From 7ea0c3feec37aa6a2cb55ea99c9e087eb8f86f50 Mon Sep 17 00:00:00 2001 From: Xingang Wang Date: Thu, 6 Jan 2022 20:40:27 +0800 Subject: [PATCH] arm64/mpam: fix mpam dts init arm_mpam_of_device_ids error ascend inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I49RB2 CVE: NA --------------------------------------------------- [ 0.596145] BUG: KASAN: global-out-of-bounds in __of_match_node.part.0+0xe0/0x110 [ 0.596731] Read of size 1 at addr ffff2000099a8288 by task swapper/0/1 [ 0.597247] [ 0.597372] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.90+ #34 [ 0.597858] Hardware name: linux,dummy-virt (DT) [ 0.598243] Call trace: [ 0.598443] dump_backtrace+0x0/0x360 [ 0.598734] show_stack+0x24/0x30 [ 0.599004] dump_stack+0xdc/0x128 [ 0.599323] print_address_description+0x184/0x278 [ 0.599771] kasan_report+0x204/0x330 [ 0.600117] __asan_report_load1_noabort+0x30/0x40 [ 0.600566] __of_match_node.part.0+0xe0/0x110 [ 0.600980] of_match_node+0x6c/0xa8 [ 0.601316] of_match_device+0x48/0x70 [ 0.601669] platform_match+0xa4/0x260 [ 0.602037] __driver_attach+0x68/0x128 [ 0.602397] bus_for_each_dev+0x118/0x198 [ 0.602773] driver_attach+0x48/0x60 [ 0.603112] bus_add_driver+0x330/0x658 [ 0.603472] driver_register+0x148/0x398 [ 0.603839] __platform_driver_register+0xd4/0x108 [ 0.604288] arm_mpam_driver_init+0x64/0x78 [ 0.604680] do_one_initcall+0xbc/0x488 [ 0.605039] kernel_init_freeable+0x604/0x6f8 [ 0.605447] kernel_init+0x18/0x130 [ 0.605775] ret_from_fork+0x10/0x18 [ 0.606130] [ 0.606274] The buggy address belongs to the variable: [ 0.606754] arm_mpam_of_device_ids+0xc8/0x380 [ 0.607168] [ 0.607314] Memory state around the buggy address: [ 0.607762] ffff2000099a8180: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 [ 0.608429] ffff2000099a8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.609095] >ffff2000099a8280: 00 fa fa fa fa fa fa fa 05 fa fa fa fa fa fa fa [ 0.609760] ^ [ 0.610101] ffff2000099a8300: 00 00 07 fa fa fa fa fa 00 04 fa fa fa fa fa fa [ 0.610771] ffff2000099a8380: 00 00 00 06 fa fa fa fa 00 01 fa fa fa fa fa fa The arm_mpam_of_device_ids array has no end item, so the array access might be out of bounds. When enable the KASAN config, the out of bounds call trace occured. The add empty end item for arm_mpam_of_device_ids array to fix this issue. Fixes: b45bdb5a8604 ("arm64/mpam: add device tree support for mpam initialization") Signed-off-by: Xingang Wang Reviewed-by: Cheng Jian Signed-off-by: Yang Yingliang --- arch/arm64/kernel/mpam/mpam_device.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/mpam/mpam_device.c b/arch/arm64/kernel/mpam/mpam_device.c index c7b5c50d431b..4e882e81cf41 100644 --- a/arch/arm64/kernel/mpam/mpam_device.c +++ b/arch/arm64/kernel/mpam/mpam_device.c @@ -1715,6 +1715,7 @@ void mpam_component_get_config(struct mpam_component *comp, static const struct of_device_id arm_mpam_of_device_ids[] = { {.compatible = "arm,mpam"}, + { } }; static int of_mpam_parse_irq(struct platform_device *pdev, -- GitLab