From 6975e2dd5f37de965093ba3a8a08635a77a960f7 Mon Sep 17 00:00:00 2001 From: David Keitel Date: Mon, 20 Apr 2015 15:51:33 -0700 Subject: bcl: fix allocation for BCL attribute The size of the BCL attribute is incorrect due to a precedence bug: This was observed while booting with Kernel Address Sanitizer(KASan) enabled. ============================================================================= BUG kmalloc-64 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Slab 0xffffffbc0661c6e0 objects=64 used=64 fp=0x (null) flags=0x0080 INFO: Object 0xffffffc0a360bb00 @offset=2816 fp=0xffffffc0a3454728 Bytes b4 ffffffc0a360baf0: 3f 37 9c 1c 00 00 00 00 02 00 02 00 a9 4e ad de ?7...........N.. Object ffffffc0a360bb00: 28 47 45 a3 c0 ff ff ff 48 47 45 a3 c0 ff ff ff (GE.....HGE..... Object ffffffc0a360bb10: 68 47 45 a3 c0 ff ff ff 00 00 00 00 00 00 00 00 hGE............. Object ffffffc0a360bb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffffffc0a360bb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 3.10.49-g465b172-00133-gb931dc1 #134 Call trace: [] dump_backtrace+0x0/0x1d4 [] show_stack+0x10/0x1c [] dump_stack+0x1c/0x28 [] print_trailer+0x144/0x158 [] object_err+0x38/0x4c [] kasan_report_error+0x210/0x3b0 [] kasan_report+0x68/0x78 [] __asan_load8+0x90/0x9c [] internal_create_group+0x1a0/0x2f4 [] sysfs_create_group+0x10/0x1c [] msm_bcl_register_param+0x384/0x450 [] bcl_probe+0x840/0xb84 [] spmi_drv_probe+0x2c/0x3c [] driver_probe_device+0x1f4/0x47c [] __driver_attach+0x88/0xc0 [] bus_for_each_dev+0xdc/0x11c [] driver_attach+0x2c/0x3c [] bus_add_driver+0x1bc/0x32c [] driver_register+0x10c/0x1d8 [] spmi_driver_register+0x98/0xa8 [] bcl_perph_init+0x2c/0x38 [] do_one_initcall+0xcc/0x188 [] kernel_init_freeable+0x1c0/0x264 [] kernel_init+0x10/0xcc Memory state around the buggy address: ffffffc0a360ba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0a360ba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffc0a360bb00: 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffffc0a360bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffffc0a360bc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== Fix this by adding parantheses to fix precedence. CRs-Fixed: 826589 Change-Id: Ia58b6e52c491b89b10a2b8fe45445372bfe9fa20 Signed-off-by: David Keitel --- drivers/power/msm_bcl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/power/msm_bcl.c b/drivers/power/msm_bcl.c index d36dfd2..6b7cefd 100644 --- a/drivers/power/msm_bcl.c +++ b/drivers/power/msm_bcl.c @@ -301,7 +301,7 @@ static int bcl_add_sysfs_nodes(enum bcl_param param_type) return ret; } bcl[param_type]->bcl_attr_gp.attrs = kzalloc(sizeof(struct attribute *) - * BCL_PARAM_MAX_ATTR + 1, GFP_KERNEL); + * (BCL_PARAM_MAX_ATTR + 1), GFP_KERNEL); if (!bcl[param_type]->bcl_attr_gp.attrs) { pr_err("Sysfs attribute create failed.\n"); ret = -ENOMEM; -- cgit v1.1