tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

clk: starfive: Avoid casting iomem pointers

Let's use a wrapper struct for the auxiliary_device made in
jh7110_reset_controller_register() so that we can stop casting iomem
pointers. The casts trip up tools like sparse, and make for some awkward
casts that are largely unnecessary. While we're here, change the
allocation from devm and actually free the auxiliary_device memory in
the release function. This avoids any use after free problems where the
parent device driver is unbound from the device but the
auxiliuary_device is still in use accessing devm freed memory.

Cc: Tommaso Merciai <tomm.merciai@gmail.com>
Cc: Emil Renner Berthing <emil.renner.berthing@canonical.com>
Cc: Hal Feng <hal.feng@starfivetech.com>
Cc: Conor Dooley <conor.dooley@microchip.com>
Cc: Xingyu Wu <xingyu.wu@starfivetech.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Fixes: edab7204afe5 ("clk: starfive: Add StarFive JH7110 system clock driver")
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Link: https://lore.kernel.org/r/20230413205528.4044216-1-sboyd@kernel.org

Stephen Boyd d1aae066 601e5d46

+35 -6
+12 -3
drivers/clk/starfive/clk-starfive-jh7110-sys.c
··· 11 11 #include <linux/init.h> 12 12 #include <linux/io.h> 13 13 #include <linux/platform_device.h> 14 + #include <linux/slab.h> 15 + 16 + #include <soc/starfive/reset-starfive-jh71x0.h> 14 17 15 18 #include <dt-bindings/clock/starfive,jh7110-crg.h> 16 19 ··· 338 335 struct auxiliary_device *adev = _adev; 339 336 340 337 auxiliary_device_delete(adev); 338 + auxiliary_device_uninit(adev); 341 339 } 342 340 343 341 static void jh7110_reset_adev_release(struct device *dev) 344 342 { 345 343 struct auxiliary_device *adev = to_auxiliary_dev(dev); 344 + struct jh71x0_reset_adev *rdev = to_jh71x0_reset_adev(adev); 346 345 347 - auxiliary_device_uninit(adev); 346 + kfree(rdev); 348 347 } 349 348 350 349 int jh7110_reset_controller_register(struct jh71x0_clk_priv *priv, 351 350 const char *adev_name, 352 351 u32 adev_id) 353 352 { 353 + struct jh71x0_reset_adev *rdev; 354 354 struct auxiliary_device *adev; 355 355 int ret; 356 356 357 - adev = devm_kzalloc(priv->dev, sizeof(*adev), GFP_KERNEL); 358 - if (!adev) 357 + rdev = kzalloc(sizeof(*rdev), GFP_KERNEL); 358 + if (!rdev) 359 359 return -ENOMEM; 360 360 361 + rdev->base = priv->base; 362 + 363 + adev = &rdev->adev; 361 364 adev->name = adev_name; 362 365 adev->dev.parent = priv->dev; 363 366 adev->dev.release = jh7110_reset_adev_release;
+6 -3
drivers/reset/starfive/reset-starfive-jh7110.c
··· 7 7 8 8 #include <linux/auxiliary_bus.h> 9 9 10 + #include <soc/starfive/reset-starfive-jh71x0.h> 11 + 10 12 #include "reset-starfive-jh71x0.h" 11 13 12 14 #include <dt-bindings/reset/starfive,jh7110-crg.h> ··· 35 33 const struct auxiliary_device_id *id) 36 34 { 37 35 struct jh7110_reset_info *info = (struct jh7110_reset_info *)(id->driver_data); 38 - void __iomem **base = (void __iomem **)dev_get_drvdata(adev->dev.parent); 36 + struct jh71x0_reset_adev *rdev = to_jh71x0_reset_adev(adev); 37 + void __iomem *base = rdev->base; 39 38 40 39 if (!info || !base) 41 40 return -ENODEV; 42 41 43 42 return reset_starfive_jh71x0_register(&adev->dev, adev->dev.parent->of_node, 44 - *base + info->assert_offset, 45 - *base + info->status_offset, 43 + base + info->assert_offset, 44 + base + info->status_offset, 46 45 NULL, 47 46 info->nr_resets, 48 47 NULL);
+17
include/soc/starfive/reset-starfive-jh71x0.h
··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + #ifndef __SOC_STARFIVE_RESET_JH71X0_H 3 + #define __SOC_STARFIVE_RESET_JH71X0_H 4 + 5 + #include <linux/auxiliary_bus.h> 6 + #include <linux/compiler_types.h> 7 + #include <linux/container_of.h> 8 + 9 + struct jh71x0_reset_adev { 10 + void __iomem *base; 11 + struct auxiliary_device adev; 12 + }; 13 + 14 + #define to_jh71x0_reset_adev(_adev) \ 15 + container_of((_adev), struct jh71x0_reset_adev, adev) 16 + 17 + #endif