* [PATCH master 2/5] net: dsa: realtek: mdio: fix out-of-bounds memory write
2023-03-07 10:14 [PATCH master 1/5] net: dsa: realtek: rtl8365mb: add missing new line to log print Ahmad Fatoum
@ 2023-03-07 10:14 ` Ahmad Fatoum
2023-03-07 10:14 ` [PATCH master 3/5] crypto: caam - pbl-init: fix null pointer check Ahmad Fatoum
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Ahmad Fatoum @ 2023-03-07 10:14 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
The SMI Realtek driver takes care of chip_data_sz as expected, but the
MDIO driver doesn't, leading to memory corruption. Fix this.
This issue is also present in the original Linux driver and will be fixed
there as well.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
drivers/net/realtek-dsa/realtek-mdio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/realtek-dsa/realtek-mdio.c b/drivers/net/realtek-dsa/realtek-mdio.c
index 7c26841d2fac..8b32c3cf539e 100644
--- a/drivers/net/realtek-dsa/realtek-mdio.c
+++ b/drivers/net/realtek-dsa/realtek-mdio.c
@@ -119,7 +119,7 @@ static int realtek_mdio_probe(struct phy_device *mdiodev)
if (!var)
return -EINVAL;
- priv = kzalloc(sizeof(*priv), GFP_KERNEL);
+ priv = kzalloc(sizeof(*priv) + var->chip_data_sz, GFP_KERNEL);
if (!priv)
return -ENOMEM;
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH master 3/5] crypto: caam - pbl-init: fix null pointer check
2023-03-07 10:14 [PATCH master 1/5] net: dsa: realtek: rtl8365mb: add missing new line to log print Ahmad Fatoum
2023-03-07 10:14 ` [PATCH master 2/5] net: dsa: realtek: mdio: fix out-of-bounds memory write Ahmad Fatoum
@ 2023-03-07 10:14 ` Ahmad Fatoum
2023-03-07 10:14 ` [PATCH master 4/5] ARM: i.MX8M: silence warning accessing bootrom log in zero page Ahmad Fatoum
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Ahmad Fatoum @ 2023-03-07 10:14 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
struct jr_data_st::desc is an array, so g_jrdata->desc will never be
NULL. Fix the check to instead compare g_jrdata against NULL.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
drivers/crypto/caam/pbl-init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/caam/pbl-init.c b/drivers/crypto/caam/pbl-init.c
index 3bc6cfaaeea1..08fad4525a21 100644
--- a/drivers/crypto/caam/pbl-init.c
+++ b/drivers/crypto/caam/pbl-init.c
@@ -331,7 +331,7 @@ static int do_instantiation(struct caam_job_ring __iomem *jr,
u32 ent_delay;
u32 status;
- if (!g_jrdata->desc) {
+ if (!g_jrdata) {
pr_err("descriptor allocation failed\n");
return -ENODEV;
}
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH master 4/5] ARM: i.MX8M: silence warning accessing bootrom log in zero page
2023-03-07 10:14 [PATCH master 1/5] net: dsa: realtek: rtl8365mb: add missing new line to log print Ahmad Fatoum
2023-03-07 10:14 ` [PATCH master 2/5] net: dsa: realtek: mdio: fix out-of-bounds memory write Ahmad Fatoum
2023-03-07 10:14 ` [PATCH master 3/5] crypto: caam - pbl-init: fix null pointer check Ahmad Fatoum
@ 2023-03-07 10:14 ` Ahmad Fatoum
2023-03-07 10:14 ` [PATCH master 5/5] ARM: i.MX8M: fix outdated comment about imx-atf Ahmad Fatoum
2023-03-09 10:50 ` [PATCH master 1/5] net: dsa: realtek: rtl8365mb: add missing new line to log print Sascha Hauer
4 siblings, 0 replies; 6+ messages in thread
From: Ahmad Fatoum @ 2023-03-07 10:14 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
We don't compile with --param=min-pagesize=0, so GCC will complain about
dereference of (void *)0x9e0, even if done through a volatile pointer.
We know this to be okay, because either we run in PBL before MMU is set
up or we run in barebox proper and zero_page_access() will be
temporarily disabling trapping by the null page. Thus hide the access
from the compiler to silence the warning.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
arch/arm/mach-imx/romapi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-imx/romapi.c b/arch/arm/mach-imx/romapi.c
index 0936c855fd03..b241e633ea01 100644
--- a/arch/arm/mach-imx/romapi.c
+++ b/arch/arm/mach-imx/romapi.c
@@ -57,10 +57,13 @@ int imx8mn_bootrom_load_image(void)
const u32 *imx8m_get_bootrom_log(void)
{
if (current_el() == 3) {
+ ulong *rom_log_addr_offset = (void *)0x9e0;
ulong rom_log_addr;
+ OPTIMIZER_HIDE_VAR(rom_log_addr_offset);
+
zero_page_access();
- rom_log_addr = readl(IOMEM(0x9e0));
+ rom_log_addr = *rom_log_addr_offset;
zero_page_faulting();
if (rom_log_addr < MX8M_OCRAM_BASE_ADDR ||
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH master 5/5] ARM: i.MX8M: fix outdated comment about imx-atf
2023-03-07 10:14 [PATCH master 1/5] net: dsa: realtek: rtl8365mb: add missing new line to log print Ahmad Fatoum
` (2 preceding siblings ...)
2023-03-07 10:14 ` [PATCH master 4/5] ARM: i.MX8M: silence warning accessing bootrom log in zero page Ahmad Fatoum
@ 2023-03-07 10:14 ` Ahmad Fatoum
2023-03-09 10:50 ` [PATCH master 1/5] net: dsa: realtek: rtl8365mb: add missing new line to log print Sascha Hauer
4 siblings, 0 replies; 6+ messages in thread
From: Ahmad Fatoum @ 2023-03-07 10:14 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
barebox documentation itself suggests using upstream TF-A, so drop this
outdated comment.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
arch/arm/mach-imx/atf.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/arch/arm/mach-imx/atf.c b/arch/arm/mach-imx/atf.c
index 2a3e3f53b885..5cc568fcc4e6 100644
--- a/arch/arm/mach-imx/atf.c
+++ b/arch/arm/mach-imx/atf.c
@@ -20,20 +20,13 @@
* This function:
*
* 1. Copies built-in BL31 blob to an address i.MX8M's BL31
- * expects to be placed
+ * expects to be placed (TF-A v2.8+ is position-independent)
*
* 2. Sets up temporary stack pointer for EL2, which is execution
* level that BL31 will drop us off at after it completes its
* initialization routine
*
* 3. Transfers control to BL31
- *
- * NOTE: This function expects NXP's implementation of ATF that can be
- * found at:
- * https://source.codeaurora.org/external/imx/imx-atf
- *
- * any other implementation may or may not work
- *
*/
static __noreturn void imx8m_atf_start_bl31(const void *fw, size_t fw_size, void *atf_dest)
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH master 1/5] net: dsa: realtek: rtl8365mb: add missing new line to log print
2023-03-07 10:14 [PATCH master 1/5] net: dsa: realtek: rtl8365mb: add missing new line to log print Ahmad Fatoum
` (3 preceding siblings ...)
2023-03-07 10:14 ` [PATCH master 5/5] ARM: i.MX8M: fix outdated comment about imx-atf Ahmad Fatoum
@ 2023-03-09 10:50 ` Sascha Hauer
4 siblings, 0 replies; 6+ messages in thread
From: Sascha Hauer @ 2023-03-09 10:50 UTC (permalink / raw)
To: Ahmad Fatoum; +Cc: barebox
On Tue, Mar 07, 2023 at 11:14:42AM +0100, Ahmad Fatoum wrote:
> Line should normally not show up, but when it does, have it look nice.
>
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> drivers/net/realtek-dsa/rtl8365mb.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied, thanks
Sascha
>
> diff --git a/drivers/net/realtek-dsa/rtl8365mb.c b/drivers/net/realtek-dsa/rtl8365mb.c
> index 8f7d122da28f..1f11ed4ed4bc 100644
> --- a/drivers/net/realtek-dsa/rtl8365mb.c
> +++ b/drivers/net/realtek-dsa/rtl8365mb.c
> @@ -1216,7 +1216,7 @@ static int rtl8365mb_detect(struct realtek_priv *priv)
>
> if (!mb->chip_info) {
> dev_err(priv->dev,
> - "unrecognized switch (id=0x%04x, ver=0x%04x)", chip_id,
> + "unrecognized switch (id=0x%04x, ver=0x%04x)\n", chip_id,
> chip_ver);
> return -ENODEV;
> }
> --
> 2.30.2
>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 6+ messages in thread