1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
From 5d4e9c8371a2343c66123078dbde15438450b9a4 Mon Sep 17 00:00:00 2001
From: Viorel Suman <viorel.suman@nxp.com>
Date: Thu, 29 Aug 2019 13:17:33 +0300
Subject: [PATCH] MLK-22522: ASoC: fsl_sai: fix stack-out-of-bounds KASAN
complain
Fix the following KASAN reported issue:
==================================================================
[ 11.580278] BUG: KASAN: stack-out-of-bounds in find_next_bit+0x3c/0xc0
[ 11.586815] Read of size 8 at addr ffffffc8c8d4f760 by task swapper/0/1
[ 11.593440]
[ 11.594943] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G W 4.19.35-05042-g. #157
[ 11.604259] Hardware name: Freescale i.MX8QM MEK (DT)
[ 11.609323] Call trace:
[ 11.611785] dump_backtrace+0x0/0x230
[ 11.615458] show_stack+0x14/0x20
[ 11.618787] dump_stack+0xbc/0xf4
[ 11.622118] print_address_description+0x60/0x270
[ 11.626830] kasan_report+0x230/0x360
[ 11.630505] __asan_load8+0x84/0xa8
[ 11.634005] find_next_bit+0x3c/0xc0
[ 11.637595] fsl_sai_calc_dl_off+0x1c/0x50
[ 11.641703] fsl_sai_read_dlcfg+0x184/0x368
[ 11.645898] fsl_sai_probe+0x3ec/0xb48
[ 11.649663] platform_drv_probe+0x70/0xd8
[ 11.653683] really_probe+0x24c/0x370
[ 11.657358] driver_probe_device+0x70/0x138
[ 11.661554] __driver_attach+0x124/0x128
[ 11.665489] bus_for_each_dev+0xe8/0x158
[ 11.669425] driver_attach+0x30/0x40
[ 11.673012] bus_add_driver+0x290/0x308
[ 11.676861] driver_register+0xbc/0x1d0
[ 11.680711] __platform_driver_register+0x7c/0x88
[ 11.685431] fsl_sai_driver_init+0x18/0x20
[ 11.689537] do_one_initcall+0xe8/0x5a8
[ 11.693387] kernel_init_freeable+0x6b0/0x760
[ 11.697759] kernel_init+0x10/0x120
[ 11.701255] ret_from_fork+0x10/0x18
....
==================================================================
[ 11.800186] Disabling lock debugging due to kernel taint
Signed-off-by: Viorel Suman <viorel.suman@nxp.com>
Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com>
---
sound/soc/fsl/fsl_sai.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/sound/soc/fsl/fsl_sai.c
+++ b/sound/soc/fsl/fsl_sai.c
@@ -1259,12 +1259,12 @@ static const struct of_device_id fsl_sai
};
MODULE_DEVICE_TABLE(of, fsl_sai_ids);
-static unsigned int fsl_sai_calc_dl_off(unsigned int* dl_mask)
+static unsigned int fsl_sai_calc_dl_off(unsigned long dl_mask)
{
int fbidx, nbidx, offset;
- fbidx = find_first_bit((const unsigned long *)dl_mask, 8);
- nbidx = find_next_bit((const unsigned long *)dl_mask, 8, fbidx+1);
+ fbidx = find_first_bit(&dl_mask, 8);
+ nbidx = find_next_bit(&dl_mask, 8, fbidx + 1);
offset = nbidx - fbidx - 1;
return (offset < 0 || offset >= 7 ? 0 : offset);
@@ -1321,9 +1321,9 @@ static int fsl_sai_read_dlcfg(struct pla
cfg[i].pins = pins;
cfg[i].mask[0] = rx;
- cfg[i].offset[0] = fsl_sai_calc_dl_off(&rx);
+ cfg[i].offset[0] = fsl_sai_calc_dl_off(rx);
cfg[i].mask[1] = tx;
- cfg[i].offset[1] = fsl_sai_calc_dl_off(&tx);
+ cfg[i].offset[1] = fsl_sai_calc_dl_off(tx);
}
*rcfg = cfg;
|
