diff mbox series

clk: kirkwood: Fix a clocking boot regression

Message ID 20210814235514.403426-1-linus.walleij@linaro.org
State Accepted
Commit aaedb9e00e5400220a8871180d23a83e67f29f63
Headers show
Series clk: kirkwood: Fix a clocking boot regression | expand

Commit Message

Linus Walleij Aug. 14, 2021, 11:55 p.m. UTC
Since a few kernel releases the Pogoplug 4 has crashed like this
during boot:

Unable to handle kernel NULL pointer dereference at virtual address 00000002
(...)
[<c04116ec>] (strlen) from [<c00ead80>] (kstrdup+0x1c/0x4c)
[<c00ead80>] (kstrdup) from [<c04591d8>] (__clk_register+0x44/0x37c)
[<c04591d8>] (__clk_register) from [<c04595ec>] (clk_hw_register+0x20/0x44)
[<c04595ec>] (clk_hw_register) from [<c045bfa8>] (__clk_hw_register_mux+0x198/0x1e4)
[<c045bfa8>] (__clk_hw_register_mux) from [<c045c050>] (clk_register_mux_table+0x5c/0x6c)
[<c045c050>] (clk_register_mux_table) from [<c0acf3e0>] (kirkwood_clk_muxing_setup.constprop.0+0x13c/0x1ac)
[<c0acf3e0>] (kirkwood_clk_muxing_setup.constprop.0) from [<c0aceae0>] (of_clk_init+0x12c/0x214)
[<c0aceae0>] (of_clk_init) from [<c0ab576c>] (time_init+0x20/0x2c)
[<c0ab576c>] (time_init) from [<c0ab3d18>] (start_kernel+0x3dc/0x56c)
[<c0ab3d18>] (start_kernel) from [<00000000>] (0x0)
Code: e3130020 1afffffb e12fff1e c08a1078 (e5d03000)

This is because the "powersave" mux clock 0 was provided in an unterminated
array, which is required by the loop in the driver:

        /* Count, allocate, and register clock muxes */
        for (n = 0; desc[n].name;)
                n++;

Here n will go out of bounds and then call clk_register_mux() on random
memory contents after the mux clock.

Fix this by terminating the array with a blank entry.

Fixes: 105299381d87 ("cpufreq: kirkwood: use the powersave multiplexer")
Cc: stable@vger.kernel.org
Cc: Andrew Lunn <andrew@lunn.ch>
Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>
Cc: Gregory CLEMENT <gregory.clement@bootlin.com>
Cc: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>

---
 drivers/clk/mvebu/kirkwood.c | 1 +
 1 file changed, 1 insertion(+)

-- 
2.31.1

Comments

Andrew Lunn Aug. 15, 2021, 2:40 p.m. UTC | #1
On Sun, Aug 15, 2021 at 01:55:14AM +0200, Linus Walleij wrote:
> Since a few kernel releases the Pogoplug 4 has crashed like this

> during boot:

> 

> Unable to handle kernel NULL pointer dereference at virtual address 00000002

> (...)

> [<c04116ec>] (strlen) from [<c00ead80>] (kstrdup+0x1c/0x4c)

> [<c00ead80>] (kstrdup) from [<c04591d8>] (__clk_register+0x44/0x37c)

> [<c04591d8>] (__clk_register) from [<c04595ec>] (clk_hw_register+0x20/0x44)

> [<c04595ec>] (clk_hw_register) from [<c045bfa8>] (__clk_hw_register_mux+0x198/0x1e4)

> [<c045bfa8>] (__clk_hw_register_mux) from [<c045c050>] (clk_register_mux_table+0x5c/0x6c)

> [<c045c050>] (clk_register_mux_table) from [<c0acf3e0>] (kirkwood_clk_muxing_setup.constprop.0+0x13c/0x1ac)

> [<c0acf3e0>] (kirkwood_clk_muxing_setup.constprop.0) from [<c0aceae0>] (of_clk_init+0x12c/0x214)

> [<c0aceae0>] (of_clk_init) from [<c0ab576c>] (time_init+0x20/0x2c)

> [<c0ab576c>] (time_init) from [<c0ab3d18>] (start_kernel+0x3dc/0x56c)

> [<c0ab3d18>] (start_kernel) from [<00000000>] (0x0)

> Code: e3130020 1afffffb e12fff1e c08a1078 (e5d03000)

> 

> This is because the "powersave" mux clock 0 was provided in an unterminated

> array, which is required by the loop in the driver:

> 

>         /* Count, allocate, and register clock muxes */

>         for (n = 0; desc[n].name;)

>                 n++;

> 

> Here n will go out of bounds and then call clk_register_mux() on random

> memory contents after the mux clock.

