From: Jerome Brunet Date: Tue, 19 Dec 2017 08:33:29 +0000 (+0100) Subject: clk: check ops pointer on clock register X-Git-Tag: v4.15.13~30 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=48228438f263d60c2ddd79bfbad555c038eee4d3;p=thirdparty%2Fkernel%2Fstable.git clk: check ops pointer on clock register [ Upstream commit 29fd2a34ef8d863e48183bd473ba57c8d7839e25 ] Nothing really prevents a provider from (trying to) register a clock without providing the clock ops structure. We do check the individual fields before using them, but not the structure pointer itself. This may have the usual nasty consequences when the pointer is dereferenced, most likely when checking one the field during the initialization. This is fixed by returning an error on clock register if the ops pointer is NULL. Signed-off-by: Jerome Brunet Signed-off-by: Michael Turquette Link: lkml.kernel.org/r/20171219083329.24746-1-jbrunet@baylibre.com Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c index b56c11f51bafa..12180049a42ae 100644 --- a/drivers/clk/clk.c +++ b/drivers/clk/clk.c @@ -2684,7 +2684,13 @@ struct clk *clk_register(struct device *dev, struct clk_hw *hw) ret = -ENOMEM; goto fail_name; } + + if (WARN_ON(!hw->init->ops)) { + ret = -EINVAL; + goto fail_ops; + } core->ops = hw->init->ops; + if (dev && pm_runtime_enabled(dev)) core->dev = dev; if (dev && dev->driver) @@ -2746,6 +2752,7 @@ fail_parent_names_copy: kfree_const(core->parent_names[i]); kfree(core->parent_names); fail_parent_names: +fail_ops: kfree_const(core->name); fail_name: kfree(core);