1. Patchew
  2. linux
  3. [PATCH 0/2] clk: Fix a core error path and missing qcom camcc-x1e80100 enum
  4. View patch

[PATCH 1/2] clk: Fix clk_core_get NULL dereference

Bryan O'Donoghue posted 2 patches 1 year, 11 months ago
[PATCH 1/2] clk: Fix clk_core_get NULL dereference
Posted by Bryan O'Donoghue 1 year, 11 months ago 
It is possible for clk_core_get to dereference a NULL in the following
sequence:

clk_core_get()
    of_clk_get_hw_from_clkspec()
        __of_clk_get_hw_from_provider()
            __clk_get_hw()

__clk_get_hw() can return NULL which is dereferenced by clk_core_get() at
hw->core.

Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based
clk_lookups") the check IS_ERR_OR_NULL() was performed which would have
caught the NULL.

Reading the description of this function it talks about returning NULL but
that cannot be so at the moment.

Update the function to check for hw before dereferencing it and return NULL
if hw is NULL.

Fixes: dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups")
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
---
 drivers/clk/clk.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c
index a3bc7fb90d0f..25371c91a58f 100644
--- a/drivers/clk/clk.c
+++ b/drivers/clk/clk.c
@@ -418,6 +418,9 @@ static struct clk_core *clk_core_get(struct clk_core *core, u8 p_index)
 	if (IS_ERR(hw))
 		return ERR_CAST(hw);
 
+	if (!hw)
+		return NULL;
+
 	return hw->core;
 }
 

-- 
2.43.0
Re: [PATCH 1/2] clk: Fix clk_core_get NULL dereference
Posted by Stephen Boyd 1 year, 11 months ago 
Quoting Bryan O'Donoghue (2024-03-01 16:52:14)
> It is possible for clk_core_get to dereference a NULL in the following
> sequence:
> 
> clk_core_get()
>     of_clk_get_hw_from_clkspec()
>         __of_clk_get_hw_from_provider()
>             __clk_get_hw()
> 
> __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at
> hw->core.
> 
> Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based
> clk_lookups") the check IS_ERR_OR_NULL() was performed which would have
> caught the NULL.
> 
> Reading the description of this function it talks about returning NULL but
> that cannot be so at the moment.
> 
> Update the function to check for hw before dereferencing it and return NULL
> if hw is NULL.
> 
> Fixes: dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups")
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
> ---

I dug through a bunch of old patches and this looks right. I'm not sure
why a provider would ever return NULL though. A NULL pointer means that
the parent is never going to appear so we shouldn't treat this clk as
orphaned in case the clk needs to be clk_get()able and change parents.
This was all part of my plan to introduce a clk_parent_hw() clk op that
returns a pointer and then implement probe defer through clk_get() when
a clk is orphaned. A NULL clk also means a clk is optional and not
there.

Anyway, I've applied this to clk-next. I hope to send out the
clk_parent_hw clk op series soon.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.