[PATCH master] clk: rockchip: pll fix out of bounds read
Ahmad Fatoum
a.fatoum at pengutronix.de
Tue Dec 5 00:10:52 PST 2023
parent_names[1] is only valid for PLLs that are not of the type pll_rk3328.
Yet, the code references it anyway unconditionally, triggering a KASan
error. Fix this by slightly reworking the code.
This issue also seems to exist upstream in Linux.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
drivers/clk/rockchip/clk-pll.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/clk/rockchip/clk-pll.c b/drivers/clk/rockchip/clk-pll.c
index ee0603557567..b4152b03b19f 100644
--- a/drivers/clk/rockchip/clk-pll.c
+++ b/drivers/clk/rockchip/clk-pll.c
@@ -1101,19 +1101,21 @@ struct clk *rockchip_clk_register_pll(struct rockchip_clk_provider *ctx,
pll_type == pll_rk3588_core)
pll_mux->flags |= CLK_MUX_HIWORD_MASK;
- /* the actual muxing is xin24m, pll-output, xin32k */
- pll_parents[0] = parent_names[0];
- pll_parents[1] = pll_name;
- pll_parents[2] = parent_names[1];
-
init.name = name;
init.flags = CLK_SET_RATE_PARENT;
init.ops = pll->pll_mux_ops;
init.parent_names = pll_parents;
- if (pll_type == pll_rk3328)
+
+ /* the actual muxing is xin24m, pll-output, xin32k */
+ pll_parents[0] = parent_names[0];
+ pll_parents[1] = pll_name;
+
+ if (pll_type == pll_rk3328) {
init.num_parents = 2;
- else
+ } else {
+ pll_parents[2] = parent_names[1];
init.num_parents = ARRAY_SIZE(pll_parents);
+ }
mux_clk = clk_register(NULL, &pll_mux->hw);
if (IS_ERR(mux_clk))
--
2.39.2
More information about the barebox
mailing list