Openwrt/target/linux/layerscape/patches-5.4/801-audio-0072-MLK-22522-ASoC-fsl_sai-fix-stack-out-of-bounds-KASAN.patch
Yangbo Lu cddd459140 layerscape: add patches-5.4
Add patches for linux-5.4. The patches are from NXP LSDK-20.04 release
which was tagged LSDK-20.04-V5.4.
https://source.codeaurora.org/external/qoriq/qoriq-components/linux/

For boards LS1021A-IOT, and Traverse-LS1043 which are not involved in
LSDK, port the dts patches from 4.14.

The patches are sorted into the following categories:
  301-arch-xxxx
  302-dts-xxxx
  303-core-xxxx
  701-net-xxxx
  801-audio-xxxx
  802-can-xxxx
  803-clock-xxxx
  804-crypto-xxxx
  805-display-xxxx
  806-dma-xxxx
  807-gpio-xxxx
  808-i2c-xxxx
  809-jailhouse-xxxx
  810-keys-xxxx
  811-kvm-xxxx
  812-pcie-xxxx
  813-pm-xxxx
  814-qe-xxxx
  815-sata-xxxx
  816-sdhc-xxxx
  817-spi-xxxx
  818-thermal-xxxx
  819-uart-xxxx
  820-usb-xxxx
  821-vfio-xxxx

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00

79 lines
2.9 KiB
Diff

From 5d4e9c8371a2343c66123078dbde15438450b9a4 Mon Sep 17 00:00:00 2001
From: Viorel Suman <viorel.suman@nxp.com>
Date: Thu, 29 Aug 2019 13:17:33 +0300
Subject: [PATCH] MLK-22522: ASoC: fsl_sai: fix stack-out-of-bounds KASAN
complain
Fix the following KASAN reported issue:
==================================================================
[ 11.580278] BUG: KASAN: stack-out-of-bounds in find_next_bit+0x3c/0xc0
[ 11.586815] Read of size 8 at addr ffffffc8c8d4f760 by task swapper/0/1
[ 11.593440]
[ 11.594943] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G W 4.19.35-05042-g. #157
[ 11.604259] Hardware name: Freescale i.MX8QM MEK (DT)
[ 11.609323] Call trace:
[ 11.611785] dump_backtrace+0x0/0x230
[ 11.615458] show_stack+0x14/0x20
[ 11.618787] dump_stack+0xbc/0xf4
[ 11.622118] print_address_description+0x60/0x270
[ 11.626830] kasan_report+0x230/0x360
[ 11.630505] __asan_load8+0x84/0xa8
[ 11.634005] find_next_bit+0x3c/0xc0
[ 11.637595] fsl_sai_calc_dl_off+0x1c/0x50
[ 11.641703] fsl_sai_read_dlcfg+0x184/0x368
[ 11.645898] fsl_sai_probe+0x3ec/0xb48
[ 11.649663] platform_drv_probe+0x70/0xd8
[ 11.653683] really_probe+0x24c/0x370
[ 11.657358] driver_probe_device+0x70/0x138
[ 11.661554] __driver_attach+0x124/0x128
[ 11.665489] bus_for_each_dev+0xe8/0x158
[ 11.669425] driver_attach+0x30/0x40
[ 11.673012] bus_add_driver+0x290/0x308
[ 11.676861] driver_register+0xbc/0x1d0
[ 11.680711] __platform_driver_register+0x7c/0x88
[ 11.685431] fsl_sai_driver_init+0x18/0x20
[ 11.689537] do_one_initcall+0xe8/0x5a8
[ 11.693387] kernel_init_freeable+0x6b0/0x760
[ 11.697759] kernel_init+0x10/0x120
[ 11.701255] ret_from_fork+0x10/0x18
....
==================================================================
[ 11.800186] Disabling lock debugging due to kernel taint
Signed-off-by: Viorel Suman <viorel.suman@nxp.com>
Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com>
---
sound/soc/fsl/fsl_sai.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/sound/soc/fsl/fsl_sai.c
+++ b/sound/soc/fsl/fsl_sai.c
@@ -1259,12 +1259,12 @@ static const struct of_device_id fsl_sai
};
MODULE_DEVICE_TABLE(of, fsl_sai_ids);
-static unsigned int fsl_sai_calc_dl_off(unsigned int* dl_mask)
+static unsigned int fsl_sai_calc_dl_off(unsigned long dl_mask)
{
int fbidx, nbidx, offset;
- fbidx = find_first_bit((const unsigned long *)dl_mask, 8);
- nbidx = find_next_bit((const unsigned long *)dl_mask, 8, fbidx+1);
+ fbidx = find_first_bit(&dl_mask, 8);
+ nbidx = find_next_bit(&dl_mask, 8, fbidx + 1);
offset = nbidx - fbidx - 1;
return (offset < 0 || offset >= 7 ? 0 : offset);
@@ -1321,9 +1321,9 @@ static int fsl_sai_read_dlcfg(struct pla
cfg[i].pins = pins;
cfg[i].mask[0] = rx;
- cfg[i].offset[0] = fsl_sai_calc_dl_off(&rx);
+ cfg[i].offset[0] = fsl_sai_calc_dl_off(rx);
cfg[i].mask[1] = tx;
- cfg[i].offset[1] = fsl_sai_calc_dl_off(&tx);
+ cfg[i].offset[1] = fsl_sai_calc_dl_off(tx);
}
*rcfg = cfg;