drivers/interconnect/icc-clk.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
With the new __counted_by annotation, the "num_nodes" struct member must
be set before accessing the "nodes" array. This initialization was done
in other places where a new struct icc_onecell_data is allocated, but this
case in icc_clk_register() was missed. Set "num_nodes" after allocation.
Fixes: dd4904f3b924 ("interconnect: qcom: Annotate struct icc_onecell_data with __counted_by")
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Georgi Djakov <djakov@kernel.org>
Cc: linux-pm@vger.kernel.org
---
drivers/interconnect/icc-clk.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/interconnect/icc-clk.c b/drivers/interconnect/icc-clk.c
index f788db15cd76..b956e4050f38 100644
--- a/drivers/interconnect/icc-clk.c
+++ b/drivers/interconnect/icc-clk.c
@@ -87,6 +87,7 @@ struct icc_provider *icc_clk_register(struct device *dev,
onecell = devm_kzalloc(dev, struct_size(onecell, nodes, 2 * num_clocks), GFP_KERNEL);
if (!onecell)
return ERR_PTR(-ENOMEM);
+ onecell->num_nodes = 2 * num_clocks;
qp = devm_kzalloc(dev, struct_size(qp, clocks, num_clocks), GFP_KERNEL);
if (!qp)
@@ -133,8 +134,6 @@ struct icc_provider *icc_clk_register(struct device *dev,
onecell->nodes[j++] = node;
}
- onecell->num_nodes = j;
-
ret = icc_provider_register(provider);
if (ret)
goto err;
--
2.34.1
On 16/07/24 15:48, Kees Cook wrote:
> With the new __counted_by annotation, the "num_nodes" struct member must
> be set before accessing the "nodes" array. This initialization was done
> in other places where a new struct icc_onecell_data is allocated, but this
> case in icc_clk_register() was missed. Set "num_nodes" after allocation.
>
> Fixes: dd4904f3b924 ("interconnect: qcom: Annotate struct icc_onecell_data with __counted_by")
> Signed-off-by: Kees Cook <kees@kernel.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Thanks
--
Gustavo
> ---
> Cc: Georgi Djakov <djakov@kernel.org>
> Cc: linux-pm@vger.kernel.org
> ---
> drivers/interconnect/icc-clk.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/interconnect/icc-clk.c b/drivers/interconnect/icc-clk.c
> index f788db15cd76..b956e4050f38 100644
> --- a/drivers/interconnect/icc-clk.c
> +++ b/drivers/interconnect/icc-clk.c
> @@ -87,6 +87,7 @@ struct icc_provider *icc_clk_register(struct device *dev,
> onecell = devm_kzalloc(dev, struct_size(onecell, nodes, 2 * num_clocks), GFP_KERNEL);
> if (!onecell)
> return ERR_PTR(-ENOMEM);
> + onecell->num_nodes = 2 * num_clocks;
>
> qp = devm_kzalloc(dev, struct_size(qp, clocks, num_clocks), GFP_KERNEL);
> if (!qp)
> @@ -133,8 +134,6 @@ struct icc_provider *icc_clk_register(struct device *dev,
> onecell->nodes[j++] = node;
> }
>
> - onecell->num_nodes = j;
> -
> ret = icc_provider_register(provider);
> if (ret)
> goto err;
© 2016 - 2025 Red Hat, Inc.