diff options
| author | Taniya Das <tdas@codeaurora.org> | 2015-12-26 23:30:38 +0530 |
|---|---|---|
| committer | David Keitel <dkeitel@codeaurora.org> | 2016-03-23 21:16:15 -0700 |
| commit | a5a0b5e480d80b5c069d216aefcf3e741a466dfa (patch) | |
| tree | 9c86cd4c6aedb6c65efea72c541930dfdcebd347 | |
| parent | 6967f2686da8efc1bdc0a4cc4bdbfe88c5123ef9 (diff) | |
clk: msm: clock-alpha-pll: Fix out of bound access
BUG: KASAN: global-out-of-bounds in dyna_alpha_pll_enable+0x1a8/0x450 at
addr ffffffc003412ee0
Read of size 8 by task surfaceflinger/548
page:ffffffba45a3cc60 count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x400(reserved)
page dumped because: kasan: bad access detected
Address belongs to variable p_vco_8937+0x20/0x40
Call trace:
Memory state around the buggy address:
ffffffc003412d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc003412e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffc003412e80: 00 00 00 00 fa fa fa fa 00 00 00 fa fa fa fa fa
^
ffffffc003412f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc003412f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
==================================================================
When slewing is enabled the expectation is the vco will operate in the same
vco mode. The calibrated frequency should use only index '0'.
Change-Id: I1fdcb7d8c09b4f7ff41a1c1a9b36351a6c808c47
Signed-off-by: Taniya Das <tdas@codeaurora.org>
| -rw-r--r-- | drivers/clk/msm/clock-alpha-pll.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/drivers/clk/msm/clock-alpha-pll.c b/drivers/clk/msm/clock-alpha-pll.c index ad1f62467771..5f59509d540a 100644 --- a/drivers/clk/msm/clock-alpha-pll.c +++ b/drivers/clk/msm/clock-alpha-pll.c @@ -526,8 +526,13 @@ static int __calibrate_alpha_pll(struct alpha_pll_clk *pll) pr_err("alpha pll: not in a valid vco range\n"); return -EINVAL; } - calibration_freq = (vco_tbl[vco_val].min_freq + - vco_tbl[vco_val].max_freq)/2; + /* + * As during slewing plls vco_sel won't be allowed to change, vco table + * should have only one entry table, i.e. index = 0, find the + * calibration frequency. + */ + calibration_freq = (vco_tbl[0].min_freq + + vco_tbl[0].max_freq)/2; freq_hz = round_rate_up(pll, calibration_freq, &l_val, &a_val); if (freq_hz != calibration_freq) { |