[PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws

public inbox for linux-arm-kernel@lists.infradead.org
 help / color / mirror / Atom feed

* [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws
@ 2025-11-24 19:11 Nathan Chancellor
  2025-11-24 19:15 ` Kees Cook
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Nathan Chancellor @ 2025-11-24 19:11 UTC (permalink / raw)
  To: Krzysztof Kozlowski, Sylwester Nawrocki, Chanwoo Choi,
	Alim Akhtar, Michael Turquette, Stephen Boyd, Kees Cook,
	Gustavo A. R. Silva
  Cc: Salvatore Bonaccorso, linux-samsung-soc, linux-clk,
	linux-arm-kernel, linux-kernel, linux-hardening, stable,
	Jochen Sprickerhof, Nathan Chancellor

Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'
with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS)
about the number of elements in .hws[], so that it can warn when .hws[]
is accessed out of bounds. As noted in that change, the __counted_by
member must be initialized with the number of elements before the first
array access happens, otherwise there will be a warning from each access
prior to the initialization because the number of elements is zero. This
occurs in exynos_clkout_probe() due to .num being assigned after .hws[]
has been accessed:

  UBSAN: array-index-out-of-bounds in drivers/clk/samsung/clk-exynos-clkout.c:178:18
  index 0 is out of range for type 'clk_hw *[*]'

Move the .num initialization to before the first access of .hws[],
clearing up the warning.

Cc: stable@vger.kernel.org
Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by")
Reported-by: Jochen Sprickerhof <jochen@sprickerhof.de>
Closes: https://lore.kernel.org/aSIYDN5eyKFKoXKL@eldamar.lan/
Tested-by: Jochen Sprickerhof <jochen@sprickerhof.de>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
---
 drivers/clk/samsung/clk-exynos-clkout.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/clk/samsung/clk-exynos-clkout.c b/drivers/clk/samsung/clk-exynos-clkout.c
index 5f1a4f5e2e59..5b21025338bd 100644
--- a/drivers/clk/samsung/clk-exynos-clkout.c
+++ b/drivers/clk/samsung/clk-exynos-clkout.c
@@ -175,6 +175,7 @@ static int exynos_clkout_probe(struct platform_device *pdev)
 	clkout->mux.shift = EXYNOS_CLKOUT_MUX_SHIFT;
 	clkout->mux.lock = &clkout->slock;
 
+	clkout->data.num = EXYNOS_CLKOUT_NR_CLKS;
 	clkout->data.hws[0] = clk_hw_register_composite(NULL, "clkout",
 				parent_names, parent_count, &clkout->mux.hw,
 				&clk_mux_ops, NULL, NULL, &clkout->gate.hw,
@@ -185,7 +186,6 @@ static int exynos_clkout_probe(struct platform_device *pdev)
 		goto err_unmap;
 	}
 
-	clkout->data.num = EXYNOS_CLKOUT_NR_CLKS;
 	ret = of_clk_add_hw_provider(clkout->np, of_clk_hw_onecell_get, &clkout->data);
 	if (ret)
 		goto err_clk_unreg;

---
base-commit: b6430552c8cd95e90bb842ce2f421e7a5381859f
change-id: 20251124-exynos-clkout-fix-ubsan-bounds-error-93071375ec78

Best regards,
--  
Nathan Chancellor <nathan@kernel.org>



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws
  2025-11-24 19:11 [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws Nathan Chancellor
@ 2025-11-24 19:15 ` Kees Cook
  2025-11-24 20:51 ` Sam Protsenko
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Kees Cook @ 2025-11-24 19:15 UTC (permalink / raw)
  To: Nathan Chancellor
  Cc: Krzysztof Kozlowski, Sylwester Nawrocki, Chanwoo Choi,
	Alim Akhtar, Michael Turquette, Stephen Boyd, Gustavo A. R. Silva,
	Salvatore Bonaccorso, linux-samsung-soc, linux-clk,
	linux-arm-kernel, linux-kernel, linux-hardening, stable,
	Jochen Sprickerhof

