From patchwork Mon Feb 27 10:24:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arseniy Krasnov X-Patchwork-Id: 13153164 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 39FD6C64ED6 for ; Mon, 27 Feb 2023 10:27:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=KzjlCHcRLquQ6TwuAED2yCLQQM/bYHk+XSNgPrmTPio=; b=SmxhijAYxKELLA dOjDu7sgk2OrbiC8gveRNG1umRgvA0NmVVQsFMenPAroLNi3dhRqWBKe+3I9egCgJm+CQYs0Wc3dC qF3vUjw3Va11kVxtti07zGJXFf3vUtAaT1BObgqjIbun9pR0gejSJ+KRvhjEM6SF7H7B5TxFJA/4C HqmRTZf8eFhQa2Dp6Bjq/1oZovNe2VVJxtGOUY4AgcvwutwaS/HsQlX5cdl15HyRl1AiKBbPUnNUo A1LOvkFJSzQ5bTJjL5Og1x2XUAXcKP/4PBHP4URSyj4eGWgQhgXwhshSlwrDzuF8EnXONuCxi/BwB JORwIBxy/Kv50g3679Cw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pWajA-009Di0-0f; Mon, 27 Feb 2023 10:27:28 +0000 Received: from mx.sberdevices.ru ([45.89.227.171]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pWaj6-009Dge-66; Mon, 27 Feb 2023 10:27:26 +0000 Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id B35CD5FD10; Mon, 27 Feb 2023 13:27:21 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1677493641; bh=MppIxpko7T4GyVpYzjU00G1Fh//Y3U4fwtIp1SQRQQs=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=f2zOtEnYwDtmf4p/2hvUN+8nu7fNT4bz4kUP4hesggNnrWUVp+T7FX3kzffzdZgS9 K6bTHUazjr3jxPPjxccAL53iH59c5SaSb6yBLuy2FfBTsZLacytXn/lSd84pJoS7XL RW15ufVODD+fkzSKh0piYhpwKO6G5+o/TckjovR5SDv1+e4zHDRc4b1t7s83Y/HXuZ BLUeWtZvsDvKN0HeqEEVk26zcbBzPaSKpZNOTf9xqP06nFZ7mJqYViDiMKUEprh4KV l2RrfyIGOXIc/y+pLwJ/bBR4q3syVhodpdhimUhpRmgUDVBBevO7EWd09U07hXOWlO 5wsHW5lm4SY+g== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Mon, 27 Feb 2023 13:27:20 +0300 (MSK) From: Arseniy Krasnov To: Liang Yang , Miquel Raynal , Richard Weinberger , Vignesh Raghavendra , Neil Armstrong , Kevin Hilman , Jerome Brunet , Martin Blumenstingl CC: , , , , , , Arseniy Krasnov Subject: [PATCH v4] mtd: rawnand: meson: initialize struct with zeroes Date: Mon, 27 Feb 2023 13:24:25 +0300 Message-ID: <20230227102425.793841-1-AVKrasnov@sberdevices.ru> X-Mailer: git-send-email 2.35.0 MIME-Version: 1.0 X-Originating-IP: [172.16.1.6] X-ClientProxiedBy: S-MS-EXCH02.sberdevices.ru (172.16.1.5) To S-MS-EXCH01.sberdevices.ru (172.16.1.4) X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/02/27 08:09:00 #20900247 X-KSMG-AntiVirus-Status: Clean, skipped X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230227_022724_628009_BB19B590 X-CRM114-Status: GOOD ( 12.16 ) X-BeenThere: linux-amlogic@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-amlogic" Errors-To: linux-amlogic-bounces+linux-amlogic=archiver.kernel.org@lists.infradead.org This structure must be zeroed, because it's field 'hw->core' is used as 'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized. This happens, because when this struct is not zeroed, pointer 'hw' is "initialized" by garbage, which is valid pointer, but points to some garbage. So 'hw' will be dereferenced, but 'core' contains some random data which will be interpreted as a pointer. The following backtrace is result of dereference of such pointer: [ 1.081319] __clk_register+0x414/0x820 [ 1.085113] devm_clk_register+0x64/0xd0 [ 1.088995] meson_nfc_probe+0x258/0x6ec [ 1.092875] platform_probe+0x70/0xf0 [ 1.096498] really_probe+0xc8/0x3e0 [ 1.100034] __driver_probe_device+0x84/0x190 [ 1.104346] driver_probe_device+0x44/0x120 [ 1.108487] __driver_attach+0xb4/0x220 [ 1.112282] bus_for_each_dev+0x78/0xd0 [ 1.116077] driver_attach+0x2c/0x40 [ 1.119613] bus_add_driver+0x184/0x240 [ 1.123408] driver_register+0x80/0x140 [ 1.127203] __platform_driver_register+0x30/0x40 [ 1.131860] meson_nfc_driver_init+0x24/0x30 Changelog: v1 -> v2: * More details in the commit message. v2 -> v3: * Add 'a' article to "interpreted as a pointer". v3 -> v4: * Add changelog. Fixes: 1e4d3ba66888 ("mtd: rawnand: meson: fix the clock") Signed-off-by: Arseniy Krasnov Acked-by: Martin Blumenstingl Reviewed-by: Neil Armstrong --- drivers/mtd/nand/raw/meson_nand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c index 5ee01231ac4c..30e326adabfc 100644 --- a/drivers/mtd/nand/raw/meson_nand.c +++ b/drivers/mtd/nand/raw/meson_nand.c @@ -991,7 +991,7 @@ static const struct mtd_ooblayout_ops meson_ooblayout_ops = { static int meson_nfc_clk_init(struct meson_nfc *nfc) { - struct clk_parent_data nfc_divider_parent_data[1]; + struct clk_parent_data nfc_divider_parent_data[1] = {0}; struct clk_init_data init = {0}; int ret;