From nobody Sun Feb 8 23:19:21 2026 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 328971632FE for ; Tue, 3 Dec 2024 08:13:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733213588; cv=none; b=T115COZapVJzPzwiBZsRbW3bP2zowEtteXjWK4Yx+K+yMWZO5EQck67qRq0xulVhshxW5ulfBbvs1DjODRzC7XiTWqufpJ+DnDgr+SRLy8U43pkcweCqCspPnNQe4A7iKeqLr4URj2pYmdOHFFeNNxuhNbbz1BIAbQwUGJQdo2A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733213588; c=relaxed/simple; bh=syW7r3Ikrs3k9k6LGmXEqdNDCCEczUdWAzK0e9bMF6M=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=kzTnH4XGaBELUmT66Tx3STCdJxfuG+NnN5PSNofQjrtykIx3StjuX90QgvPBbu05RBTCzmGsafgUOjo3kN9XgTNp7ipfgCKfg0uktZKCGc9wRRF3aHl+5fDfWzZXWdGUtYusUHy5lnNxRL6jG2SBIzLIktDDKTDpG3GfN/JU5U0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=YVOvFGoF; arc=none smtp.client-ip=209.85.221.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="YVOvFGoF" Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-385e96a285eso1380619f8f.3 for ; Tue, 03 Dec 2024 00:13:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733213584; x=1733818384; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=XQBCr5idF+366q7kGe5Nr4qwyBHmQX5kBS5J7rawXFQ=; b=YVOvFGoFeI3oEsGnnMssi4BwLrU3H57ZRorfsuZJd8B6N0+ZvNEXZVPWtT2TAovwqv 3t7gGiWvDXEFqmJFY0s9gSTSIzHLqCkYqG22glIfZ+cGAq6X6ehgqfBWbZTaPm2bacTE A1Yc4H0ybUW1ZwXmTxZFKQLRvUOlu9q+wDoBqc0vdROjbsoq7ejJN8Oldo3gIG19h/aa BSbYruaAoTXkMMRixNbJ3ME1Ugm6i133F+j4sXnjtkH4tnGXCkoPB23HgoRPK4/54k7G cJSs+CT5bQTFh/Wb545I/BgSQqaC1XXRh7phtqisB3qGlvE4lF7pUEkntvNwpPyUXHbq uwbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733213584; x=1733818384; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XQBCr5idF+366q7kGe5Nr4qwyBHmQX5kBS5J7rawXFQ=; b=w2yYy9PWoZyQmumDy9T9iUvOkls/4qVYKe8sQMSjEojPvFyMxmURz0vuLkCDCSzzj9 gssGe6xy5Qt0s4/JIMpAcsoXPP13OI8cGNl6Zf2Oaz5TwEBwqJWC8Tqrb52u09+9/Se7 yk2N85XWXUcP30EYFXSuLaWt4yzGTXo7OG3ioGFrJyDejrws8fAHpbmNgMTQZ+iMcCdj m96hLVJ4RCViY0T6LeFh6XQhLcjMDW/Jy0Bq+/z2CvKwWeJxIjLJ68KIGAdxDFVXMGVv FDINgLYkqOZGfRkLnNRJSk2VwYy8/Z3Y28v7KgxRKVbalyeFNsLlNewX8B0uX3jB5ZfI bXsg== X-Forwarded-Encrypted: i=1; AJvYcCVysbcC7NDTi3g89AX5IUB3AfY1LNIgk0BKBzWQGwaPtwIaa/qtIZ4tuwLz7mwqv15690XJpjLhfcix4J0=@vger.kernel.org X-Gm-Message-State: AOJu0YxNWjFQMDGunL/a5hHVqvG8oLCacJgDsYBC4NG6mFzU2ifNm89z R6ttkgwMt1rPqjcOkRo3yugdfgerm5QXe/BMzBnU+OBpUlHHBUClw3lbCVHWWzYa6MwGvrDO6gY 53GI= X-Gm-Gg: ASbGncuFaRJzDvOOD/Ftx/Q71Ebx173EZVB4ZvpJtYT7pLC6YHq5Al51aS386OCGwpv Mu6hmYsOYctIHZSjqei2fejaNKXwjxVSF+F2ZMmEdwJk4HuzC1EY++NQyir/7CznCNGut51+2ht u3u11+mXdhT2wxB6K1hMTMIRjqBBSNEZ99GVVgTwVMEMztmNvLwjvimdNpZTkMKHVryxQGUxw+h ubIfrtmAUZrsh1jZnWPQG/fpJsIbo5Bxbj+OJdEKspJythOyxHUswLrcz6gqE04x8pa9s4= X-Google-Smtp-Source: AGHT+IFQ3Jr41zuCNMLRE84EPjfraFDN5DlqYQ7F6Xrmb7+4aYpuMblLBRGltYy+wsYfCULKaWW2Aw== X-Received: by 2002:a5d:64ab:0:b0:385:e1e5:fff3 with SMTP id ffacd0b85a97d-385fd424e01mr1328919f8f.57.1733213584345; Tue, 03 Dec 2024 00:13:04 -0800 (PST) Received: from arrakeen.starnux.net ([2a01:e0a:982:cbb0:8261:5fff:fe11:bdda]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434aa74f2c7sm215212575e9.2.2024.12.03.00.13.