Re: [PATCH] ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()
From: Nikita Shubin
Date: Wed Sep 11 2024 - 04:23:24 EST
Hi Dan!
Reviewed-by: Nikita Shubin <nikita.shubin@xxxxxxxxxxx>
Alexander, Arnd
unfortunately, the ep93xx DT conversion series is also affected by this
bug.
On Wed, 2024-09-11 at 10:39 +0300, Dan Carpenter wrote:
> The psc->div[] array has psc->num_div elements. These values come
> from
> when we call clk_hw_register_div(). It's adc_divisors and
> ARRAY_SIZE(adc_divisors)) and so on. So this condition needs to be
> >=
> instead of > to prevent an out of bounds read.
>
> Fixes: 9645ccc7bd7a ("ep93xx: clock: convert in-place to COMMON_CLK")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> arch/arm/mach-ep93xx/clock.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm/mach-ep93xx/clock.c b/arch/arm/mach-
> ep93xx/clock.c
> index 85a496ddc619..e9f72a529b50 100644
> --- a/arch/arm/mach-ep93xx/clock.c
> +++ b/arch/arm/mach-ep93xx/clock.c
> @@ -359,7 +359,7 @@ static unsigned long
> ep93xx_div_recalc_rate(struct clk_hw *hw,
> u32 val = __raw_readl(psc->reg);
> u8 index = (val & psc->mask) >> psc->shift;
>
> - if (index > psc->num_div)
> + if (index >= psc->num_div)
> return 0;
>
> return DIV_ROUND_UP_ULL(parent_rate, psc->div[index]);