From: Shawn Guo <shawnguo@kernel.org>
To: Leonard Crestez <leonard.crestez@nxp.com>
Cc: Dong Aisheng <aisheng.dong@nxp.com>,
Fabio Estevam <fabio.estevam@nxp.com>,
Michael Turquette <mturquette@baylibre.com>,
Stephen Boyd <sboyd@kernel.org>, Stefan Agner <stefan@agner.ch>,
Linus Walleij <linus.walleij@linaro.org>,
Alessandro Zummo <a.zummo@towertech.it>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Anson Huang <anson.huang@nxp.com>, Abel Vesa <abel.vesa@nxp.com>,
Franck LENORMAND <franck.lenormand@nxp.com>,
kernel@pengutronix.de, linux-imx@nxp.com,
linux-arm-kernel@lists.infradead.org,
"open list:COMMON CLK FRAMEWORK" <linux-clk@vger.kernel.org>,
"open list:PIN CONTROLLER - FREESCALE"
<linux-gpio@vger.kernel.org>,
"open list:REAL TIME CLOCK (RTC) SUBSYSTEM"
<linux-rtc@vger.kernel.org>
Subject: Re: [PATCH] firmware: imx: Align imx SC msg structs to 4
Date: Mon, 17 Feb 2020 14:21:38 +0800 [thread overview]
Message-ID: <20200217062129.GB6790@dragon> (raw)
In-Reply-To: <3a8b6772a1edffdd7cdb54d6d50030b03ba0bebb.1581455751.git.leonard.crestez@nxp.com>
On Tue, Feb 11, 2020 at 11:24:33PM +0200, Leonard Crestez wrote:
> The imx SC api strongly assumes that messages are composed out of
> 4-bytes words but some of our message structs have sizeof "6" and "7".
>
> This produces many oopses with CONFIG_KASAN=y:
>
> BUG: KASAN: stack-out-of-bounds in imx_mu_send_data+0x108/0x1f0
>
> It shouldn't cause an issues in normal use because these structs are
> always allocated on the stack.
>
> Cc: stable@vger.kernel.org
Should we have a fixes tag and send it for -rc?
Shawn
> Signed-off-by: Leonard Crestez <leonard.crestez@nxp.com>
> Reported-by: Iuliana Prodan <iuliana.prodan@nxp.com>
> ---
> drivers/clk/imx/clk-scu.c | 8 ++++----
> drivers/firmware/imx/misc.c | 8 ++++----
> drivers/firmware/imx/scu-pd.c | 2 +-
> drivers/pinctrl/freescale/pinctrl-scu.c | 4 ++--
> drivers/rtc/rtc-imx-sc.c | 2 +-
> drivers/soc/imx/soc-imx-scu.c | 2 +-
> 6 files changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/clk/imx/clk-scu.c b/drivers/clk/imx/clk-scu.c
> index fbef740704d0..b8b2072742a5 100644
> --- a/drivers/clk/imx/clk-scu.c
> +++ b/drivers/clk/imx/clk-scu.c
> @@ -41,16 +41,16 @@ struct clk_scu {
> struct imx_sc_msg_req_set_clock_rate {
> struct imx_sc_rpc_msg hdr;
> __le32 rate;
> __le16 resource;
> u8 clk;
> -} __packed;
> +} __packed __aligned(4);
>
> struct req_get_clock_rate {
> __le16 resource;
> u8 clk;
> -} __packed;
> +} __packed __aligned(4);
>
> struct resp_get_clock_rate {
> __le32 rate;
> };
>
> @@ -82,11 +82,11 @@ struct imx_sc_msg_get_clock_parent {
> struct imx_sc_rpc_msg hdr;
> union {
> struct req_get_clock_parent {
> __le16 resource;
> u8 clk;
> - } __packed req;
> + } __packed __aligned(4) req;
> struct resp_get_clock_parent {
> u8 parent;
> } resp;
> } data;
> };
> @@ -119,11 +119,11 @@ struct imx_sc_msg_req_clock_enable {
> struct imx_sc_rpc_msg hdr;
> __le16 resource;
> u8 clk;
> u8 enable;
> u8 autog;
> -} __packed;
> +} __packed __aligned(4);
>
> static inline struct clk_scu *to_clk_scu(struct clk_hw *hw)
> {
> return container_of(hw, struct clk_scu, hw);
> }
> diff --git a/drivers/firmware/imx/misc.c b/drivers/firmware/imx/misc.c
> index 4b56a587dacd..d073cb3ce699 100644
> --- a/drivers/firmware/imx/misc.c
> +++ b/drivers/firmware/imx/misc.c
> @@ -14,30 +14,30 @@
> struct imx_sc_msg_req_misc_set_ctrl {
> struct imx_sc_rpc_msg hdr;
> u32 ctrl;
> u32 val;
> u16 resource;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_req_cpu_start {
> struct imx_sc_rpc_msg hdr;
> u32 address_hi;
> u32 address_lo;
> u16 resource;
> u8 enable;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_req_misc_get_ctrl {
> struct imx_sc_rpc_msg hdr;
> u32 ctrl;
> u16 resource;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_resp_misc_get_ctrl {
> struct imx_sc_rpc_msg hdr;
> u32 val;
> -} __packed;
> +} __packed __aligned(4);
>
> /*
> * This function sets a miscellaneous control value.