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 00:13:03 -0800 (PST) From: Neil Armstrong Date: Tue, 03 Dec 2024 09:12:59 +0100 Subject: [PATCH v3 1/2] OPP: add index check to assert to avoid buffer overflow in _read_freq() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241203-topic-opp-fix-assert-index-check-v3-1-1d4f6f763138@linaro.org> References: <20241203-topic-opp-fix-assert-index-check-v3-0-1d4f6f763138@linaro.org> In-Reply-To: <20241203-topic-opp-fix-assert-index-check-v3-0-1d4f6f763138@linaro.org> To: Viresh Kumar , Nishanth Menon , Stephen Boyd , Manivannan Sadhasivam Cc: Viresh Kumar , linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, Neil Armstrong X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=7009; i=neil.armstrong@linaro.org; h=from:subject:message-id; bh=syW7r3Ikrs3k9k6LGmXEqdNDCCEczUdWAzK0e9bMF6M=; b=owEBbQKS/ZANAwAKAXfc29rIyEnRAcsmYgBnTr2NoPQnwmRnznLxHO6d1Htw98d1lZyvul3gjHEf D+7AH0CJAjMEAAEKAB0WIQQ9U8YmyFYF/h30LIt33NvayMhJ0QUCZ069jQAKCRB33NvayMhJ0YgjD/ 0Tq1VjxsXB3Swg5Lvx7ny44oHXaXiXtLhNJl/C1uLsU1tHMyL8CW1fF8SkaWfTy6acdic8jTtEXJVS iPt/YD6ypggVW1zf6fJ4LXvwDf7DIYK0T0LiS3bxE4Zuwa0zQCFazfg+tcwP7UjNJ4OhFqt0uiv0+4 t6xBYNNL2/dH+nUbWYTFzgXtZLsSaGedceJ/HL2OmYxNA89SRlGpmCP4EEJ2KgkmFoRVgEHT9Lb3/D Sbhdh1DwfQRPJyNgZM1Jx3YuSLMLo/DWc5YwHNio9JabvJNB+ksbJAfRvT0fZRTNpsX3aB6Vn81LgA uHTmeD5l6bt6f2tCyuXIx2EIdUOrBIUZo7tLEOh6c9TmKrJEXV/Xx9dZjmqHeqDQSRkJMZCxIy0qIY xjgo7RppTSGrqexTZB8nRsm7GXBq+3zSpu/4E6zjCLAlHylFQHBB20bVtYGhXzoaWyGDWNgFwS8er7 B/RMDI6i3xZVit2VNUDFQ6CIvkuLo5uRXhxWdwNmv1BJJy1l3tzHZ/2f8tIvO/4w6qlGfEwd+ekcs0 1H5z9qw7D1J4sl9jfCAYemfIBQmeNJkHgn94y/FHiHJGnkkRwxnHd4DT1lJ1fD1EePqPAuYStjKxIS myXpT4J/zXJM0VbkmFnRcamPXbY178eV9LEhJwfAwhxZZflpYQgJD82lzUQg== X-Developer-Key: i=neil.armstrong@linaro.org; a=openpgp; fpr=89EC3D058446217450F22848169AB7B1A4CFF8AE Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed variants: dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). Add a secondary parameter to the assert function, unused for assert_single_clk() then add assert_clk_index() which will check for the clock index when called from the _indexed() find functions. Fixes: 142e17c1c2b4 ("OPP: Introduce dev_pm_opp_find_freq_{ceil/floor}_inde= xed() APIs") Fixes: a5893928bb17 ("OPP: Add dev_pm_opp_find_freq_exact_indexed()") Signed-off-by: Neil Armstrong --- drivers/opp/core.c | 42 +++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index 1b4fe67dc7366dca9e8daa828d01839a20793ca6..ebe7887a27d3c1dd6c652c8bf9f= 5f9a285d7e74e 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -101,11 +101,21 @@ struct opp_table *_find_opp_table(struct device *dev) * representation in the OPP table and manage the clock configuration them= selves * in an platform specific way. */ -static bool assert_single_clk(struct opp_table *opp_table) +static bool assert_single_clk(struct opp_table *opp_table, + unsigned int __always_unused index) { return !WARN_ON(opp_table->clk_count > 1); } =20 +/* + * Returns true if