Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

bcl: fix allocation for BCL attribute 

The size of the BCL attribute is incorrect due to a precedence bug:

This was observed while booting with Kernel Address Sanitizer(KASan) enabled.

=============================================================================
BUG kmalloc-64 (Tainted: G    B       ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Slab 0xffffffbc0661c6e0 objects=64 used=64 fp=0x          (null) flags=0x0080
INFO: Object 0xffffffc0a360bb00 @offset=2816 fp=0xffffffc0a3454728

Bytes b4 ffffffc0a360baf0: 3f 37 9c 1c 00 00 00 00 02 00 02 00 a9 4e ad de  ?7...........N..
Object ffffffc0a360bb00: 28 47 45 a3 c0 ff ff ff 48 47 45 a3 c0 ff ff ff  (GE.....HGE.....
Object ffffffc0a360bb10: 68 47 45 a3 c0 ff ff ff 00 00 00 00 00 00 00 00  hGE.............
Object ffffffc0a360bb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc0a360bb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 0 PID: 1 Comm: swapper/0 Tainted: G    B        3.10.49-g465b172-00133-gb931dc1 #134
Call trace:
[<ffffffc00040a2a4>] dump_backtrace+0x0/0x1d4
[<ffffffc00040a488>] show_stack+0x10/0x1c
[<ffffffc000f971a4>] dump_stack+0x1c/0x28
[<ffffffc00054aeb4>] print_trailer+0x144/0x158
[<ffffffc00054b210>] object_err+0x38/0x4c
[<ffffffc00054fed8>] kasan_report_error+0x210/0x3b0
[<ffffffc000550188>] kasan_report+0x68/0x78
[<ffffffc00054f1b0>] __asan_load8+0x90/0x9c
[<ffffffc0005dff78>] internal_create_group+0x1a0/0x2f4
[<ffffffc0005e00dc>] sysfs_create_group+0x10/0x1c
[<ffffffc000c5eb9c>] msm_bcl_register_param+0x384/0x450
[<ffffffc000c61758>] bcl_probe+0x840/0xb84
[<ffffffc000a394b8>] spmi_drv_probe+0x2c/0x3c
[<ffffffc000999150>] driver_probe_device+0x1f4/0x47c
[<ffffffc0009994c4>] __driver_attach+0x88/0xc0
[<ffffffc000996434>] bus_for_each_dev+0xdc/0x11c
[<ffffffc0009988ac>] driver_attach+0x2c/0x3c
[<ffffffc0009981fc>] bus_add_driver+0x1bc/0x32c
[<ffffffc000999d1c>] driver_register+0x10c/0x1d8
[<ffffffc000a39a30>] spmi_driver_register+0x98/0xa8
[<ffffffc00183a300>] bcl_perph_init+0x2c/0x38
[<ffffffc000400b00>] do_one_initcall+0xcc/0x188
[<ffffffc001800b54>] kernel_init_freeable+0x1c0/0x264
[<ffffffc000f89b84>] kernel_init+0x10/0xcc
Memory state around the buggy address:
 ffffffc0a360ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffc0a360ba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffc0a360bb00: 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc fc
                            ^
 ffffffc0a360bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffffffc0a360bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

Fix this by adding parantheses to fix precedence.

CRs-Fixed: 826589
Change-Id: Ia58b6e52c491b89b10a2b8fe45445372bfe9fa20
Signed-off-by: David Keitel <dkeitel@codeaurora.org>
This commit is contained in:
David Keitel 2015-04-20 15:51:33 -07:00
parent 2555689591
commit 3869552d03
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/power/msm_bcl.c
View File

@ -301,7 +301,7 @@ static int bcl_add_sysfs_nodes(enum bcl_param param_type)
return ret;
}
bcl[param_type]->bcl_attr_gp.attrs = kzalloc(sizeof(struct attribute *)
* BCL_PARAM_MAX_ATTR + 1, GFP_KERNEL);
* (BCL_PARAM_MAX_ATTR + 1), GFP_KERNEL);
if (!bcl[param_type]->bcl_attr_gp.attrs) {
pr_err("Sysfs attribute create failed.\n");
ret = -ENOMEM;