From patchwork Wed Dec 12 03:27:00 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Inderpal Singh <inderpal.singh@linaro.org>
X-Patchwork-Id: 13486
Return-Path: <patch+caf_=linaro-patchwork=canonical.com@linaro.org>
X-Original-To: patchwork@peony.canonical.com
Delivered-To: patchwork@peony.canonical.com
Received: from fiordland.canonical.com (fiordland.canonical.com
 [91.189.94.145])
 by peony.canonical.com (Postfix) with ESMTP id C5D0B2425B
 for <patchwork@peony.canonical.com>;
 Wed, 12 Dec 2012 03:26:59 +0000 (UTC)
Received: from mail-ia0-f171.google.com (mail-ia0-f171.google.com
 [209.85.210.171])
 by fiordland.canonical.com (Postfix) with ESMTP id 6B85FA18059
 for <linaro-patchwork@canonical.com>;
 Wed, 12 Dec 2012 03:26:59 +0000 (UTC)
Received: by mail-ia0-f171.google.com with SMTP id k27so341061iad.2
 for <linaro-patchwork@canonical.com>;
 Tue, 11 Dec 2012 19:26:58 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-forwarded-to:x-forwarded-for:delivered-to:received-spf:from:to:cc
 :subject:date:message-id:x-mailer:x-gm-message-state;
 bh=o2rJZDT/7JQGnVmuizRYkF/Bqui8/mdbImqqInBfymc=;
 b=p3i+r6RSeyQ8OZnAIYhJRcxNbBnd6XolbuMxjavzZnUQ6DX2h6tfBHP9KVkM09NI1Q
 +QsqrP/3s+edhTXGsZM0SeulKj5TejR1aBYxDtQcd3rq5hPGSr1oLiqntFPCl0bc5P8l
 kMOEotEwOsZWsNizRjuW6ixEu0E3Gj3AFvPi2TRrRh91dUr100T9fxWi4lebZe716LV3
 iyfQt27v6KGv64JymIvMzgP1KGZGgbKAta4ALP3kHWNRiU8xkUO4kgnZFdY+1Aplk7p1
 +i/KH14/dr6rfvciUmwP962NqPR8LUP9/luiHpVB74ElAyDuEK9oIAjfDyUngEEysfLS
 SgAQ==
Received: by 10.43.49.199 with SMTP id vb7mr283787icb.6.1355282818846;
 Tue, 11 Dec 2012 19:26:58 -0800 (PST)
X-Forwarded-To: linaro-patchwork@canonical.com
X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com
Delivered-To: patches@linaro.org
Received: by 10.50.67.148 with SMTP id n20csp173929igt;
 Tue, 11 Dec 2012 19:26:58 -0800 (PST)
Received: by 10.68.234.98 with SMTP id ud2mr960417pbc.136.1355282817678;
 Tue, 11 Dec 2012 19:26:57 -0800 (PST)
Received: from mail-pa0-f46.google.com (mail-pa0-f46.google.com
 [209.85.220.46]) by mx.google.com with ESMTPS id
 a9si27177277paz.229.2012.12.11.19.26.57
 (version=TLSv1/SSLv3 cipher=OTHER);
 Tue, 11 Dec 2012 19:26:57 -0800 (PST)
Received-SPF: neutral (google.com: 209.85.220.46 is neither permitted nor
 denied by best guess record for domain of
 inderpal.singh@linaro.org) client-ip=209.85.220.46; 
Authentication-Results: mx.google.com;
 spf=neutral (google.com: 209.85.220.46 is neither
 permitted nor denied by best guess record for domain of
 inderpal.singh@linaro.org)
 smtp.mail=inderpal.singh@linaro.org
Received: by mail-pa0-f46.google.com with SMTP id bh2so170626pad.19
 for <patches@linaro.org>; Tue, 11 Dec 2012 19:26:57 -0800 (PST)
Received: by 10.68.244.135 with SMTP id xg7mr1104876pbc.87.1355282817016;
 Tue, 11 Dec 2012 19:26:57 -0800 (PST)
Received: from inder-ubuntu.sisodomain.com ([115.113.119.130])
 by mx.google.com with ESMTPS id
 mn5sm14828519pbc.12.2012.12.11.19.26.53
 (version=TLSv1/SSLv3 cipher=OTHER);
 Tue, 11 Dec 2012 19:26:56 -0800 (PST)
From: Inderpal Singh <inderpal.singh@linaro.org>
To: linux-kernel@vger.kernel.org
Cc: sbkim73@samsung.com, lrg@ti.com, broonie@opensource.wolfsonmicro.com,
 kgene.kim@samsung.com, linux-samsung-soc@vger.kernel.org,
 patches@linaro.org
Subject: [PATCH] regulator: s5m8767: Fix probe failure due to stack corruption
Date: Wed, 12 Dec 2012 08:57:00 +0530
Message-Id: <1355282820-18364-1-git-send-email-inderpal.singh@linaro.org>
X-Mailer: git-send-email 1.7.9.5
X-Gm-Message-State: ALoCoQmxGec1NgOjkiXY94q+25hUVmU95e4H+u+ByjFzcwdGw6OWoBSBrbAc8Op5fpSpG/P4frIe