clock table is large enough to contain the clock index. + */ +static bool assert_clk_index(struct opp_table *opp_table, + unsigned int index) +{ + return opp_table->clk_count > index; +} + /** * dev_pm_opp_get_bw() - Gets the bandwidth corresponding to an opp * @opp: opp for which bandwidth has to be returned for @@ -524,12 +534,12 @@ static struct dev_pm_opp *_opp_table_find_key(struct = opp_table *opp_table, unsigned long (*read)(struct dev_pm_opp *opp, int index), bool (*compare)(struct dev_pm_opp **opp, struct dev_pm_opp *temp_opp, unsigned long opp_key, unsigned long key), - bool (*assert)(struct opp_table *opp_table)) + bool (*assert)(struct opp_table *opp_table, unsigned int index)) { struct dev_pm_opp *temp_opp, *opp =3D ERR_PTR(-ERANGE); =20 /* Assert that the requirement is met */ - if (assert && !assert(opp_table)) + if (assert && !assert(opp_table, index)) return ERR_PTR(-EINVAL); =20 mutex_lock(&opp_table->lock); @@ -557,7 +567,7 @@ _find_key(struct device *dev, unsigned long *key, int i= ndex, bool available, unsigned long (*read)(struct dev_pm_opp *opp, int index), bool (*compare)(struct dev_pm_opp **opp, struct dev_pm_opp *temp_opp, unsigned long opp_key, unsigned long key), - bool (*assert)(struct opp_table *opp_table)) + bool (*assert)(struct opp_table *opp_table, unsigned int index)) { struct opp_table *opp_table; struct dev_pm_opp *opp; @@ -580,7 +590,7 @@ _find_key(struct device *dev, unsigned long *key, int i= ndex, bool available, static struct dev_pm_opp *_find_key_exact(struct device *dev, unsigned long key, int index, bool available, unsigned long (*read)(struct dev_pm_opp *opp, int index), - bool (*assert)(struct opp_table *opp_table)) + bool (*assert)(struct opp_table *opp_table, unsigned int index)) { /* * The value of key will be updated here, but will be ignored as the @@ -593,7 +603,7 @@ static struct dev_pm_opp *_find_key_exact(struct device= *dev, static struct dev_pm_opp *_opp_table_find_key_ceil(struct opp_table *opp_t= able, unsigned long *key, int index, bool available, unsigned long (*read)(struct dev_pm_opp *opp, int index), - bool (*assert)(struct opp_table *opp_table)) + bool (*assert)(struct opp_table *opp_table, unsigned int index)) { return _opp_table_find_key(opp_table, key, index, available, read, _compare_ceil, assert); @@ -602,7 +612,7 @@ static struct dev_pm_opp *_opp_table_find_key_ceil(stru= ct opp_table *opp_table, static struct dev_pm_opp *_find_key_ceil(struct device *dev, unsigned long= *key, int index, bool available, unsigned long (*read)(struct dev_pm_opp *opp, int index), - bool (*assert)(struct opp_table *opp_table)) + bool (*assert)(struct opp_table *opp_table, unsigned int index)) { return _find_key(dev, key, index, available, read, _compare_ceil, assert); @@ -611,7 +621,7 @@ static struct dev_pm_opp *_find_key_ceil(struct device = *dev, unsigned long *key, static struct dev_pm_opp *_find_key_floor(struct device *dev, unsigned long *key, int index, bool available, unsigned long (*read)(struct dev_pm_opp *opp, int index), - bool (*assert)(struct opp_table *opp_table)) + bool (*assert)(struct opp_table *opp_table, unsigned int index)) { return _find_key(dev, key, index, available, read, _compare_floor, assert); @@ -672,7 +682,8 @@ struct dev_pm_opp * dev_pm_opp_find_freq_exact_indexed(struct device *dev, unsigned long freq, u32 index, bool available) { - return _find_key_exact(dev, freq, index, available, _read_freq, NULL); + return _find_key_exact(dev, freq, index, available, _read_freq, + assert_clk_index); } EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_exact_indexed); =20 @@ -732,7 +743,8 @@ struct dev_pm_opp * dev_pm_opp_find_freq_ceil_indexed(struct device *dev, unsigned long *freq, u32 index) { - return _find_key_ceil(dev, freq, index, true, _read_freq, NULL); + return _find_key_ceil(dev, freq, index, true, _read_freq, + assert_clk_index); } EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_ceil_indexed); =20 @@ -785,7 +797,7 @@ struct dev_pm_opp * dev_pm_opp_find_freq_floor_indexed(struct device *dev, unsigned long *freq, u32 index) { - return _find_key_floor(dev, freq, index, true, _read_freq, NULL); + return _find_key_floor(dev, freq, index, true, _read_freq, assert_clk_ind= ex); } EXPORT_SYMBOL_GPL(dev_pm_opp_find_freq_floor_indexed); =20 @@ -1727,7 +1739,7 @@ void dev_pm_opp_remove(struct device *dev, unsigned l= ong freq) if (IS_ERR(opp_table)) return; =20 - if (!assert_single_clk(opp_table)) + if (!assert_single_clk(opp_table, 0)) goto put_table; =20 mutex_lock(&opp_table->lock); @@ -2079,7 +2091,7 @@ int _opp_add_v1(struct opp_table *opp_table, struct d= evice *dev, unsigned long tol, u_volt =3D data->u_volt; int ret; =20 - if (!assert_single_clk(opp_table)) + if (!assert_single_clk(opp_table, 0)) return -EINVAL; =20 new_opp =3D _opp_allocate(opp_table); @@ -2934,7 +2946,7 @@ static int _opp_set_availability(struct device *dev, = unsigned long freq, return r; } =20 - if (!assert_single_clk(opp_table)) { + if (!assert_single_clk(opp_table, 0)) { r =3D -EINVAL; goto put_table; } @@ -3010,7 +3022,7 @@ int dev_pm_opp_adjust_voltage(struct device *dev, uns= igned long freq, return r; } =20 - if (!assert_single_clk(opp_table)) { + if (!assert_single_clk(opp_table, 0)) { r =3D -EINVAL; goto put_table; } --=20 2.34.1 From nobody Sun Feb 8 23:19:21 2026 Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E54419C543 for ; Tue, 3 Dec 2024 08:13:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733213589; cv=none; b=n2VU4nuzH7k/wFJyB0nZfq3JMdyIOWg19PIcrcVdXhVVlHc+fF6BKBRnK+imcX8Zo9dlew+qdeEgoQ0iGmxJKaUE3JO34T9Rp1k9aIsSRCLo887yj1niCP0vy94HPkCoP9uOenkfhxl1/Hv1Cd4cqakBlOgaVF9Gh4gQPNkMmsA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733213589; c=relaxed/simple; bh=GfIxjX3fUAG9xD0E7y4Y7LPGVwA/ovHOoj/JqoQo4b8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=mzczT5dVgLYZmKTCwVnbiBPK0wO1ht9eM9z5VDLCnGpv7lj+xeSmBujvRRffsV4Obq83WS0CCXiCoEwSEav5poqFWqE37gLOTiTwamRyDqaazKjH6zfhUpxFKDRGSKYfC6D0Nl9TaFSDppL5bN0mVRN4DZq5yAe2SClvaiLw0Oc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=O4BjREfV; arc=none smtp.client-ip=209.85.208.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="O4BjREfV" Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2ffa97d99d6so55741571fa.1 for ; Tue, 03 Dec 2024 00:13:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733213585; x=1733818385; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=2919edKa0scKH1VFTPp4m2/Qq3wOxmRVQ7yuQJSD4N0=; b=O4BjREfVVVXTSe5ArYQqnCSlBSSLQdVhil3OvX8RF4iZ0bRgfrNQGTcXdkZL2FYNfV GFBNNWtzGzEfOybCSOgI+gmmqu5Ovl8D/EjFx4iGDVQYCMPCv3LwJt9V4FjNpicqn+m9 cTgaPIbKbrFyPW0t7zeFwbw7z7xzs960gj1X5Q0v0t7oge2xj36/VZRmuySHz7NZpjnN tRiPSJTx45hr67Y52zJtMqV73s+AilHOnBZJGF1CnjfrQONVok6mh8jjJiZaJlOcLJHv 06jcGYjaBauFSm3cfMUwvAQKvDFHdnPQnkk2lW2fQKG9FlzsNQsygLh27b3ZwcemBnA/ b1nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733213585; x=1733818385; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2919edKa0scKH1VFTPp4m2/Qq3wOxmRVQ7yuQJSD4N0=; b=rzKaHHqYLI2LWruTaG1YAn6L0EbjKHfqEiHPirGIgiDU45MX2I2uj2id6eEQDXxViJ E6Ii1q7bDSXNZBRIk67sUZFC34ZAfycI5OlXdWfLOWLCsWYTJFh73ePQpLDTdWMYVbcj ULoiFkMf8LDjDo7LijUKqI94R//AIdTDMJsNgyhOlkslx5HD0tRUdQblqSodeLvbQ+JJ sDNRnBOkIXb2EvVmr8o4ltC2vVW7gElilZV5d6ZaR7bGHE9fl5DPFnJeAWWSGD4EUDss 2FB1MjbbEz5BKaPfEADuFMqgEdN+R3wN1MhZXUv/pJVH+3DeMhBVSoHvNzq21U24psaG 1c4g== X-Forwarded-Encrypted: i=1; AJvYcCWMQDBzNe9Cn2aB23j5Xxwbvbww/Omr1EvHa/E+nn4KQ+wyqihbJsLOOovraYwlu4J8e0pAKVRVh72FuPk=@vger.kernel.org X-Gm-Message-State: AOJu0Yy29TdwhhkSxmd/tKQjt3ttkATD8tnFD+pxXU6NtaZ0C5ksR91g zKJZp0P158XnSZWPV3adca9d9UKBJ5vflYkt1gkwxR+1BScUSABrCEKVV3etwLk= X-Gm-Gg: ASbGncs8RrHcK7NOzoJyPS6mq915u3z1qsuTD4SbkAWCtrpdvNDhA9J4cJpIGDnwgbK G3gMCYHS76K8ehZex8fP5cGS6OLDrz3CEy414sMegNX/mAaH5SmWI9fbPztlG6mlHhElRppX6UL 4CRyzW74ysfdEGuLjos9gSRuVNx31MVYr/pSmYc3YA6lPD5zhyhKTBstStVYIzTL5eVynwxOmmy pFEz4OQ4oWhk5JbZOCTGTk1KRorkU+aB97YqgVPsNqV0dL5etOsN8dq2iRvLj6Ij57Opb8= X-Google-Smtp-Source: AGHT+IF96tm1kW0L+6Eafet2kokvnQva3vx6OFst6liTSpf4L4XZltWOm8ICfrYv1DvfjDe/iDx2Pg== X-Received: by 2002:a05:6512:2810:b0:53d:e76b:5e6e with SMTP id 2adb3069b0e04-53e12a058a2mr876514e87.31.1733213585423; Tue, 03 Dec 2024 00:13:05 -0800 (PST) Received: from arrakeen.starnux.net ([2a01:e0a:982:cbb0:8261:5fff:fe11:bdda]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434aa74f2c7sm215212575e9.2.2024.12.03.00.13.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Dec 2024 00:13:04 -0800 (PST) From: Neil Armstrong Date: Tue, 03 Dec 2024 09:13:00 +0100 Subject: [PATCH v3 2/2] OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20241203-topic-opp-fix-assert-index-check-v3-2-1d4f6f763138@linaro.org> References: <20241203-topic-opp-fix-assert-index-check-v3-0-1d4f6f763138@linaro.org> In-Reply-To: <20241203-topic-opp-fix-assert-index-check-v3-0-1d4f6f763138@linaro.org> To: Viresh Kumar , Nishanth Menon , Stephen Boyd , Manivannan Sadhasivam Cc: Viresh Kumar , linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, Neil Armstrong X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2351; i=neil.armstrong@linaro.org; h=from:subject:message-id; bh=GfIxjX3fUAG9xD0E7y4Y7LPGVwA/ovHOoj/JqoQo4b8=; b=owEBbQKS/ZANAwAKAXfc29rIyEnRAcsmYgBnTr2Ong2+ZytkxIK3MGstGfV86Kj9+CTp9OMCqeeK qFhNAI6JAjMEAAEKAB0WIQQ9U8YmyFYF/h30LIt33NvayMhJ0QUCZ069jgAKCRB33NvayMhJ0Q+DEA CKQjhM+SeZZOaLtTPK/swZ1Re+qNDLT9wUIMuCZzOIjbuuoMQHa6PjyLiDt9KVK/9pmnoCMEPPo6y3 BPw+JM37Mc+rzES+XO6axgc9gE80c6DpMLIpf00WLnOybpsYMz+OuRX8ElA9bY5Z/PH2cV9UO4sEQs wHPxccYfZaPy8hZn/w/OO+49SBfCPV2iTTFtyi3EQQLx97ZB9olfvnZvzND7QbV8Vs+PvDYXridrMl zLrnSmivO3ZkThQzBXXekIy9ADKUTGbQCJu3zoHp11zhXZbIZKe6Qy7pnWqgkQmgXjZ7mNnBHppqNd vGQDkGW57bl7U/Gfqa/BpVoU1e0BH0UVt78jUpW5k3MZ3/4FwDCQVKEGJWGhrDST9mdU3umhTFHMqR yhV2oHDMh771Z9YNP9a/xO3yA2AgDbcdezwRcouR6iTj0N9Vq2N9sKS3OK8B4DMF9EJ1j/U68J3ME1 tiiLUvsFSQJe9XEnUUMsDm9oN/UG/QNwxcFNjlY3/UbMUZH1zjYDxzhG1/Hhveh0HttP0pUnTddILK a2+MUCWrQeibDF0ropeuGdyPAv6MlHfCpqviUjWqoX6553b17u6rm2ncFpWFDUrDVcNn4kdHV5JjW3 XG43HgIQ+dxFCbvCJsfk6EJR6TDqkZV/AfR6DnKlgCj3r+Pv3X1rFuBBirsQ== X-Developer-Key: i=neil.armstrong@linaro.org; a=openpgp; fpr=89EC3D058446217450F22848169AB7B1A4CFF8AE If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash with: Unable to handle kernel NULL pointer dereference at virtual address 0000000= 000000004 ... pc : _read_bw+0x8/0x10 lr : _opp_table_find_key+0x9c/0x174 ... Call trace: _read_bw+0x8/0x10 (P) _opp_table_find_key+0x9c/0x174 (L) _find_key+0x98/0x168 dev_pm_opp_find_bw_ceil+0x50/0x88 ... In order to fix the crash, create an assert function to check if the bandwidth table was created before trying to get a bandwidth with _read_bw(). Fixes: add1dc094a74 ("OPP: Use generic key finding helpers for bandwidth ke= y") Signed-off-by: Neil Armstrong --- drivers/opp/core.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index ebe7887a27d3c1dd6c652c8bf9f5f9a285d7e74e..137764f2ac7c72585953d0928b6= f917fb6f1fe7c 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -116,6 +116,15 @@ static bool assert_clk_index(struct opp_table *opp_tab= le, return opp_table->clk_count > index; } =20 +/* + * Returns true if bandwidth table is large enough to contain the bandwidt= h index. + */ +static bool assert_bandwidth_index(struct opp_table *opp_table, + unsigned int index) +{ + return opp_table->path_count > index; +} + /** * dev_pm_opp_get_bw() - Gets the bandwidth corresponding to an opp * @opp: opp for which bandwidth has to be returned for @@ -915,7 +924,8 @@ struct dev_pm_opp *dev_pm_opp_find_bw_ceil(struct devic= e *dev, unsigned int *bw, unsigned long temp =3D *bw; struct dev_pm_opp *opp; =20 - opp =3D _find_key_ceil(dev, &temp, index, true, _read_bw, NULL); + opp =3D _find_key_ceil(dev, &temp, index, true, _read_bw, + assert_bandwidth_index); *bw =3D temp; return opp; } @@ -946,7 +956,8 @@ struct dev_pm_opp *dev_pm_opp_find_bw_floor(struct devi= ce *dev, unsigned long temp =3D *bw; struct dev_pm_opp *opp; =20 - opp =3D _find_key_floor(dev, &temp, index, true, _read_bw, NULL); + opp =3D _find_key_floor(dev, &temp, index, true, _read_bw, + assert_bandwidth_index); *bw =3D temp; return opp; } --=20 2.34.1