> *
> * @param[in] ipc IPC handle
> diff --git a/drivers/firmware/imx/scu-pd.c b/drivers/firmware/imx/scu-pd.c
> index b556612207e5..af3ae0087de4 100644
> --- a/drivers/firmware/imx/scu-pd.c
> +++ b/drivers/firmware/imx/scu-pd.c
> @@ -59,11 +59,11 @@
> /* SCU Power Mode Protocol definition */
> struct imx_sc_msg_req_set_resource_power_mode {
> struct imx_sc_rpc_msg hdr;
> u16 resource;
> u8 mode;
> -} __packed;
> +} __packed __aligned(4);
>
> #define IMX_SCU_PD_NAME_SIZE 20
> struct imx_sc_pm_domain {
> struct generic_pm_domain pd;
> char name[IMX_SCU_PD_NAME_SIZE];
> diff --git a/drivers/pinctrl/freescale/pinctrl-scu.c b/drivers/pinctrl/freescale/pinctrl-scu.c
> index 73bf1d9f9cc6..23cf04bdfc55 100644
> --- a/drivers/pinctrl/freescale/pinctrl-scu.c
> +++ b/drivers/pinctrl/freescale/pinctrl-scu.c
> @@ -21,16 +21,16 @@ enum pad_func_e {
>
> struct imx_sc_msg_req_pad_set {
> struct imx_sc_rpc_msg hdr;
> u32 val;
> u16 pad;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_req_pad_get {
> struct imx_sc_rpc_msg hdr;
> u16 pad;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_resp_pad_get {
> struct imx_sc_rpc_msg hdr;
> u32 val;
> } __packed;
> diff --git a/drivers/rtc/rtc-imx-sc.c b/drivers/rtc/rtc-imx-sc.c
> index cf2c12107f2b..a5f59e6f862e 100644
> --- a/drivers/rtc/rtc-imx-sc.c
> +++ b/drivers/rtc/rtc-imx-sc.c
> @@ -35,11 +35,11 @@ struct imx_sc_msg_timer_rtc_set_alarm {
> u8 mon;
> u8 day;
> u8 hour;
> u8 min;
> u8 sec;
> -} __packed;
> +} __packed __aligned(4);
>
> static int imx_sc_rtc_read_time(struct device *dev, struct rtc_time *tm)
> {
> struct imx_sc_msg_timer_get_rtc_time msg;
> struct imx_sc_rpc_msg *hdr = &msg.hdr;
> diff --git a/drivers/soc/imx/soc-imx-scu.c b/drivers/soc/imx/soc-imx-scu.c
> index fb70b8a3f7c5..20d37eaeb5f2 100644
> --- a/drivers/soc/imx/soc-imx-scu.c
> +++ b/drivers/soc/imx/soc-imx-scu.c
> @@ -23,11 +23,11 @@ struct imx_sc_msg_misc_get_soc_id {
> } __packed req;
> struct {
> u32 id;
> } resp;
> } data;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_misc_get_soc_uid {
> struct imx_sc_rpc_msg hdr;
> u32 uid_low;
> u32 uid_high;
> --
> 2.17.1
>
WARNING: multiple messages have this Message-ID (diff)
From: Shawn Guo <shawnguo@kernel.org>
To: Leonard Crestez <leonard.crestez@nxp.com>
Cc: Dong Aisheng <aisheng.dong@nxp.com>,
Alessandro Zummo <a.zummo@towertech.it>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Abel Vesa <abel.vesa@nxp.com>, Anson Huang <anson.huang@nxp.com>,
Stephen Boyd <sboyd@kernel.org>,
Michael Turquette <mturquette@baylibre.com>,
Stefan Agner <stefan@agner.ch>,
"open list:COMMON CLK FRAMEWORK" <linux-clk@vger.kernel.org>,
Franck LENORMAND <franck.lenormand@nxp.com>,
"open list:PIN CONTROLLER - FREESCALE"
<linux-gpio@vger.kernel.org>,
linux-imx@nxp.com, kernel@pengutronix.de,
Fabio Estevam <fabio.estevam@nxp.com>,
Linus Walleij <linus.walleij@linaro.org>,
linux-arm-kernel@lists.infradead.org,
"open list:REAL TIME CLOCK \(RTC\) SUBSYSTEM"
<linux-rtc@vger.kernel.org>
Subject: Re: [PATCH] firmware: imx: Align imx SC msg structs to 4
Date: Mon, 17 Feb 2020 14:21:38 +0800 [thread overview]
Message-ID: <20200217062129.GB6790@dragon> (raw)
In-Reply-To: <3a8b6772a1edffdd7cdb54d6d50030b03ba0bebb.1581455751.git.leonard.crestez@nxp.com>
On Tue, Feb 11, 2020 at 11:24:33PM +0200, Leonard Crestez wrote:
> The imx SC api strongly assumes that messages are composed out of
> 4-bytes words but some of our message structs have sizeof "6" and "7".
