MLK-24759: fw: imx: scu: rm: Fix Align imx sc msg structs to 4
An error is detected by KASAN:
[ 3.579068] BUG: KASAN: stack-out-of-bounds in imx_mu_generic_tx+0xf8/0x1e0
[ 3.586048] Read of size 4 at addr ffff000010097914 by task swapper/0/1
[ 3.592674]
[ 3.594186] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.4.47-00127-gb7b4ad039c70-dirty #152
[ 3.602556] Hardware name: Freescale i.MX8DXL EVK (DT)
[ 3.607706] Call trace:
[ 3.610178] dump_backtrace+0x0/0x200
[ 3.613854] show_stack+0x14/0x20
[ 3.617189] dump_stack+0xf4/0x150
[ 3.620614] print_address_description.isra.9+0x6c/0x3b8
[ 3.625951] __kasan_report+0x12c/0x23c
[ 3.629806] kasan_report+0xc/0x18
[ 3.633230] __asan_load4+0x94/0xb8
[ 3.636744] imx_mu_generic_tx+0xf8/0x1e0
[ 3.640776] imx_mu_send_data+0x5c/0x70
[ 3.644637] msg_submit+0x128/0x1d0
[ 3.648152] mbox_send_message+0xb8/0x1c8
[ 3.652180] imx_scu_ipc_write+0x94/0x138
[ 3.656205] imx_scu_call_rpc+0x160/0x308
[ 3.660241] imx_sc_rm_get_resource_owner+0x94/0xf0
[ 3.665139] seco_mu_probe+0x10c/0x638
[ 3.668914] platform_drv_probe+0x70/0xd8
[ 3.672945] really_probe+0x174/0x478
[ 3.676626] driver_probe_device+0x7c/0x148
[ 3.680832] device_driver_attach+0x94/0xa0
[ 3.685035] __driver_attach+0xa4/0x110
[ 3.688893] bus_for_each_dev+0xe8/0x158
[ 3.692839] driver_attach+0x30/0x40
[ 3.696432] bus_add_driver+0x234/0x2f0
[ 3.700292] driver_register+0xbc/0x1d0
[ 3.704155] __platform_driver_register+0x7c/0x88
[ 3.708889] seco_mu_driver_init+0x18/0x20
[ 3.713009] do_one_initcall+0xb4/0x254
[ 3.716870] kernel_init_freeable+0x24c/0x2f8
[ 3.721256] kernel_init+0x10/0x118
[ 3.724761] ret_from_fork+0x10/0x18
[ 3.728346]
[ 3.729844] The buggy address belongs to the page:
[ 3.734658] page:fffffe00002025c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 3.742943] flags: 0xffff00000000000()
[ 3.746728] raw: 0ffff00000000000 fffffe00002025c8 fffffe00002025c8 0000000000000000
[ 3.754506] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 3.762267] page dumped because: kasan: bad access detected
[ 3.767850]
[ 3.769354] addr ffff000010097914 is located in stack of task swapper/0/1 at offset 36 in frame:
[ 3.778162] imx_sc_rm_get_resource_owner+0x0/0xf0
[ 3.782970]
[ 3.784472] this frame has 1 object:
[ 3.788065] [32, 38) 'msg'
[ 3.788070]
[ 3.792358] Memory state around the buggy address:
[ 3.797174] ffff000010097800: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 f3 f3
[ 3.804419] ffff000010097880: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 3.811666] >ffff000010097900: f1 f1 06 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[ 3.818899] ^
[ 3.822669] ffff000010097980: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2
[ 3.829914] ffff000010097a00: f2 f2 f2 f2 f2 f2 04 f2 f2 f2 00 00 00 00 00 00
[ 3.837151] ==================================================================
It happens because some structure are not packed as expected by the communication
protocol with the SCFW:
- imx_sc_msg_rm_get_resource_owner
- imx_sc_msg_rm_find_memreg
This patch adds the tag "__packed __aligned(4)" to enforce
the 4 byte alignment of the structures by the compiler
Fixes: 10237c7bcb (LF-824: fw: imx: scu: Add missing APIs)
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Reviewed-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
This commit is contained in:
Franck LENORMAND
parent
02dee426f9
commit
63d6e48d13
|
|
@ -53,7 +53,7 @@ struct imx_sc_msg_misc_find_memreg {
|
|||
u8 val;
|
||||
} resp;
|
||||
} data;
|
||||
};
|
||||
} __packed __aligned(4);
|
||||
|
||||
int imx_sc_rm_find_memreg(struct imx_sc_ipc *ipc, u8 *mr, u64 addr_start,
|
||||
u64 addr_end)
|
||||
|
|
@ -93,7 +93,7 @@ struct imx_sc_msg_misc_get_resource_owner {
|
|||
u8 val;
|
||||
} resp;
|
||||
} data;
|
||||
};
|
||||
} __packed __aligned(4);
|
||||
|
||||
int imx_sc_rm_get_resource_owner(struct imx_sc_ipc *ipc, u16 resource, u8 *pt)
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue