)]}'
{
  "commit": "6e4bf018bb040955da53dae9f8628ef8fcec2dbe",
  "tree": "b159101a865f767d5becbbb401d75201e6e78dc3",
  "parents": [
    "e7b012cb4db7253d186fd485ab07c7346c645dab"
  ],
  "author": {
    "name": "Gustavo A. R. Silva",
    "email": "gustavoars@kernel.org",
    "time": "Thu Nov 14 16:49:21 2024 -0600"
  },
  "committer": {
    "name": "Stephen Boyd",
    "email": "sboyd@kernel.org",
    "time": "Mon Nov 18 19:51:27 2024 -0800"
  },
  "message": "clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider\n\nSome heap space is allocated for the flexible structure `struct\nclk_hw_onecell_data` and its flexible-array member `hws` through\nthe composite structure `struct loongson2_clk_provider` in function\n`loongson2_clk_probe()`, as shown below:\n\n289         struct loongson2_clk_provider *clp;\n\t...\n296         for (p \u003d data; p-\u003ename; p++)\n297                 clks_num++;\n298\n299         clp \u003d devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num),\n300                            GFP_KERNEL);\n\nThen some data is written into the flexible array:\n\n350                 clp-\u003eclk_data.hws[p-\u003eid] \u003d hw;\n\nThis corrupts `clk_lock`, which is the spinlock variable immediately\nfollowing the `clk_data` member in `struct loongson2_clk_provider`:\n\nstruct loongson2_clk_provider {\n\tvoid __iomem *base;\n\tstruct device *dev;\n\tstruct clk_hw_onecell_data clk_data;\n\tspinlock_t clk_lock;\t/* protect access to DIV registers */\n};\n\nThe problem is that the flexible structure is currently placed in the\nmiddle of `struct loongson2_clk_provider` instead of at the end.\n\nFix this by moving `struct clk_hw_onecell_data clk_data;` to the end of\n`struct loongson2_clk_provider`. Also, add a code comment to help\nprevent this from happening again in case new members are added to the\nstructure in the future.\n\nThis change also fixes the following -Wflex-array-member-not-at-end\nwarning:\n\ndrivers/clk/clk-loongson2.c:32:36: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]\n\nFixes: 9796ec0bd04b (\"clk: clk-loongson2: Refactor driver for adding new platforms\")\nCc: stable@vger.kernel.org\nSigned-off-by: Gustavo A. R. Silva \u003cgustavoars@kernel.org\u003e\nLink: https://lore.kernel.org/r/ZzZ-cd_EFXs6qFaH@kspp\nSigned-off-by: Stephen Boyd \u003csboyd@kernel.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "820bb1e9e3b79aa4a317ece6708b039dc5e8d469",
      "old_mode": 33188,
      "old_path": "drivers/clk/clk-loongson2.c",
      "new_id": "e99ba79feec6251be8b915cc3dc69304fe590ff9",
      "new_mode": 33188,
      "new_path": "drivers/clk/clk-loongson2.c"
    }
  ]
}