Patch "clk: check ops pointer on clock register" has been added to the 4.15-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 22 Mar 2018 14:06:09 +0100

This is a note to let you know that I've just added the patch titled

    clk: check ops pointer on clock register

to the 4.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     clk-check-ops-pointer-on-clock-register.patch
and it can be found in the queue-4.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Thu Mar 22 14:03:40 CET 2018
From: Jerome Brunet <jbrunet@xxxxxxxxxxxx>
Date: Tue, 19 Dec 2017 09:33:29 +0100
Subject: clk: check ops pointer on clock register

From: Jerome Brunet <jbrunet@xxxxxxxxxxxx>


[ Upstream commit 29fd2a34ef8d863e48183bd473ba57c8d7839e25 ]

Nothing really prevents a provider from (trying to) register a clock
without providing the clock ops structure.

We do check the individual fields before using them, but not the
structure pointer itself. This may have the usual nasty consequences when
the pointer is dereferenced, most likely when checking one the field
during the initialization.

This is fixed by returning an error on clock register if the ops pointer
is NULL.

Signed-off-by: Jerome Brunet <jbrunet@xxxxxxxxxxxx>
Signed-off-by: Michael Turquette <mturquette@xxxxxxxxxxxx>
Link: lkml.kernel.org/r/20171219083329.24746-1-jbrunet@xxxxxxxxxxxx
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/clk/clk.c |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/drivers/clk/clk.c
+++ b/drivers/clk/clk.c
@@ -2684,7 +2684,13 @@ struct clk *clk_register(struct device *
 		ret = -ENOMEM;
 		goto fail_name;
 	}
+
+	if (WARN_ON(!hw->init->ops)) {
+		ret = -EINVAL;
+		goto fail_ops;
+	}
 	core->ops = hw->init->ops;
+
 	if (dev && pm_runtime_enabled(dev))
 		core->dev = dev;
 	if (dev && dev->driver)
@@ -2746,6 +2752,7 @@ fail_parent_names_copy:
 		kfree_const(core->parent_names[i]);
 	kfree(core->parent_names);
 fail_parent_names:
+fail_ops:
 	kfree_const(core->name);
 fail_name:
 	kfree(core);


Patches currently in stable-queue which might be from jbrunet@xxxxxxxxxxxx are

queue-4.15/clk-check-ops-pointer-on-clock-register.patch
queue-4.15/net-phy-meson-gxl-check-phy_write-return-value.patch
queue-4.15/clk-use-round-rate-to-bail-out-early-in-set_rate.patch






