce";
> +const char *clk_names[] = { "gce0", "gce1" };
Does letting them static make more sense?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] mailbox: mtk-cmdq: Fix local clock ID usage
2021-10-14 10:47 ` Tzung-Bi Shih
@ 2021-10-14 11:32 ` Fei Shao
2021-10-14 11:34 ` Tzung-Bi Shih
0 siblings, 1 reply; 6+ messages in thread
From: Fei Shao @ 2021-10-14 11:32 UTC (permalink / raw)
To: Tzung-Bi Shih
Cc: Jassi Brar, Chun-Kuang Hu, Jassi Brar, Matthias Brugger,
jason-jh.lin, linux-arm-kernel, linux-kernel, linux-mediatek
On Thu, Oct 14, 2021 at 6:47 PM Tzung-Bi Shih <tzungbi@google.com> wrote:
>
> On Thu, Oct 14, 2021 at 05:31:11PM +0800, Fei Shao wrote:
> > +const char *clk_name = "gce";
> > +const char *clk_names[] = { "gce0", "gce1" };
> Does letting them static make more sense?
Yes, I'll send a v2 later. Thanks!
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] mailbox: mtk-cmdq: Fix local clock ID usage
2021-10-14 11:32 ` Fei Shao
@ 2021-10-14 11:34 ` Tzung-Bi Shih
0 siblings, 0 replies; 6+ messages in thread
From: Tzung-Bi Shih @ 2021-10-14 11:34 UTC (permalink / raw)
To: Fei Shao
Cc: Jassi Brar, Chun-Kuang Hu, Jassi Brar, Matthias Brugger,
jason-jh.lin, linux-arm-kernel, linux-kernel, linux-mediatek
On Thu, Oct 14, 2021 at 7:33 PM Fei Shao <fshao@chromium.org> wrote:
>
> On Thu, Oct 14, 2021 at 6:47 PM Tzung-Bi Shih <tzungbi@google.com> wrote:
> >
> > On Thu, Oct 14, 2021 at 05:31:11PM +0800, Fei Shao wrote:
> > > +const char *clk_name = "gce";
> > > +const char *clk_names[] = { "gce0", "gce1" };
> > Does letting them static make more sense?
> Yes, I'll send a v2 later. Thanks!
Probably better to keep their scope in probe function but extend the
lifecycle by using static.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-10-14 11:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-14 9:31 [PATCH 1/2] mailbox: mtk-cmdq: Validate alias_id on probe Fei Shao
2021-10-14 9:31 ` [PATCH 2/2] mailbox: mtk-cmdq: Fix local clock ID usage Fei Shao
2021-10-14 10:47 ` Tzung-Bi Shih
2021-10-14 11:32 ` Fei Shao
2021-10-14 11:34 ` Tzung-Bi Shih
2021-10-14 10:47 ` [PATCH 1/2] mailbox: mtk-cmdq: Validate alias_id on probe Tzung-Bi Shih
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).