| Message ID | 20220509141716.1270-1-mario.limonciello@amd.com |
|---|---|
| State | Accepted |
| Commit | 369e4ef87a8f5da7c348ec2c61ec5cd726e8337a |
| Headers | show |
| Series | mailbox: pcc: Fix an invalid-load caught by the address sanitizer | expand |
On Mon, May 09, 2022 at 09:17:16AM -0500, Mario Limonciello wrote: > `pcc_mailbox_probe` doesn't initialize all memory that has been allocated > before the first time that one of it's members `txdone_irq` may be > accessed. > > This leads to a an invalid load any time that this member is accessed: > [ 2.429769] UBSAN: invalid-load in drivers/mailbox/pcc.c:684:22 > [ 2.430324] UBSAN: invalid-load in drivers/mailbox/mailbox.c:486:12 > [ 4.276782] UBSAN: invalid-load in drivers/acpi/cppc_acpi.c:314:45 > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=215587 > Fixes: ce028702ddbc ("mailbox: pcc: Move bulk of PCCT parsing into pcc_mbox_probe") Thanks for catching and fixing this. Reviewed-by: Sudeep Holla <sudeep.holla@arm.com> -- Regards, Sudeep
[Public] > -----Original Message----- > From: Sudeep Holla <sudeep.holla@arm.com> > Sent: Tuesday, May 10, 2022 09:47 > To: Limonciello, Mario <Mario.Limonciello@amd.com> > Cc: Jassi Brar <jassisinghbrar@gmail.com>; Sudeep Holla > <sudeep.holla@arm.com>; linux-acpi@vger.kernel.org; linux- > kernel@vger.kernel.org > Subject: Re: [PATCH] mailbox: pcc: Fix an invalid-load caught by the address > sanitizer > > On Mon, May 09, 2022 at 09:17:16AM -0500, Mario Limonciello wrote: > > `pcc_mailbox_probe` doesn't initialize all memory that has been allocated > > before the first time that one of it's members `txdone_irq` may be > > accessed. > > > > This leads to a an invalid load any time that this member is accessed: > > [ 2.429769] UBSAN: invalid-load in drivers/mailbox/pcc.c:684:22 > > [ 2.430324] UBSAN: invalid-load in drivers/mailbox/mailbox.c:486:12 > > [ 4.276782] UBSAN: invalid-load in drivers/acpi/cppc_acpi.c:314:45 > > > > Link: > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz > illa.kernel.org%2Fshow_bug.cgi%3Fid%3D215587&data=05%7C01%7Cm > ario.limonciello%40amd.com%7C2a6407ffdf5944577aee08da3293f29b%7C3dd > 8961fe4884e608e11a82d994e183d%7C0%7C0%7C637877908262860256%7CUn > known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6 > Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lTXBFYCNnM > Pt6KnL34rQWXT%2BZvdEwvmIdMWGI%2BfluCo%3D&reserved=0 > > Fixes: ce028702ddbc ("mailbox: pcc: Move bulk of PCCT parsing into > pcc_mbox_probe") > > Thanks for catching and fixing this. > > Reviewed-by: Sudeep Holla <sudeep.holla@arm.com> > > -- > Regards, > Sudeep I'll take the credit for fixing, but I realized I forgot to add a link and attribution to the original reporter. Here are some more tags to add: Reported-by: erhard_f@mailbox.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=215587
On Tue, May 10, 2022 at 02:49:12PM +0000, Limonciello, Mario wrote: > [Public] > > > -----Original Message----- > > From: Sudeep Holla <sudeep.holla@arm.com> > > Sent: Tuesday, May 10, 2022 09:47 > > To: Limonciello, Mario <Mario.Limonciello@amd.com> > > Cc: Jassi Brar <jassisinghbrar@gmail.com>; Sudeep Holla > > <sudeep.holla@arm.com>; linux-acpi@vger.kernel.org; linux- > > kernel@vger.kernel.org > > Subject: Re: [PATCH] mailbox: pcc: Fix an invalid-load caught by the address > > sanitizer > > > > On Mon, May 09, 2022 at 09:17:16AM -0500, Mario Limonciello wrote: > > > `pcc_mailbox_probe` doesn't initialize all memory that has been allocated > > > before the first time that one of it's members `txdone_irq` may be > > > accessed. > > > > > > This leads to a an invalid load any time that this member is accessed: > > > [ 2.429769] UBSAN: invalid-load in drivers/mailbox/pcc.c:684:22 > > > [ 2.430324] UBSAN: invalid-load in drivers/mailbox/mailbox.c:486:12 > > > [ 4.276782] UBSAN: invalid-load in drivers/acpi/cppc_acpi.c:314:45 > > > > > > Link: > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz > > illa.kernel.org%2Fshow_bug.cgi%3Fid%3D215587&data=05%7C01%7Cm > > ario.limonciello%40amd.com%7C2a6407ffdf5944577aee08da3293f29b%7C3dd > > 8961fe4884e608e11a82d994e183d%7C0%7C0%7C637877908262860256%7CUn > > known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6 > > Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lTXBFYCNnM > > Pt6KnL34rQWXT%2BZvdEwvmIdMWGI%2BfluCo%3D&reserved=0 > > > Fixes: ce028702ddbc ("mailbox: pcc: Move bulk of PCCT parsing into > > pcc_mbox_probe") > > > > Thanks for catching and fixing this. > > > > Reviewed-by: Sudeep Holla <sudeep.holla@arm.com> > > > > -- > > Regards, > > Sudeep > > I'll take the credit for fixing, but I realized I forgot to add a link and attribution > to the original reporter. Here are some more tags to add: > Ah OK. Not sure if the tools pick up the tags added like this. If not better to post a version with all tags added which makes it easy to apply. I see the reporter has tested it as well, so guess tested-by can be added as well. > Reported-by: erhard_f@mailbox.org > Link: https://bugzilla.kernel.org/show_bug.cgi?id=215587