>
> This produces many oopses with CONFIG_KASAN=y:
>
> BUG: KASAN: stack-out-of-bounds in imx_mu_send_data+0x108/0x1f0
>
> It shouldn't cause an issues in normal use because these structs are
> always allocated on the stack.
>
> Cc: stable@vger.kernel.org
Should we have a fixes tag and send it for -rc?
Shawn
> Signed-off-by: Leonard Crestez <leonard.crestez@nxp.com>
> Reported-by: Iuliana Prodan <iuliana.prodan@nxp.com>
> ---
> drivers/clk/imx/clk-scu.c | 8 ++++----
> drivers/firmware/imx/misc.c | 8 ++++----
> drivers/firmware/imx/scu-pd.c | 2 +-
> drivers/pinctrl/freescale/pinctrl-scu.c | 4 ++--
> drivers/rtc/rtc-imx-sc.c | 2 +-
> drivers/soc/imx/soc-imx-scu.c | 2 +-
> 6 files changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/clk/imx/clk-scu.c b/drivers/clk/imx/clk-scu.c
> index fbef740704d0..b8b2072742a5 100644
> --- a/drivers/clk/imx/clk-scu.c
> +++ b/drivers/clk/imx/clk-scu.c
> @@ -41,16 +41,16 @@ struct clk_scu {
> struct imx_sc_msg_req_set_clock_rate {
> struct imx_sc_rpc_msg hdr;
> __le32 rate;
> __le16 resource;
> u8 clk;
> -} __packed;
> +} __packed __aligned(4);
>
> struct req_get_clock_rate {
> __le16 resource;
> u8 clk;
> -} __packed;
> +} __packed __aligned(4);
>
> struct resp_get_clock_rate {
> __le32 rate;
> };
>
> @@ -82,11 +82,11 @@ struct imx_sc_msg_get_clock_parent {
> struct imx_sc_rpc_msg hdr;
> union {
> struct req_get_clock_parent {
> __le16 resource;
> u8 clk;
> - } __packed req;
> + } __packed __aligned(4) req;
> struct resp_get_clock_parent {
> u8 parent;
> } resp;
> } data;
> };
> @@ -119,11 +119,11 @@ struct imx_sc_msg_req_clock_enable {
> struct imx_sc_rpc_msg hdr;
> __le16 resource;
> u8 clk;
> u8 enable;
> u8 autog;
> -} __packed;
> +} __packed __aligned(4);
>
> static inline struct clk_scu *to_clk_scu(struct clk_hw *hw)
> {
> return container_of(hw, struct clk_scu, hw);
> }
> diff --git a/drivers/firmware/imx/misc.c b/drivers/firmware/imx/misc.c
> index 4b56a587dacd..d073cb3ce699 100644
> --- a/drivers/firmware/imx/misc.c
> +++ b/drivers/firmware/imx/misc.c
> @@ -14,30 +14,30 @@
> struct imx_sc_msg_req_misc_set_ctrl {
> struct imx_sc_rpc_msg hdr;
> u32 ctrl;
> u32 val;
> u16 resource;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_req_cpu_start {
> struct imx_sc_rpc_msg hdr;
> u32 address_hi;
> u32 address_lo;
> u16 resource;
> u8 enable;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_req_misc_get_ctrl {
> struct imx_sc_rpc_msg hdr;
> u32 ctrl;
> u16 resource;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_resp_misc_get_ctrl {
> struct imx_sc_rpc_msg hdr;
> u32 val;
> -} __packed;
> +} __packed __aligned(4);
>
> /*
> * This function sets a miscellaneous control value.
