diff options
| author | Franck LENORMAND <franck.lenormand@nxp.com> | 2020-09-09 09:24:55 +0200 |
|---|---|---|
| committer | Franck LENORMAND <franck.lenormand@nxp.com> | 2020-10-05 15:12:14 +0200 |
| commit | 44f8d7b44e86511f6c9b27f889667b4524e38b02 (patch) | |
| tree | 10a67c5635158168a8a1c8decb11ae11a3658203 /include | |
| parent | 63d6e48d13d3e223e31cb20f4e5255a3767fb603 (diff) | |
MLK-24759: fw: imx: scu: seco: Fix Align imx sc msg structs to 4
An error is detected by KASAN:
[ 3.579068] BUG: KASAN: stack-out-of-bounds in imx_mu_generic_tx+0xf8/0x1e0
[ 3.586048] Read of size 4 at addr ffff000010097914 by task swapper/0/1
[ 3.592674]
[ 3.594186] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.4.47-00127-gb7b4ad039c70-dirty #152
[ 3.602556] Hardware name: Freescale i.MX8DXL EVK (DT)
[ 3.607706] Call trace:
[ 3.610178] dump_backtrace+0x0/0x200
[ 3.613854] show_stack+0x14/0x20
[ 3.617189] dump_stack+0xf4/0x150
[ 3.620614] print_address_description.isra.9+0x6c/0x3b8
[ 3.625951] __kasan_report+0x12c/0x23c
[ 3.629806] kasan_report+0xc/0x18
[ 3.633230] __asan_load4+0x94/0xb8
[ 3.636744] imx_mu_generic_tx+0xf8/0x1e0
[ 3.640776] imx_mu_send_data+0x5c/0x70
[ 3.644637] msg_submit+0x128/0x1d0
[ 3.648152] mbox_send_message+0xb8/0x1c8
[ 3.652180] imx_scu_ipc_write+0x94/0x138
[ 3.656205] imx_scu_call_rpc+0x160/0x308
[ 3.660241] imx_sc_rm_get_resource_owner+0x94/0xf0
[ 3.665139] seco_mu_probe+0x10c/0x638
[ 3.668914] platform_drv_probe+0x70/0xd8
[ 3.672945] really_probe+0x174/0x478
[ 3.676626] driver_probe_device+0x7c/0x148
[ 3.680832] device_driver_attach+0x94/0xa0
[ 3.685035] __driver_attach+0xa4/0x110
[ 3.688893] bus_for_each_dev+0xe8/0x158
[ 3.692839] driver_attach+0x30/0x40
[ 3.696432] bus_add_driver+0x234/0x2f0
[ 3.700292] driver_register+0xbc/0x1d0
[ 3.704155] __platform_driver_register+0x7c/0x88
[ 3.708889] seco_mu_driver_init+0x18/0x20
[ 3.713009] do_one_initcall+0xb4/0x254
[ 3.716870] kernel_init_freeable+0x24c/0x2f8
[ 3.721256] kernel_init+0x10/0x118
[ 3.724761] ret_from_fork+0x10/0x18
[ 3.728346]
[ 3.729844] The buggy address belongs to the page:
[ 3.734658] page:fffffe00002025c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 3.742943] flags: 0xffff00000000000()
[ 3.746728] raw: 0ffff00000000000 fffffe00002025c8 fffffe00002025c8 0000000000000000
[ 3.754506] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 3.762267] page dumped because: kasan: bad access detected
[ 3.767850]
[ 3.769354] addr ffff000010097914 is located in stack of task swapper/0/1 at offset 36 in frame:
[ 3.778162] imx_sc_rm_get_resource_owner+0x0/0xf0
[ 3.782970]
[ 3.784472] this frame has 1 object:
[ 3.788065] [32, 38) 'msg'
[ 3.788070]
[ 3.792358] Memory state around the buggy address:
[ 3.797174] ffff000010097800: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 f3 f3
[ 3.804419] ffff000010097880: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 3.811666] >ffff000010097900: f1 f1 06 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[ 3.818899] ^
[ 3.822669] ffff000010097980: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2
[ 3.829914] ffff000010097a00: f2 f2 f2 f2 f2 f2 04 f2 f2 f2 00 00 00 00 00 00
[ 3.837151] ==================================================================
It happens because some structure are not packed as expected by the communication
protocol with the SCFW:
- imx_sc_msg_seco_get_build_id
- imx_sc_msg_seco_sab_msg
This patch adds the tag "__packed __aligned(4)" to enforce
the 4 byte alignment of the structures by the compiler
Fixes: 2ccb9a596aab (SSI-87: firmware: imx: Add APIs required for secvio)
Fixes: 9edf1255f89b (LF-824: fw: imx: scu: Add SECO API)
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Reviewed-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions