This is a note to let you know that I've just added the patch titled
mailbox: pcc: Fix an invalid-load caught by the address sanitizer
to the 5.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
mailbox-pcc-fix-an-invalid-load-caught-by-the-addres.patch
and it can be found in the queue-5.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 3c6e41fff7b12c0b0cd544f3a2f7ad8ab924fc17
Author: Mario Limonciello <mario.limonciello@xxxxxxx>
Date: Mon May 9 09:17:16 2022 -0500
mailbox: pcc: Fix an invalid-load caught by the address sanitizer
[ Upstream commit 369e4ef87a8f5da7c348ec2c61ec5cd726e8337a ]
`pcc_mailbox_probe` doesn't initialize all memory that has been allocated
before the first time that one of it's members `txdone_irq` may be
accessed.
This leads to a an invalid load any time that this member is accessed:
[ 2.429769] UBSAN: invalid-load in drivers/mailbox/pcc.c:684:22
[ 2.430324] UBSAN: invalid-load in drivers/mailbox/mailbox.c:486:12
[ 4.276782] UBSAN: invalid-load in drivers/acpi/cppc_acpi.c:314:45
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215587
Fixes: ce028702ddbc ("mailbox: pcc: Move bulk of PCCT parsing into pcc_mbox_probe")
Signed-off-by: Mario Limonciello <mario.limonciello@xxxxxxx>
Reviewed-by: Sudeep Holla <sudeep.holla@xxxxxxx>
Signed-off-by: Jassi Brar <jaswinder.singh@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/mailbox/pcc.c b/drivers/mailbox/pcc.c
index ed18936b8ce6..ebfa33a40fce 100644
--- a/drivers/mailbox/pcc.c
+++ b/drivers/mailbox/pcc.c
@@ -654,7 +654,7 @@ static int pcc_mbox_probe(struct platform_device *pdev)
goto err;
}
- pcc_mbox_ctrl = devm_kmalloc(dev, sizeof(*pcc_mbox_ctrl), GFP_KERNEL);
+ pcc_mbox_ctrl = devm_kzalloc(dev, sizeof(*pcc_mbox_ctrl), GFP_KERNEL);
if (!pcc_mbox_ctrl) {
rc = -ENOMEM;
goto err;
