Commit d19d7345 authored Feb 12, 2025 by Will McVicker Committed by Krzysztof Kozlowski Feb 15, 2025

clk: samsung: Fix UBSAN panic in samsung_clk_init()



With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to
dereferencing `ctx->clk_data.hws` before setting
`ctx->clk_data.num = nr_clks`. Move that up to fix the crash.

  UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP
  <snip>
  Call trace:
   samsung_clk_init+0x110/0x124 (P)
   samsung_clk_init+0x48/0x124 (L)
   samsung_cmu_register_one+0x3c/0xa0
   exynos_arm64_register_cmu+0x54/0x64
   __gs101_cmu_top_of_clk_init_declare+0x28/0x60
   ...

Fixes: e620a1e0 ("drivers/clk: convert VL struct to struct_size")
Signed-off-by: Will McVicker <willmcvicker@google.com>
Link: https://lore.kernel.org/r/20250212183253.509771-1-willmcvicker@google.com


Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>

parent 480b1825

drivers/clk/samsung/clk.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -74,12 +74,12 @@ struct samsung_clk_provider * __init samsung_clk_init(struct device *dev,
		if (!ctx)
		panic("could not allocate clock provider context.\n");

		ctx->clk_data.num = nr_clks;
		for (i = 0; i < nr_clks; ++i)
		ctx->clk_data.hws[i] = ERR_PTR(-ENOENT);

		ctx->dev = dev;
		ctx->reg_base = base;
		ctx->clk_data.num = nr_clks;
		spin_lock_init(&ctx->lock);

		return ctx;