From patchwork Mon May 9 05:29:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Samuel Holland X-Patchwork-Id: 1628306 X-Patchwork-Delegate: andre.przywara@arm.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.a=rsa-sha256 header.s=fm2 header.b=LNUtiW03; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm1 header.b=Is5Y+jKI; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KxV9p4jS0z9sG6 for ; Mon, 9 May 2022 15:30:06 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id F2BD683DE4; Mon, 9 May 2022 07:29:50 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.b="LNUtiW03"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="Is5Y+jKI"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A081483F40; Mon, 9 May 2022 07:29:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.2 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3001C83E49 for ; Mon, 9 May 2022 07:29:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=samuel@sholland.org Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 6BA2B5C00FF; Mon, 9 May 2022 01:29:41 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Mon, 09 May 2022 01:29:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sholland.org; h= cc:cc:content-transfer-encoding:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1652074181; x=1652160581; bh=5W x0ImnXHjcujdHA0L950s8MNPDK76SF3VGW9F2sD74=; b=LNUtiW03nCDm1ac6u5 rs4F8tlQsnA2Lg8dflHNqRj34v32ojFhlslsydiNX616eW6dw7PsF1rG/Y/XEH41 kCCLu1YBCqvUOyvrs1/PaW3UiCIvkNL4EJ5zisVjPaXYAF65MuR7E6FRnCzai74T 3ZGFt4A/JKN0whdL37ZaoFex42K7j+ts5UF5GbPsWPwE7lctfFALm2NBKt6QZsHE kPf7X9mxXqLfFeYg3f/b7LVCsktULA+xPUVbjtsWV4JoALpjUZ+0TpllZx/IH0c/ UJ9xAIMYv7ZbQOtEUf/bmW4h8x9CILaht9Cq9iXXT/5hTld1e4AH6TdE2FTFXnE1 qj8g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1652074181; x=1652160581; bh=5Wx0ImnXHjcujdHA0L950s8MNPDK76SF3VG W9F2sD74=; b=Is5Y+jKIkO5g1RcV6AyMSt/AztLwNUtBA8SIQDJ5xlC6pprGYrz VTW9uYOWjHEBbviGg3sJYl4PUXVpQN9YmIDt+MIYOZ1VBsbdMT/6DOoyj773FzGZ XbpK6GRMsoYDk+bdkMYaOZJ5bM3hAT0y4J7hKQNijnImA4C3CBEiXBBThNSwi6AY SEgnKuWOcZ8GFx4FqsV6j3SwrRl/VJpMxJglbxhH9MyZk6NZZQTPU114ikh9S8GE ytxidj9IW5sfUP4Zr6OTzOQDf9d47MCHWL7Ozmk/9Pmz+YR8f/Az31U6wcV47r76 DvHBkM7AkDk7UKjlMf9e73nv9FaMhA9MMxA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfeekgdelkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefurghmuhgv lhcujfholhhlrghnugcuoehsrghmuhgvlhesshhhohhllhgrnhgurdhorhhgqeenucggtf frrghtthgvrhhnpedukeetueduhedtleetvefguddvvdejhfefudelgfduveeggeehgfdu feeitdevteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehsrghmuhgvlhesshhhohhllhgrnhgurdhorhhg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 9 May 2022 01:29:40 -0400 (EDT) From: Samuel Holland To: u-boot@lists.denx.de, Jagan Teki , Andre Przywara , Lukasz Majewski , Sean Anderson Cc: Samuel Holland , Bin Meng , Heinrich Schuchardt , Maxime Ripard Subject: [PATCH 2/7] clk: sunxi: Prevent out-of-bounds gate array access Date: Mon, 9 May 2022 00:29:32 -0500 Message-Id: <20220509052937.42283-3-samuel@sholland.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220509052937.42283-1-samuel@sholland.org> References: <20220509052937.42283-1-samuel@sholland.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Because the gate arrays are not given explicit sizes, the arrays are only as large as the highest-numbered gate described in the driver. However, only a subset of the CCU clocks are needed by U-Boot. So there are valid clock specifiers with indexes greater than the size of the arrays. Referencing any of these clocks causes out-of-bounds access. Fix this by checking the identifier against the size of the array. Fixes: 0d47bc705651 ("clk: Add Allwinner A64 CLK driver") Signed-off-by: Samuel Holland Reviewed-by: Andre Przywara --- drivers/clk/sunxi/clk_sunxi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/clk/sunxi/clk_sunxi.c b/drivers/clk/sunxi/clk_sunxi.c index 9673b58a49..3108e5b66d 100644 --- a/drivers/clk/sunxi/clk_sunxi.c +++ b/drivers/clk/sunxi/clk_sunxi.c @@ -18,6 +18,9 @@ static const struct ccu_clk_gate *priv_to_gate(struct ccu_priv *priv, unsigned long id) { + if (id >= priv->desc->num_gates) + return NULL; + return &priv->desc->gates[id]; } @@ -27,7 +30,7 @@ static int sunxi_set_gate(struct clk *clk, bool on) const struct ccu_clk_gate *gate = priv_to_gate(priv, clk->id); u32 reg; - if (!(gate->flags & CCU_CLK_F_IS_VALID)) { + if (!gate || !(gate->flags & CCU_CLK_F_IS_VALID)) { printf("%s: (CLK#%ld) unhandled\n", __func__, clk->id); return 0; }