> 

> Fix this by terminating the array with a blank entry.

> 

> Fixes: 105299381d87 ("cpufreq: kirkwood: use the powersave multiplexer")

> Cc: stable@vger.kernel.org

> Cc: Andrew Lunn <andrew@lunn.ch>

> Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>

> Cc: Gregory CLEMENT <gregory.clement@bootlin.com>

> Cc: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>

> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>


Thanks Linus

Reviewed-by: Andrew Lunn <andrew@lunn.ch>


    Andrew
Stephen Boyd Aug. 29, 2021, 4:11 a.m. UTC | #2
Quoting Linus Walleij (2021-08-14 16:55:14)
> Since a few kernel releases the Pogoplug 4 has crashed like this

> during boot:

> 

> Unable to handle kernel NULL pointer dereference at virtual address 00000002

> (...)

> [<c04116ec>] (strlen) from [<c00ead80>] (kstrdup+0x1c/0x4c)

> [<c00ead80>] (kstrdup) from [<c04591d8>] (__clk_register+0x44/0x37c)

> [<c04591d8>] (__clk_register) from [<c04595ec>] (clk_hw_register+0x20/0x44)

> [<c04595ec>] (clk_hw_register) from [<c045bfa8>] (__clk_hw_register_mux+0x198/0x1e4)

> [<c045bfa8>] (__clk_hw_register_mux) from [<c045c050>] (clk_register_mux_table+0x5c/0x6c)

> [<c045c050>] (clk_register_mux_table) from [<c0acf3e0>] (kirkwood_clk_muxing_setup.constprop.0+0x13c/0x1ac)

> [<c0acf3e0>] (kirkwood_clk_muxing_setup.constprop.0) from [<c0aceae0>] (of_clk_init+0x12c/0x214)

> [<c0aceae0>] (of_clk_init) from [<c0ab576c>] (time_init+0x20/0x2c)

> [<c0ab576c>] (time_init) from [<c0ab3d18>] (start_kernel+0x3dc/0x56c)

> [<c0ab3d18>] (start_kernel) from [<00000000>] (0x0)

> Code: e3130020 1afffffb e12fff1e c08a1078 (e5d03000)

> 

> This is because the "powersave" mux clock 0 was provided in an unterminated

> array, which is required by the loop in the driver:

> 

>         /* Count, allocate, and register clock muxes */

>         for (n = 0; desc[n].name;)

>                 n++;

> 

> Here n will go out of bounds and then call clk_register_mux() on random

> memory contents after the mux clock.

> 

> Fix this by terminating the array with a blank entry.

> 

> Fixes: 105299381d87 ("cpufreq: kirkwood: use the powersave multiplexer")

> Cc: stable@vger.kernel.org

> Cc: Andrew Lunn <andrew@lunn.ch>

> Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>

> Cc: Gregory CLEMENT <gregory.clement@bootlin.com>

> Cc: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>

> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>

> ---


Applied to clk-next
diff mbox series

Patch

diff --git a/drivers/clk/mvebu/kirkwood.c b/drivers/clk/mvebu/kirkwood.c
index 47680237d0be..43b31af3a2ce 100644
--- a/drivers/clk/mvebu/kirkwood.c
+++ b/drivers/clk/mvebu/kirkwood.c
@@ -265,6 +265,7 @@  static const char *powersave_parents[] = {
 static const struct clk_muxing_soc_desc kirkwood_mux_desc[] __initconst = {
 	{ "powersave", powersave_parents, ARRAY_SIZE(powersave_parents),
 		11, 1, 0 },
+	{ },
 };
 
 static struct clk *clk_muxing_get_src(