From: ndesaulniers@google.com To: Chen-Yu Tsai <wens@csie.org>, Jernej Skrabec <jernej.skrabec@gmail.com>, Samuel Holland <samuel@sholland.org> Cc: Russell King <linux@armlinux.org.uk>, Arnd Bergmann <arnd@arndb.de>, linux-arm-kernel@lists.infradead.org, linux-sunxi@lists.linux.dev, linux-kernel@vger.kernel.org, Nick Desaulniers <ndesaulniers@google.com> Subject: [PATCH] ARM: sunxi: fix return code check of of_property_match_string Date: Tue, 16 May 2023 09:35:24 -0700 [thread overview] Message-ID: <20230516-sunxi-v1-1-ac4b9651a8c1@google.com> (raw) of_property_match_string returns an int; either an index from 0 or greater if successful or negative on failure. Fixes the following splat observed with UBSAN: [ 0.166489][ T1] UBSAN: array-index-out-of-bounds in arch/arm/mach-sunxi/mc_smp.c:810:29 [ 0.166934][ T1] index 2 is out of range for type 'sunxi_mc_smp_data [2]' [ 0.167206][ T1] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.4.0-rc2 #1 [ 0.167515][ T1] Hardware name: Generic DT based system [ 0.167727][ T1] unwind_backtrace from show_stack+0x18/0x1c [ 0.167979][ T1] show_stack from dump_stack_lvl+0x68/0x90 [ 0.168226][ T1] dump_stack_lvl from ubsan_epilogue+0x8/0x34 [ 0.168474][ T1] ubsan_epilogue from __ubsan_handle_out_of_bounds+0x78/0x80 [ 0.168760][ T1] __ubsan_handle_out_of_bounds from sunxi_mc_smp_init+0xe8/0x574 [ 0.169100][ T1] sunxi_mc_smp_init from do_one_initcall+0x178/0x9c8 [ 0.169364][ T1] do_one_initcall from kernel_init_freeable+0x1dc/0x28c [ 0.169661][ T1] kernel_init_freeable from kernel_init+0x20/0x164 [ 0.169912][ T1] kernel_init from ret_from_fork+0x14/0x2c Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> --- arch/arm/mach-sunxi/mc_smp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-sunxi/mc_smp.c b/arch/arm/mach-sunxi/mc_smp.c index cb63921232a6..c7635e9e36ef 100644 --- a/arch/arm/mach-sunxi/mc_smp.c +++ b/arch/arm/mach-sunxi/mc_smp.c @@ -782,7 +782,7 @@ static int __init sunxi_mc_smp_init(void) struct device_node *node; struct resource res; void __iomem *addr; - int i, ret; + int i, ret = -1; /* * Don't bother checking the "cpus" node, as an enable-method @@ -803,10 +803,13 @@ static int __init sunxi_mc_smp_init(void) for (i = 0; i < ARRAY_SIZE(sunxi_mc_smp_data); i++) { ret = of_property_match_string(node, "enable-method", sunxi_mc_smp_data[i].enable_method); - if (!ret) + if (ret >= 0) break; } + if (ret < 0) + return -ENODEV; + is_a83t = sunxi_mc_smp_data[i].is_a83t; of_node_put(node); --- base-commit: f1fcbaa18b28dec10281551dfe6ed3a3ed80e3d6 change-id: 20230516-sunxi-bc9dda2d228e Best regards, -- Nick Desaulniers <ndesaulniers@google.com>
WARNING: multiple messages have this Message-ID (diff)
From: ndesaulniers@google.com To: Chen-Yu Tsai <wens@csie.org>, Jernej Skrabec <jernej.skrabec@gmail.com>, Samuel Holland <samuel@sholland.org> Cc: Russell King <linux@armlinux.org.uk>, Arnd Bergmann <arnd@arndb.de>, linux-arm-kernel@lists.infradead.org, linux-sunxi@lists.linux.dev, linux-kernel@vger.kernel.org, Nick Desaulniers <ndesaulniers@google.com> Subject: [PATCH] ARM: sunxi: fix return code check of of_property_match_string Date: Tue, 16 May 2023 09:35:24 -0700 [thread overview] Message-ID: <20230516-sunxi-v1-1-ac4b9651a8c1@google.com> (raw) of_property_match_string returns an int; either an index from 0 or greater if successful or negative on failure. Fixes the following splat observed with UBSAN: [ 0.166489][ T1] UBSAN: array-index-out-of-bounds in arch/arm/mach-sunxi/mc_smp.c:810:29 [ 0.166934][ T1] index 2 is out of range for type 'sunxi_mc_smp_data [2]' [ 0.167206][ T1] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.4.0-rc2 #1 [ 0.167515][ T1] Hardware name: Generic DT based system [ 0.167727][ T1] unwind_backtrace from show_stack+0x18/0x1c [ 0.167979][ T1] show_stack from dump_stack_lvl+0x68/0x90 [ 0.168226][ T1] dump_stack_lvl from ubsan_epilogue+0x8/0x34 [ 0.168474][ T1] ubsan_epilogue from __ubsan_handle_out_of_bounds+0x78/0x80 [ 0.168760][ T1] __ubsan_handle_out_of_bounds from sunxi_mc_smp_init+0xe8/0x574 [ 0.169100][ T1] sunxi_mc_smp_init from do_one_initcall+0x178/0x9c8 [ 0.169364][ T1] do_one_initcall from kernel_init_freeable+0x1dc/0x28c [ 0.169661][ T1] kernel_init_freeable from kernel_init+0x20/0x164 [ 0.169912][ T1] kernel_init from ret_from_fork+0x14/0x2c Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> --- arch/arm/mach-sunxi/mc_smp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-sunxi/mc_smp.c b/arch/arm/mach-sunxi/mc_smp.c index cb63921232a6..c7635e9e36ef 100644 --- a/arch/arm/mach-sunxi/mc_smp.c +++ b/arch/arm/mach-sunxi/mc_smp.c @@ -782,7 +782,7 @@ static int __init sunxi_mc_smp_init(void) struct device_node *node; struct resource res; void __iomem *addr; - int i, ret; + int i, ret = -1; /* * Don't bother checking the "cpus" node, as an enable-method @@ -803,10 +803,13 @@ static int __init sunxi_mc_smp_init(void) for (i = 0; i < ARRAY_SIZE(sunxi_mc_smp_data); i++) { ret = of_property_match_string(node, "enable-method", sunxi_mc_smp_data[i].enable_method); - if (!ret) + if (ret >= 0) break; } + if (ret < 0) + return -ENODEV; + is_a83t = sunxi_mc_smp_data[i].is_a83t; of_node_put(node); --- base-commit: f1fcbaa18b28dec10281551dfe6ed3a3ed80e3d6 change-id: 20230516-sunxi-bc9dda2d228e Best regards, -- Nick Desaulniers <ndesaulniers@google.com> _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2023-05-16 16:35 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-05-16 16:35 ndesaulniers [this message] 2023-05-16 16:35 ` [PATCH] ARM: sunxi: fix return code check of of_property_match_string ndesaulniers 2023-05-16 18:34 ` Florian Fainelli 2023-05-16 18:34 ` Florian Fainelli 2023-05-22 19:55 ` Nick Desaulniers 2023-05-22 19:55 ` Nick Desaulniers
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230516-sunxi-v1-1-ac4b9651a8c1@google.com \ --to=ndesaulniers@google.com \ --cc=arnd@arndb.de \ --cc=jernej.skrabec@gmail.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-sunxi@lists.linux.dev \ --cc=linux@armlinux.org.uk \ --cc=samuel@sholland.org \ --cc=wens@csie.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.