| Message ID | a0f6184c-c2b5-4e8d-9b8a-867ae83f3094@kili.mountain |
|---|---|
| State | Superseded |
| Headers | show |
| Series | interconnect: qcom: rpm: allocate enough data in probe() | expand |
On Tue, May 23, 2023 at 10:31:27AM +0200, Konrad Dybcio wrote: > > > On 23.05.2023 10:11, Dan Carpenter wrote: > > This was allocating "sizeof(qp->intf_clks)" which is the size of a > > pointer instead of "sizeof(*qp->intf_clks)" which is the size of the > > struct (8 bytes vs 16 bytes on a 64bit system). > > > > Fixes: 2e2113c8a64f ("interconnect: qcom: rpm: Handle interface clocks") > > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > Whoops. Guess I was just really really lucky that nothing blew up for me. > > Thanks. > > Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org> Hold up. Wait... Let's not apply this. The bug is more severe than I saw initially. It should be: qp->intf_clks = devm_kcalloc(dev, cd_num, sizeof(*qp->intf_clks), GFP_KERNEL); Did we only test with cd_num set to zero? regards, dan carpenter
diff --git a/drivers/interconnect/qcom/icc-rpm.c b/drivers/interconnect/qcom/icc-rpm.c index f4627c4a1bdd..7a21a03a0382 100644 --- a/drivers/interconnect/qcom/icc-rpm.c +++ b/drivers/interconnect/qcom/icc-rpm.c @@ -436,7 +436,7 @@ int qnoc_probe(struct platform_device *pdev) if (!qp) return -ENOMEM; - qp->intf_clks = devm_kzalloc(dev, sizeof(qp->intf_clks), GFP_KERNEL); + qp->intf_clks = devm_kzalloc(dev, sizeof(*qp->intf_clks), GFP_KERNEL); if (!qp->intf_clks) return -ENOMEM;
This was allocating "sizeof(qp->intf_clks)" which is the size of a pointer instead of "sizeof(*qp->intf_clks)" which is the size of the struct (8 bytes vs 16 bytes on a 64bit system). Fixes: 2e2113c8a64f ("interconnect: qcom: rpm: Handle interface clocks") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- drivers/interconnect/qcom/icc-rpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)