From: Paul Walmsley Date: Thu, 3 Sep 2009 17:13:53 +0000 (+0300) Subject: OMAP: powerdomain: Fix overflow when doing powerdomain deps lookups. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=5d113262ee9e074e0d36362d878892819bfdeb47;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git OMAP: powerdomain: Fix overflow when doing powerdomain deps lookups. At the end of the list pd is a pointer to a NULL struct, so checking if the address == NULL doesn't help here. In fact the original code will just keep running past the struct to read who knows what in memory. This case manifests itself when from clkdms_setup() when enabling auto idle for a clock domain and the clockdomain usecount is greater than 0. When _clkdm_add_autodeps() tries to add the a dependency that does not exist in the powerdomain->wkdep_srcs array the for loop will run past the wkdep_srcs array. Currently in linux-omap you won't hit this because the not found case is never executed, unless you start modifying powerdomains and their wakeup/sleep deps. Signed-off-by: Mike Chan Signed-off-by: Paul Walmsley --- diff --git a/arch/arm/mach-omap2/powerdomain.c b/arch/arm/mach-omap2/powerdomain.c index 983f1cb676be..66206b6357fc 100644 --- a/arch/arm/mach-omap2/powerdomain.c +++ b/arch/arm/mach-omap2/powerdomain.c @@ -83,7 +83,7 @@ static struct powerdomain *_pwrdm_deps_lookup(struct powerdomain *pwrdm, if (!pwrdm || !deps || !omap_chip_is(pwrdm->omap_chip)) return ERR_PTR(-EINVAL); - for (pd = deps; pd; pd++) { + for (pd = deps; pd->pwrdm_name; pd++) { if (!omap_chip_is(pd->omap_chip)) continue; @@ -96,7 +96,7 @@ static struct powerdomain *_pwrdm_deps_lookup(struct powerdomain *pwrdm, } - if (!pd) + if (!pd->pwrdm_name) return ERR_PTR(-ENOENT); return pd->pwrdm;