The function sec_reg_read invokes regmap_read which expects unsigned int *
as the destination address. The existing driver is passing address of local
variable "val" which is u8. This causes the stack corruption and following
dump is observed during probe.

Hence change "val" from u8 to unsigned int.

Unable to handle kernel paging request at virtual address 02410020
pgd = c0004000
[02410020] *pgd=00000000
Internal error: Oops: 80000005 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0    Not tainted  (3.6.0-00696-g98a28b18-dirty #27)
PC is at 0x2410020
LR is at _regulator_get_voltage+0x3c/0x70
pc : [<02410020>]    lr : [<c02395d4>]    psr: 20000013
sp : cf839b68  ip : 00000000  fp : cf92d410
r10: 0000cfd0  r9 : c06d9878  r8 : 0000f0a0
r7 : cf839b70  r6 : cf92d400  r5 : 00000011  r4 : cf000000
r3 : 02410020  r2 : 00000000  r1 : 00000048  r0 : cf000000
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
...........................
.................................

[<c02395d4>] (_regulator_get_voltage+0x3c/0x70) from [<c023ad80>] (print_constraints+0x50/0x36c)
[<c023ad80>] (print_constraints+0x50/0x36c) from [<c023e504>] (set_machine_constraints+0xe8/0x2b0)
[<c023e504>] (set_machine_constraints+0xe8/0x2b0) from [<c023e9c8>] (regulator_register+0x2fc/0x604)
[<c023e9c8>] (regulator_register+0x2fc/0x604) from [<c049d628>] (s5m8767_pmic_probe+0x688/0x718)
[<c049d628>] (s5m8767_pmic_probe+0x688/0x718) from [<c029915c>] (platform_drv_probe+0x18/0x1c)
[<c029915c>] (platform_drv_probe+0x18/0x1c) from [<c0297dd0>] (really_probe+0x68/0x1f4)
[<c0297dd0>] (really_probe+0x68/0x1f4) from [<c0298070>] (driver_probe_device+0x30/0x48)

Signed-off-by: Inderpal Singh <inderpal.singh@linaro.org>
---
 drivers/regulator/s5m8767.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/regulator/s5m8767.c b/drivers/regulator/s5m8767.c
index 8ef5b33..9e6850f 100644
--- a/drivers/regulator/s5m8767.c
+++ b/drivers/regulator/s5m8767.c
@@ -214,7 +214,7 @@ static int s5m8767_reg_is_enabled(struct regulator_dev *rdev)
 	struct s5m8767_info *s5m8767 = rdev_get_drvdata(rdev);
 	int ret, reg;
 	int mask = 0xc0, enable_ctrl;
-	u8 val;
+	unsigned int val;
 
 	ret = s5m8767_get_register(rdev, &reg, &enable_ctrl);
 	if (ret == -EINVAL)
@@ -306,7 +306,7 @@ static int s5m8767_get_voltage_sel(struct regulator_dev *rdev)
 	struct s5m8767_info *s5m8767 = rdev_get_drvdata(rdev);
 	int reg, mask, ret;
 	int reg_id = rdev_get_id(rdev);
-	u8 val;
+	unsigned int val;
 
 	ret = s5m8767_get_voltage_register(rdev, &reg);
 	if (ret)