> *
> * @param[in] ipc IPC handle
> diff --git a/drivers/firmware/imx/scu-pd.c b/drivers/firmware/imx/scu-pd.c
> index b556612207e5..af3ae0087de4 100644
> --- a/drivers/firmware/imx/scu-pd.c
> +++ b/drivers/firmware/imx/scu-pd.c
> @@ -59,11 +59,11 @@
> /* SCU Power Mode Protocol definition */
> struct imx_sc_msg_req_set_resource_power_mode {
> struct imx_sc_rpc_msg hdr;
> u16 resource;
> u8 mode;
> -} __packed;
> +} __packed __aligned(4);
>
> #define IMX_SCU_PD_NAME_SIZE 20
> struct imx_sc_pm_domain {
> struct generic_pm_domain pd;
> char name[IMX_SCU_PD_NAME_SIZE];
> diff --git a/drivers/pinctrl/freescale/pinctrl-scu.c b/drivers/pinctrl/freescale/pinctrl-scu.c
> index 73bf1d9f9cc6..23cf04bdfc55 100644
> --- a/drivers/pinctrl/freescale/pinctrl-scu.c
> +++ b/drivers/pinctrl/freescale/pinctrl-scu.c
> @@ -21,16 +21,16 @@ enum pad_func_e {
>
> struct imx_sc_msg_req_pad_set {
> struct imx_sc_rpc_msg hdr;
> u32 val;
> u16 pad;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_req_pad_get {
> struct imx_sc_rpc_msg hdr;
> u16 pad;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_resp_pad_get {
> struct imx_sc_rpc_msg hdr;
> u32 val;
> } __packed;
> diff --git a/drivers/rtc/rtc-imx-sc.c b/drivers/rtc/rtc-imx-sc.c
> index cf2c12107f2b..a5f59e6f862e 100644
> --- a/drivers/rtc/rtc-imx-sc.c
> +++ b/drivers/rtc/rtc-imx-sc.c
> @@ -35,11 +35,11 @@ struct imx_sc_msg_timer_rtc_set_alarm {
> u8 mon;
> u8 day;
> u8 hour;
> u8 min;
> u8 sec;
> -} __packed;
> +} __packed __aligned(4);
>
> static int imx_sc_rtc_read_time(struct device *dev, struct rtc_time *tm)
> {
> struct imx_sc_msg_timer_get_rtc_time msg;
> struct imx_sc_rpc_msg *hdr = &msg.hdr;
> diff --git a/drivers/soc/imx/soc-imx-scu.c b/drivers/soc/imx/soc-imx-scu.c
> index fb70b8a3f7c5..20d37eaeb5f2 100644
> --- a/drivers/soc/imx/soc-imx-scu.c
> +++ b/drivers/soc/imx/soc-imx-scu.c
> @@ -23,11 +23,11 @@ struct imx_sc_msg_misc_get_soc_id {
> } __packed req;
> struct {
> u32 id;
> } resp;
> } data;
> -} __packed;
> +} __packed __aligned(4);
>
> struct imx_sc_msg_misc_get_soc_uid {
> struct imx_sc_rpc_msg hdr;
> u32 uid_low;
> u32 uid_high;
> --
> 2.17.1
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-02-17 6:21 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-11 21:24 [PATCH] firmware: imx: Align imx SC msg structs to 4 Leonard Crestez
2020-02-11 21:24 ` Leonard Crestez
2020-02-17 6:21 ` Shawn Guo [this message]
2020-02-17 6:21 ` Shawn Guo
2020-02-17 20:37 ` Leonard Crestez
2020-02-17 20:37 ` Leonard Crestez
2020-02-18 9:18 ` Shawn Guo
2020-02-18 9:18 ` Shawn Guo
2020-02-18 17:48 ` Leonard Crestez
2020-02-18 17:48 ` Leonard Crestez
2020-02-18 19:02 ` Sasha Levin
2020-02-18 19:02 ` Sasha Levin
2020-02-18 9:52 ` Alexandre Belloni
2020-02-18 9:52 ` Alexandre Belloni
2020-02-19 23:57 ` Stephen Boyd
2020-02-19 23:57 ` Stephen Boyd
2020-02-20 12:25 ` Leonard Crestez
2020-02-20 12:25 ` Leonard Crestez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200217062129.GB6790@dragon \
--to=shawnguo@kernel.org \
--cc=a.zummo@towertech.it \
--cc=abel.vesa@nxp.com \
--cc=aisheng.dong@nxp.com \
--cc=alexandre.belloni@bootlin.com \
--cc=anson.huang@nxp.com \
--cc=fabio.estevam@nxp.com \
--cc=franck.lenormand@nxp.com \
--cc=kernel@pengutronix.de \
--cc=leonard.crestez@nxp.com \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-clk@vger.kernel.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-rtc@vger.kernel.org \
--cc=mturquette@baylibre.com \
--cc=sboyd@kernel.org \
--cc=stefan@agner.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.