From 3b68b08885217abd9c57ff9b3bb3eb173eee02a9 Mon Sep 17 00:00:00 2001 From: Alexander Sverdlin Date: Sun, 30 Jan 2022 16:25:02 +0100 Subject: ep93xx: clock: Fix UAF in ep93xx_clk_register_gate() arch/arm/mach-ep93xx/clock.c:154:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc] arch/arm/mach-ep93xx/clock.c:151:2: note: Taking true branch if (IS_ERR(clk)) ^ arch/arm/mach-ep93xx/clock.c:152:3: note: Memory is released kfree(psc); ^~~~~~~~~~ arch/arm/mach-ep93xx/clock.c:154:2: note: Use of memory after it is freed return &psc->hw; ^ ~~~~~~~~ Fixes: 9645ccc7bd7a ("ep93xx: clock: convert in-place to COMMON_CLK") Reported-by: kernel test robot Signed-off-by: Alexander Sverdlin Cc: stable@vger.kernel.org Link: https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org/thread/B5YCO2NJEXINCYE26Y255LCVMO55BGWW/ Signed-off-by: Arnd Bergmann --- arch/arm/mach-ep93xx/clock.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'arch/arm/mach-ep93xx/clock.c') diff --git a/arch/arm/mach-ep93xx/clock.c b/arch/arm/mach-ep93xx/clock.c index cc75087134d3..28e0ae6e890e 100644 --- a/arch/arm/mach-ep93xx/clock.c +++ b/arch/arm/mach-ep93xx/clock.c @@ -148,8 +148,10 @@ static struct clk_hw *ep93xx_clk_register_gate(const char *name, psc->lock = &clk_lock; clk = clk_register(NULL, &psc->hw); - if (IS_ERR(clk)) + if (IS_ERR(clk)) { kfree(psc); + return ERR_CAST(clk); + } return &psc->hw; } -- cgit v1.2.3 From caee01050bd483f1b6f6abc686a3516e48e2ad9e Mon Sep 17 00:00:00 2001 From: Alexander Sverdlin Date: Thu, 20 Jan 2022 14:37:39 +0100 Subject: ep93xx: clock: Don't use plain integer as NULL pointer Fix sparse warning: arch/arm/mach-ep93xx/clock.c:210:35: sparse: sparse: Using plain integer as NULL pointer Reported-by: kernel test robot Signed-off-by: Alexander Sverdlin Link: https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org/thread/TLFJ6D7WGMDJSQ6XK7UZE4XR2PLRZJSV/ Signed-off-by: Arnd Bergmann --- arch/arm/mach-ep93xx/clock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/arm/mach-ep93xx/clock.c') diff --git a/arch/arm/mach-ep93xx/clock.c b/arch/arm/mach-ep93xx/clock.c index 28e0ae6e890e..4fa6ea5461b7 100644 --- a/arch/arm/mach-ep93xx/clock.c +++ b/arch/arm/mach-ep93xx/clock.c @@ -209,7 +209,7 @@ static int ep93xx_mux_determine_rate(struct clk_hw *hw, struct clk_rate_request *req) { unsigned long rate = req->rate; - struct clk *best_parent = 0; + struct clk *best_parent = NULL; unsigned long __parent_rate; unsigned long best_rate = 0, actual_rate, mclk_rate; unsigned long best_parent_rate; -- cgit v1.2.3