On Mon, Nov 24, 2025 at 12:11:06PM -0700, Nathan Chancellor wrote:
> Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
> __counted_by") annotated the hws member of 'struct clk_hw_onecell_data'
> with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS)
> about the number of elements in .hws[], so that it can warn when .hws[]
> is accessed out of bounds. As noted in that change, the __counted_by
> member must be initialized with the number of elements before the first
> array access happens, otherwise there will be a warning from each access
> prior to the initialization because the number of elements is zero. This
> occurs in exynos_clkout_probe() due to .num being assigned after .hws[]
> has been accessed:
> 
>   UBSAN: array-index-out-of-bounds in drivers/clk/samsung/clk-exynos-clkout.c:178:18
>   index 0 is out of range for type 'clk_hw *[*]'
> 
> Move the .num initialization to before the first access of .hws[],
> clearing up the warning.
> 
> Cc: stable@vger.kernel.org
> Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by")
> Reported-by: Jochen Sprickerhof <jochen@sprickerhof.de>
> Closes: https://lore.kernel.org/aSIYDN5eyKFKoXKL@eldamar.lan/
> Tested-by: Jochen Sprickerhof <jochen@sprickerhof.de>
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>

Reviewed-by: Kees Cook <kees@kernel.org>

-- 
Kees Cook


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws
  2025-11-24 19:11 [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws Nathan Chancellor
  2025-11-24 19:15 ` Kees Cook
@ 2025-11-24 20:51 ` Sam Protsenko
  2025-11-24 20:55 ` Krzysztof Kozlowski
  2025-11-30 19:34 ` Stephen Boyd
  3 siblings, 0 replies; 5+ messages in thread
From: Sam Protsenko @ 2025-11-24 20:51 UTC (permalink / raw)
  To: Nathan Chancellor
  Cc: Krzysztof Kozlowski, Sylwester Nawrocki, Chanwoo Choi,
	Alim Akhtar, Michael Turquette, Stephen Boyd, Kees Cook,
	Gustavo A. R. Silva, Salvatore Bonaccorso, linux-samsung-soc,
	linux-clk, linux-arm-kernel, linux-kernel, linux-hardening,
	stable, Jochen Sprickerhof

On Mon, Nov 24, 2025 at 1:11 PM Nathan Chancellor <nathan@kernel.org> wrote:
>
> Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
> __counted_by") annotated the hws member of 'struct clk_hw_onecell_data'
> with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS)
> about the number of elements in .hws[], so that it can warn when .hws[]
> is accessed out of bounds. As noted in that change, the __counted_by
> member must be initialized with the number of elements before the first
> array access happens, otherwise there will be a warning from each access
> prior to the initialization because the number of elements is zero. This
> occurs in exynos_clkout_probe() due to .num being assigned after .hws[]
> has been accessed:
>
>   UBSAN: array-index-out-of-bounds in drivers/clk/samsung/clk-exynos-clkout.c:178:18
>   index 0 is out of range for type 'clk_hw *[*]'
>
> Move the .num initialization to before the first access of .hws[],
> clearing up the warning.
>
> Cc: stable@vger.kernel.org
> Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by")
> Reported-by: Jochen Sprickerhof <jochen@sprickerhof.de>
> Closes: https://lore.kernel.org/aSIYDN5eyKFKoXKL@eldamar.lan/
> Tested-by: Jochen Sprickerhof <jochen@sprickerhof.de>
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
> ---

Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>

>  drivers/clk/samsung/clk-exynos-clkout.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/clk/samsung/clk-exynos-clkout.c b/drivers/clk/samsung/clk-exynos-clkout.c
> index 5f1a4f5e2e59..5b21025338bd 100644
> --- a/drivers/clk/samsung/clk-exynos-clkout.c
> +++ b/drivers/clk/samsung/clk-exynos-clkout.c
> @@ -175,6 +175,7 @@ static int exynos_clkout_probe(struct platform_device *pdev)
>         clkout->mux.shift = EXYNOS_CLKOUT_MUX_SHIFT;
>         clkout->mux.lock = &clkout->slock;
>
> +       clkout->data.num = EXYNOS_CLKOUT_NR_CLKS;
>         clkout->data.hws[0] = clk_hw_register_composite(NULL, "clkout",
>                                 parent_names, parent_count, &clkout->mux.hw,
>                                 &clk_mux_ops, NULL, NULL, &clkout->gate.hw,
> @@ -185,7 +186,6 @@ static int exynos_clkout_probe(struct platform_device *pdev)
>                 goto err_unmap;
>         }
>
> -       clkout->data.num = EXYNOS_CLKOUT_NR_CLKS;
>         ret = of_clk_add_hw_provider(clkout->np, of_clk_hw_onecell_get, &clkout->data);
>         if (ret)
>                 goto err_clk_unreg;
>
> ---
> base-commit: b6430552c8cd95e90bb842ce2f421e7a5381859f
> change-id: 20251124-exynos-clkout-fix-ubsan-bounds-error-93071375ec78
>
> Best regards,
> --
> Nathan Chancellor <nathan@kernel.org>
>
>


