| Message ID | 1341439772-649-1-git-send-email-linus.walleij@linaro.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 20120705-00:09, Linus Walleij wrote: > The clk_change_rate() code would dereference clk->parent > to get clk->parent->rate without first checking that clk->parent > was valid. This doesn't work if the clock is (A) a root clock > and (B) can change rate. Such is the case with a VCO clock > like the ICST which consequently crash like this without > this patch: > > Unable to handle kernel NULL pointer dereference at virtual address 0000001c > pgd = c0004000 > [0000001c] *pgd=00000000 > Internal error: Oops: 5 [#1] PREEMPT ARM > Modules linked in: > CPU: 0 Not tainted (3.5.0-rc3-00003-g8156866-dirty #193) > PC is at clk_change_rate+0x34/0xd8 > LR is at clk_change_rate+0x18/0xd8 > > Cc: stable@kernel.org > Cc: Mike Turquette <mturquette@linaro.org> > Cc: Ulf Hansson <ulf.hansson@stericsson.com> > Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Hi Linus, This has been fixed in Pawell's patch, "clk: Check parent for NULL in clk_change_rate". Thanks, Mike > --- > drivers/clk/clk.c | 22 +++++++++++++++------- > 1 file changed, 15 insertions(+), 7 deletions(-) > > diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c > index 687b00d..032d79c 100644 > --- a/drivers/clk/clk.c > +++ b/drivers/clk/clk.c > @@ -854,14 +854,22 @@ static void clk_change_rate(struct clk *clk) > > old_rate = clk->rate; > > - if (clk->ops->set_rate) > - clk->ops->set_rate(clk->hw, clk->new_rate, clk->parent->rate); > + if (clk->ops->set_rate) { > + if (clk->parent) > + clk->ops->set_rate(clk->hw, clk->new_rate, > + clk->parent->rate); > + else > + clk->ops->set_rate(clk->hw, clk->new_rate, 0); > + } > > - if (clk->ops->recalc_rate) > - clk->rate = clk->ops->recalc_rate(clk->hw, > - clk->parent->rate); > - else > - clk->rate = clk->parent->rate; > + if (clk->ops->recalc_rate) { > + if (clk->parent) > + clk->rate = clk->ops->recalc_rate(clk->hw, > + clk->parent->rate); > + else > + clk->rate = clk->ops->recalc_rate(clk->hw, 0); > + } else > + clk->rate = clk->parent ? clk->parent->rate : 0; > > if (clk->notifier_count && old_rate != clk->rate) > __clk_notify(clk, POST_RATE_CHANGE, old_rate, clk->rate); > -- > 1.7.10.4 >
On Thu, Jul 12, 2012 at 1:42 AM, Mike Turquette <mturquette@ti.com> wrote: > This has been fixed in Pawell's patch, "clk: Check parent for NULL in > clk_change_rate". Yes, that'll probably work. A small nitpick though: I have slightly different semantics, Pawel's patch assigns zero if parent is NULL, then use that as fallback, whereas I check for the parent being NULL all the way. I was worried that the old sematics could change like this: So here it takes that: + if (clk->parent) + best_parent_rate = clk->parent->rate; + And I was cautious that if this changes the parent rate: + clk->ops->set_rate(clk->hw, clk->new_rate, best_parent_rate); Then this passes the old parent rate to the recalc function: + clk->rate = clk->ops->recalc_rate(clk->hw, best_parent_rate); It has no side-effects on my system but I worried about others, so I just left the behaviour to re-read the rate from the parent every time if possible. Yours, Linus Walleij
On 20120712-12:50, Linus Walleij wrote: > On Thu, Jul 12, 2012 at 1:42 AM, Mike Turquette <mturquette@ti.com> wrote: > > > This has been fixed in Pawell's patch, "clk: Check parent for NULL in > > clk_change_rate". > > Yes, that'll probably work. > > A small nitpick though: > > I have slightly different semantics, Pawel's patch assigns zero if > parent is NULL, then use that as fallback, whereas I check for the > parent being NULL all the way. I was worried that the old sematics > could change like this: > > So here it takes that: > > + if (clk->parent) > + best_parent_rate = clk->parent->rate; > + > > And I was cautious that if this changes the parent rate: > > + clk->ops->set_rate(clk->hw, clk->new_rate, best_parent_rate); > > Then this passes the old parent rate to the recalc function: > > + clk->rate = clk->ops->recalc_rate(clk->hw, best_parent_rate); > > It has no side-effects on my system but I worried about > others, so I just left the behaviour to re-read the rate from the parent > every time if possible. > Thanks for looking into it. I think for now let's keep what we have and we'll patch it up if bugs are reported. Thanks again, Mike > Yours, > Linus Walleij
diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index 687b00d..032d79c 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -854,14 +854,22 @@ static void clk_change_rate(struct clk *clk) old_rate = clk->rate; - if (clk->ops->set_rate) - clk->ops->set_rate(clk->hw, clk->new_rate, clk->parent->rate); + if (clk->ops->set_rate) { + if (clk->parent) + clk->ops->set_rate(clk->hw, clk->new_rate, + clk->parent->rate); + else + clk->ops->set_rate(clk->hw, clk->new_rate, 0); + } - if (clk->ops->recalc_rate) - clk->rate = clk->ops->recalc_rate(clk->hw, - clk->parent->rate); - else - clk->rate = clk->parent->rate; + if (clk->ops->recalc_rate) { + if (clk->parent) + clk->rate = clk->ops->recalc_rate(clk->hw, + clk->parent->rate); + else + clk->rate = clk->ops->recalc_rate(clk->hw, 0); + } else + clk->rate = clk->parent ? clk->parent->rate : 0; if (clk->notifier_count && old_rate != clk->rate) __clk_notify(clk, POST_RATE_CHANGE, old_rate, clk->rate);
The clk_change_rate() code would dereference clk->parent to get clk->parent->rate without first checking that clk->parent was valid. This doesn't work if the clock is (A) a root clock and (B) can change rate. Such is the case with a VCO clock like the ICST which consequently crash like this without this patch: Unable to handle kernel NULL pointer dereference at virtual address 0000001c pgd = c0004000 [0000001c] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT ARM Modules linked in: CPU: 0 Not tainted (3.5.0-rc3-00003-g8156866-dirty #193) PC is at clk_change_rate+0x34/0xd8 LR is at clk_change_rate+0x18/0xd8 Cc: stable@kernel.org Cc: Mike Turquette <mturquette@linaro.org> Cc: Ulf Hansson <ulf.hansson@stericsson.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> --- drivers/clk/clk.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-)