On Sun, Aug 15, 2021 at 01:55:14AM +0200, Linus Walleij wrote:
Since a few kernel releases the Pogoplug 4 has crashed like this during boot:
Unable to handle kernel NULL pointer dereference at virtual address 00000002 (...) [<c04116ec>] (strlen) from [<c00ead80>] (kstrdup+0x1c/0x4c) [<c00ead80>] (kstrdup) from [<c04591d8>] (__clk_register+0x44/0x37c) [<c04591d8>] (__clk_register) from [<c04595ec>] (clk_hw_register+0x20/0x44) [<c04595ec>] (clk_hw_register) from [<c045bfa8>] (__clk_hw_register_mux+0x198/0x1e4) [<c045bfa8>] (__clk_hw_register_mux) from [<c045c050>] (clk_register_mux_table+0x5c/0x6c) [<c045c050>] (clk_register_mux_table) from [<c0acf3e0>] (kirkwood_clk_muxing_setup.constprop.0+0x13c/0x1ac) [<c0acf3e0>] (kirkwood_clk_muxing_setup.constprop.0) from [<c0aceae0>] (of_clk_init+0x12c/0x214) [<c0aceae0>] (of_clk_init) from [<c0ab576c>] (time_init+0x20/0x2c) [<c0ab576c>] (time_init) from [<c0ab3d18>] (start_kernel+0x3dc/0x56c) [<c0ab3d18>] (start_kernel) from [<00000000>] (0x0) Code: e3130020 1afffffb e12fff1e c08a1078 (e5d03000)
This is because the "powersave" mux clock 0 was provided in an unterminated array, which is required by the loop in the driver:
/* Count, allocate, and register clock muxes */ for (n = 0; desc[n].name;) n++;Here n will go out of bounds and then call clk_register_mux() on random memory contents after the mux clock.
Fix this by terminating the array with a blank entry.
Fixes: 105299381d87 ("cpufreq: kirkwood: use the powersave multiplexer") Cc: stable@vger.kernel.org Cc: Andrew Lunn andrew@lunn.ch Cc: Chris Packham chris.packham@alliedtelesis.co.nz Cc: Gregory CLEMENT gregory.clement@bootlin.com Cc: Sebastian Hesselbarth sebastian.hesselbarth@gmail.com Signed-off-by: Linus Walleij linus.walleij@linaro.org
Thanks Linus
Reviewed-by: Andrew Lunn andrew@lunn.ch
Andrew