tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

clk: zynq: Prevent null pointer dereference caused by kmalloc failure

The kmalloc() in zynq_clk_setup() will return null if the
physical memory has run out. As a result, if we use snprintf()
to write data to the null address, the null pointer dereference
bug will happen.

This patch uses a stack variable to replace the kmalloc().

Fixes: 0ee52b157b8e ("clk: zynq: Add clock controller driver")
Suggested-by: Michal Simek <michal.simek@amd.com>
Suggested-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20240301084437.16084-1-duoming@zju.edu.cn
Acked-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>

authored by

Duoming Zhou and committed by
Stephen Boyd 7938e9ce c1ab111e

+3 -5
+3 -5
drivers/clk/zynq/clkc.c
··· 42 42 #define SLCR_SWDT_CLK_SEL (zynq_clkc_base + 0x204) 43 43 44 44 #define NUM_MIO_PINS 54 45 + #define CLK_NAME_LEN 16 45 46 46 47 #define DBG_CLK_CTRL_CLKACT_TRC BIT(0) 47 48 #define DBG_CLK_CTRL_CPU_1XCLKACT BIT(1) ··· 216 215 int i; 217 216 u32 tmp; 218 217 int ret; 219 - char *clk_name; 218 + char clk_name[CLK_NAME_LEN]; 220 219 unsigned int fclk_enable = 0; 221 220 const char *clk_output_name[clk_max]; 222 221 const char *cpu_parents[4]; ··· 427 426 "gem1_emio_mux", CLK_SET_RATE_PARENT, 428 427 SLCR_GEM1_CLK_CTRL, 0, 0, &gem1clk_lock); 429 428 430 - tmp = strlen("mio_clk_00x"); 431 - clk_name = kmalloc(tmp, GFP_KERNEL); 432 429 for (i = 0; i < NUM_MIO_PINS; i++) { 433 430 int idx; 434 431 435 - snprintf(clk_name, tmp, "mio_clk_%2.2d", i); 432 + snprintf(clk_name, CLK_NAME_LEN, "mio_clk_%2.2d", i); 436 433 idx = of_property_match_string(np, "clock-names", clk_name); 437 434 if (idx >= 0) 438 435 can_mio_mux_parents[i] = of_clk_get_parent_name(np, ··· 438 439 else 439 440 can_mio_mux_parents[i] = dummy_nm; 440 441 } 441 - kfree(clk_name); 442 442 clk_register_mux(NULL, "can_mux", periph_parents, 4, 443 443 CLK_SET_RATE_NO_REPARENT, SLCR_CAN_CLK_CTRL, 4, 2, 0, 444 444 &canclk_lock);