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws
  2025-11-24 19:11 [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws Nathan Chancellor
  2025-11-24 19:15 ` Kees Cook
  2025-11-24 20:51 ` Sam Protsenko
@ 2025-11-24 20:55 ` Krzysztof Kozlowski
  2025-11-30 19:34 ` Stephen Boyd
  3 siblings, 0 replies; 5+ messages in thread
From: Krzysztof Kozlowski @ 2025-11-24 20:55 UTC (permalink / raw)
  To: Nathan Chancellor, Sylwester Nawrocki, Chanwoo Choi, Alim Akhtar,
	Michael Turquette, Stephen Boyd, Kees Cook, Gustavo A. R. Silva
  Cc: Salvatore Bonaccorso, linux-samsung-soc, linux-clk,
	linux-arm-kernel, linux-kernel, linux-hardening, stable,
	Jochen Sprickerhof

On 24/11/2025 20:11, Nathan Chancellor wrote:
> Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
> __counted_by") annotated the hws member of 'struct clk_hw_onecell_data'
> with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS)
> about the number of elements in .hws[], so that it can warn when .hws[]
> is accessed out of bounds. As noted in that change, the __counted_by
> member must be initialized with the number of elements before the first
> array access happens, otherwise there will be a warning from each access
> prior to the initialization because the number of elements is zero. This
> occurs in exynos_clkout_probe() due to .num being assigned after .hws[]
> has been accessed:
> 
>   UBSAN: array-index-out-of-bounds in drivers/clk/samsung/clk-exynos-clkout.c:178:18
>   index 0 is out of range for type 'clk_hw *[*]'
> 
> Move the .num initialization to before the first access of .hws[],
> clearing up the warning.
> 
> Cc: stable@vger.kernel.org
> Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by")
> Reported-by: Jochen Sprickerhof <jochen@sprickerhof.de>
> Closes: https://lore.kernel.org/aSIYDN5eyKFKoXKL@eldamar.lan/
> Tested-by: Jochen Sprickerhof <jochen@sprickerhof.de>
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>

@Stephen,

Can you take this directly? You already pulled from me for next cycle,
so that way might be easier.

The fixed commit is from 2023, so does not really fit criteria for late
RC fixes, thus I propose for next release.

Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@oss.qualcomm.com>

Best regards,
Krzysztof


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws
  2025-11-24 19:11 [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws Nathan Chancellor
                   ` (2 preceding siblings ...)
  2025-11-24 20:55 ` Krzysztof Kozlowski
@ 2025-11-30 19:34 ` Stephen Boyd
  3 siblings, 0 replies; 5+ messages in thread
From: Stephen Boyd @ 2025-11-30 19:34 UTC (permalink / raw)
  To: Alim Akhtar, Chanwoo Choi, Gustavo A. R. Silva, Kees Cook,
	Krzysztof Kozlowski, Michael Turquette, Nathan Chancellor,
	Sylwester Nawrocki
  Cc: Salvatore Bonaccorso, linux-samsung-soc, linux-clk,
	linux-arm-kernel, linux-kernel, linux-hardening, stable,
	Jochen Sprickerhof, Nathan Chancellor

Quoting Nathan Chancellor (2025-11-24 11:11:06)
> Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
> __counted_by") annotated the hws member of 'struct clk_hw_onecell_data'
> with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS)
> about the number of elements in .hws[], so that it can warn when .hws[]
> is accessed out of bounds. As noted in that change, the __counted_by
> member must be initialized with the number of elements before the first
> array access happens, otherwise there will be a warning from each access
> prior to the initialization because the number of elements is zero. This
> occurs in exynos_clkout_probe() due to .num being assigned after .hws[]
> has been accessed:
> 
>   UBSAN: array-index-out-of-bounds in drivers/clk/samsung/clk-exynos-clkout.c:178:18
>   index 0 is out of range for type 'clk_hw *[*]'
> 
> Move the .num initialization to before the first access of .hws[],
> clearing up the warning.
> 
> Cc: stable@vger.kernel.org
> Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by")
> Reported-by: Jochen Sprickerhof <jochen@sprickerhof.de>
> Closes: https://lore.kernel.org/aSIYDN5eyKFKoXKL@eldamar.lan/
> Tested-by: Jochen Sprickerhof <jochen@sprickerhof.de>
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
> ---

Applied to clk-next


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-11-30 19:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-24 19:11 [PATCH] clk: samsung: exynos-clkout: Assign .num before accessing .hws Nathan Chancellor
2025-11-24 19:15 ` Kees Cook
2025-11-24 20:51 ` Sam Protsenko
2025-11-24 20:55 ` Krzysztof Kozlowski
2025-11-30 19:34 ` Stephen Boyd

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox