| Révision | 6827aba3482d214afea3b3bc4cb2f5bddb606929 (tree) |
|---|---|
| l'heure | 2022-07-18 17:37:49 |
| Auteur | Samuel Holland <samuel@shol...> |
| Commiter | Andre Przywara |
clk: sunxi: Prevent out-of-bounds gate array access
Because the gate arrays are not given explicit sizes, the arrays are
only as large as the highest-numbered gate described in the driver.
However, only a subset of the CCU clocks are needed by U-Boot. So there
are valid clock specifiers with indexes greater than the size of the
arrays. Referencing any of these clocks causes out-of-bounds access.
Fix this by checking the identifier against the size of the array.
Fixes: 0d47bc705651 ("clk: Add Allwinner A64 CLK driver")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
drivers/clk/sunxi/clk_sunxi.c (diff)| @@ -18,6 +18,9 @@ | ||
| 18 | 18 | static const struct ccu_clk_gate *priv_to_gate(struct ccu_priv *priv, |
| 19 | 19 | unsigned long id) |
| 20 | 20 | { |
| 21 | + if (id >= priv->desc->num_gates) | |
| 22 | + return NULL; | |
| 23 | + | |
| 21 | 24 | return &priv->desc->gates[id]; |
| 22 | 25 | } |
| 23 | 26 |
| @@ -27,10 +30,10 @@ static int sunxi_set_gate(struct clk *clk, bool on) | ||
| 27 | 30 | const struct ccu_clk_gate *gate = priv_to_gate(priv, clk->id); |
| 28 | 31 | u32 reg; |
| 29 | 32 | |
| 30 | - if ((gate->flags & CCU_CLK_F_DUMMY_GATE)) | |
| 33 | + if (gate && (gate->flags & CCU_CLK_F_DUMMY_GATE)) | |
| 31 | 34 | return 0; |
| 32 | 35 | |
| 33 | - if (!(gate->flags & CCU_CLK_F_IS_VALID)) { | |
| 36 | + if (!gate || !(gate->flags & CCU_CLK_F_IS_VALID)) { | |
| 34 | 37 | printf("%s: (CLK#%ld) unhandled\n", __func__, clk->id); |
| 35 | 38 | return 0; |
| 36 | 39 | } |
Fork