On Mon, Feb 1, 2016 at 8:49 PM, Alexey Klimov <alexey.klimov@xxxxxxx> wrote:
> (adding Rafael and linux-acpi)
>
> On Fri, Jan 15, 2016 at 6:22 PM, Ashwin Chaugule <ashwin.chaugule@xxxxxxxxxx> wrote:
>> + Jassi (Linaro addr)
>>
>> On 15 January 2016 at 13:20, Ashwin Chaugule <ashwin.chaugule@xxxxxxxxxx> wrote:
>>> Jassi,
>>>
>>> On 10 December 2015 at 13:19, Ashwin Chaugule
>>> <ashwin.chaugule@xxxxxxxxxx> wrote:
>>>> On 10 December 2015 at 12:28, Alexey Klimov <alexey.klimov@xxxxxxx> wrote:
>>>>> This patch fixes the calculation of pcc_chan for non-zero id.
>>>>> After the compiler ignores the (unsigned long) cast the
>>>>> pcc_mbox_channels pointer is type-cast and then the type-cast
>>>>> offset is added which results in address outside of the range
>>>>> leading to the kernel crashing.
>>>>>
>>>>> We might add braces and make it:
>>>>>
>>>>> pcc_chan = (struct mbox_chan *)
>>>>> ((unsigned long) pcc_mbox_channels +
>>>>> (id * sizeof(*pcc_chan)));
>>>>>
>>>>> but let's go with array approach here and use id as index.
>>>>>
>>>>> Tested on Juno board.
>>>>>
>>>>> Acked-by: Sudeep Holla <sudeep.holla@xxxxxxx>
>>>>> Signed-off-by: Alexey Klimov <alexey.klimov@xxxxxxx>
>>>>> ---
>>>>> drivers/mailbox/pcc.c | 8 +-------
>>>>> 1 file changed, 1 insertion(+), 7 deletions(-)
>>>>>
>>>>> diff --git a/drivers/mailbox/pcc.c b/drivers/mailbox/pcc.c
>>>>> index 45d85ae..8f779a1 100644
>>>>> --- a/drivers/mailbox/pcc.c
>>>>> +++ b/drivers/mailbox/pcc.c
>>>>> @@ -81,16 +81,10 @@ static struct mbox_controller pcc_mbox_ctrl = {};
>>>>> */
>>>>> static struct mbox_chan *get_pcc_channel(int id)
>>>>> {
>>>>> - struct mbox_chan *pcc_chan;
>>>>> -
>>>>> if (id < 0 || id > pcc_mbox_ctrl.num_chans)
>>>>> return ERR_PTR(-ENOENT);
>>>>>
>>>>> - pcc_chan = (struct mbox_chan *)
>>>>> - (unsigned long) pcc_mbox_channels +
>>>>> - (id * sizeof(*pcc_chan));
>>>>> -
>>>>> - return pcc_chan;
>>>>> + return &pcc_mbox_channels[id];
>>>>> }
>>>>>
>>>>
>>>>
>>>> Strange that we didn't catch this even with a non-zero id. But the
>>>> change makes sense so..
>>>>
>>>> Acked-by: Ashwin Chaugule <ashwin.chaugule@xxxxxxxxxx>
>>>
>>> Can you please include this patch in your pull request to Linus?
>
> Hi Rafael,
>
> any chance you can take this fix via your tree?
> I can resend patch if you want.
> Looks like Jassi doesn't have time or doesn't care.
>
Ouch... sorry. Ashwin's reminder came after I had sent the pull
request. And then it just got overlooked. If Rafael doesn't pick it as
my punishment, I'll tomorow :)
Cheers!
--
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
