lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <AM9PR04MB88259A7792EA2022133F310FE2CCA@AM9PR04MB8825.eurprd04.prod.outlook.com>
Date: Wed, 12 Nov 2025 07:58:35 +0000
From: "Jan Petrous (OSS)" <jan.petrous@....nxp.com>
To: Jared Kangas <jkangas@...hat.com>, Aisheng Dong <aisheng.dong@....com>,
	Fabio Estevam <festevam@...il.com>, Shawn Guo <shawnguo@...nel.org>, Jacky
 Bai <ping.bai@....com>, Pengutronix Kernel Team <kernel@...gutronix.de>,
	dl-S32 <S32@....com>, Chester Lin <chester62515@...il.com>, Matthias Brugger
	<mbrugger@...e.com>, "Ghennadi Procopciuc (OSS)"
	<ghennadi.procopciuc@....nxp.com>, Linus Walleij <linus.walleij@...aro.org>,
	Bartosz Golaszewski <brgl@...ev.pl>
CC: "linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>,
	"linux-arm-kernel@...ts.infradead.org"
	<linux-arm-kernel@...ts.infradead.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>
Subject: RE: [EXT] [PATCH 1/2] pinctrl: s32cc: fix uninitialized memory in
 s32_pinctrl_desc

> 
> s32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its
> fields are initialized. Notably, num_custom_params is used in
> pinconf_generic_parse_dt_config(), resulting in intermittent allocation
> errors, such as the following splat when probing i2c-imx:
> 
>         WARNING: CPU: 0 PID: 176 at mm/page_alloc.c:4795
> __alloc_pages_noprof+0x290/0x300
>         [...]
>         Hardware name: NXP S32G3 Reference Design Board 3 (S32G-VNP-RDB3)
> (DT)
>         [...]
>         Call trace:
>          __alloc_pages_noprof+0x290/0x300 (P)
>          ___kmalloc_large_node+0x84/0x168
>          __kmalloc_large_node_noprof+0x34/0x120
>          __kmalloc_noprof+0x2ac/0x378
>          pinconf_generic_parse_dt_config+0x68/0x1a0
>          s32_dt_node_to_map+0x104/0x248
>          dt_to_map_one_config+0x154/0x1d8
>          pinctrl_dt_to_map+0x12c/0x280
>          create_pinctrl+0x6c/0x270
>          pinctrl_get+0xc0/0x170
>          devm_pinctrl_get+0x50/0xa0
>          pinctrl_bind_pins+0x60/0x2a0
>          really_probe+0x60/0x3a0
>         [...]
>          __platform_driver_register+0x2c/0x40
>          i2c_adap_imx_init+0x28/0xff8 [i2c_imx]
>         [...]
> 
> This results in later parse failures that can cause issues in dependent
> drivers:
> 
>         s32g-siul2-pinctrl 4009c240.pinctrl: /soc@...inctrl@...9c240/i2c0-
> pins/i2c0-grp0: could not parse node property
>         s32g-siul2-pinctrl 4009c240.pinctrl: /soc@...inctrl@...9c240/i2c0-
> pins/i2c0-grp0: could not parse node property
>         [...]
>         pca953x 0-0022: failed writing register: -6
>         i2c i2c-0: IMX I2C adapter registered
>         s32g-siul2-pinctrl 4009c240.pinctrl: /soc@...inctrl@...9c240/i2c2-
> pins/i2c2-grp0: could not parse node property
>         s32g-siul2-pinctrl 4009c240.pinctrl: /soc@...inctrl@...9c240/i2c2-
> pins/i2c2-grp0: could not parse node property
>         i2c i2c-1: IMX I2C adapter registered
>         s32g-siul2-pinctrl 4009c240.pinctrl: /soc@...inctrl@...9c240/i2c4-
> pins/i2c4-grp0: could not parse node property
>         s32g-siul2-pinctrl 4009c240.pinctrl: /soc@...inctrl@...9c240/i2c4-
> pins/i2c4-grp0: could not parse node property
>         i2c i2c-2: IMX I2C adapter registered
> 
> Fix this by initializing s32_pinctrl_desc with devm_kzalloc() instead of
> devm_kmalloc() in s32_pinctrl_probe(), which sets the previously
> uninitialized fields to zero.
> 
> Fixes: fd84aaa8173d ("pinctrl: add NXP S32 SoC family support")
> Signed-off-by: Jared Kangas <jkangas@...hat.com>
> ---
>  drivers/pinctrl/nxp/pinctrl-s32cc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/pinctrl/nxp/pinctrl-s32cc.c b/drivers/pinctrl/nxp/pinctrl-
> s32cc.c
> index
> 501eb296c76050aa05386c51ef6ae0f97d4c76c3..51ecb8d0fb7e8a203e10cbe9
> 65dfec308eaa5f30 100644
> --- a/drivers/pinctrl/nxp/pinctrl-s32cc.c
> +++ b/drivers/pinctrl/nxp/pinctrl-s32cc.c
> @@ -951,7 +951,7 @@ int s32_pinctrl_probe(struct platform_device *pdev,
>         spin_lock_init(&ipctl->gpio_configs_lock);
> 
>         s32_pinctrl_desc =
> -               devm_kmalloc(&pdev->dev, sizeof(*s32_pinctrl_desc),
> GFP_KERNEL);
> +               devm_kzalloc(&pdev->dev, sizeof(*s32_pinctrl_desc), GFP_KERNEL);
>         if (!s32_pinctrl_desc)
>                 return -ENOMEM;
> 
> 
> --
> 2.51.1

Thanks for the fix (I had it on my list too).

Tested-by: Jan Petrous (OSS) <jan.petrous@....nxp.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