[Public] > -----Original Message----- > From: Sudeep Holla <sudeep.holla@arm.com> > Sent: Tuesday, May 10, 2022 09:57 > To: Limonciello, Mario <Mario.Limonciello@amd.com> > Cc: Jassi Brar <jassisinghbrar@gmail.com>; Sudeep Holla > <sudeep.holla@arm.com>; linux-acpi@vger.kernel.org; linux- > kernel@vger.kernel.org; erhard_f@mailbox.org > Subject: Re: [PATCH] mailbox: pcc: Fix an invalid-load caught by the address > sanitizer > > On Tue, May 10, 2022 at 02:49:12PM +0000, Limonciello, Mario wrote: > > [Public] > > > > > -----Original Message----- > > > From: Sudeep Holla <sudeep.holla@arm.com> > > > Sent: Tuesday, May 10, 2022 09:47 > > > To: Limonciello, Mario <Mario.Limonciello@amd.com> > > > Cc: Jassi Brar <jassisinghbrar@gmail.com>; Sudeep Holla > > > <sudeep.holla@arm.com>; linux-acpi@vger.kernel.org; linux- > > > kernel@vger.kernel.org > > > Subject: Re: [PATCH] mailbox: pcc: Fix an invalid-load caught by the > address > > > sanitizer > > > > > > On Mon, May 09, 2022 at 09:17:16AM -0500, Mario Limonciello wrote: > > > > `pcc_mailbox_probe` doesn't initialize all memory that has been > allocated > > > > before the first time that one of it's members `txdone_irq` may be > > > > accessed. > > > > > > > > This leads to a an invalid load any time that this member is accessed: > > > > [ 2.429769] UBSAN: invalid-load in drivers/mailbox/pcc.c:684:22 > > > > [ 2.430324] UBSAN: invalid-load in drivers/mailbox/mailbox.c:486:12 > > > > [ 4.276782] UBSAN: invalid-load in drivers/acpi/cppc_acpi.c:314:45 > > > > > > > > Link: > > > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz > > > > illa.kernel.org%2Fshow_bug.cgi%3Fid%3D215587&data=05%7C01%7Cm > > > > ario.limonciello%40amd.com%7C2a6407ffdf5944577aee08da3293f29b%7C3dd > > > > 8961fe4884e608e11a82d994e183d%7C0%7C0%7C637877908262860256%7CUn > > > > known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6 > > > > Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lTXBFYCNnM > > > Pt6KnL34rQWXT%2BZvdEwvmIdMWGI%2BfluCo%3D&reserved=0 > > > > Fixes: ce028702ddbc ("mailbox: pcc: Move bulk of PCCT parsing into > > > pcc_mbox_probe") > > > > > > Thanks for catching and fixing this. > > > > > > Reviewed-by: Sudeep Holla <sudeep.holla@arm.com> > > > > > > -- > > > Regards, > > > Sudeep > > > > I'll take the credit for fixing, but I realized I forgot to add a link and > attribution > > to the original reporter. Here are some more tags to add: > > > > Ah OK. Not sure if the tools pick up the tags added like this. If not > better to post a version with all tags added which makes it easy to apply. > I see the reporter has tested it as well, so guess tested-by can be added > as well. I double checked with: "b4 am https://lore.kernel.org/linux-acpi/20220510145640.xx2b3umlrylorxgs@bogus/T/#t" It does pick up the new tags. So here is one for the tested-by for the reporter too. Tested-by: erhard_f@mailbox.org
diff --git a/drivers/mailbox/pcc.c b/drivers/mailbox/pcc.c index ed18936b8ce6..ebfa33a40fce 100644 --- a/drivers/mailbox/pcc.c +++ b/drivers/mailbox/pcc.c @@ -654,7 +654,7 @@ static int pcc_mbox_probe(struct platform_device *pdev) goto err; } - pcc_mbox_ctrl = devm_kmalloc(dev, sizeof(*pcc_mbox_ctrl), GFP_KERNEL); + pcc_mbox_ctrl = devm_kzalloc(dev, sizeof(*pcc_mbox_ctrl), GFP_KERNEL); if (!pcc_mbox_ctrl) { rc = -ENOMEM; goto err;
`pcc_mailbox_probe` doesn't initialize all memory that has been allocated before the first time that one of it's members `txdone_irq` may be accessed. This leads to a an invalid load any time that this member is accessed: [ 2.429769] UBSAN: invalid-load in drivers/mailbox/pcc.c:684:22 [ 2.430324] UBSAN: invalid-load in drivers/mailbox/mailbox.c:486:12 [ 4.276782] UBSAN: invalid-load in drivers/acpi/cppc_acpi.c:314:45 Link: https://bugzilla.kernel.org/show_bug.cgi?id=215587 Fixes: ce028702ddbc ("mailbox: pcc: Move bulk of PCCT parsing into pcc_mbox_probe") Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> --- drivers/mailbox/pcc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)