| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <75b00815-32e3-4489-9494-438825dd0af2@roeck-us.net>
Date: Mon, 15 Dec 2025 15:18:37 -0800
From: Guenter Roeck <linux@...ck-us.net>
To: Stephen Eta Zhou <stephen.eta.zhou@...il.com>
Cc: Daniel Lezcano <daniel.lezcano@...aro.org>,
Thomas Gleixner <tglx@...utronix.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] clocksource: timer-sp804: Fix read_current_timer()
issue when clock source is not registered
On Sun, May 25, 2025 at 04:43:28PM +0800, Stephen Eta Zhou wrote:
> Register a valid read_current_timer() function for the
> SP804 timer on ARM32.
>
> On ARM32 platforms, when the SP804 timer is selected as the clocksource,
> the driver does not register a valid read_current_timer() function.
> As a result, features that rely on this API—such as rdseed—consistently
> return incorrect values.
>
> To fix this, a delay_timer structure is registered during the SP804
> driver's initialization. The read_current_timer() function is implemented
> using the existing sp804_read() logic, and the timer frequency is reused
> from the already-initialized clocksource.
>
> Signed-off-by: Stephen Eta Zhou <stephen.eta.zhou@...il.com>
This patch results in a crash when trying to boot integratorcp in qemu.
8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 0000000c when read
[0000000c] *pgd=00000000
Internal error: Oops: 5 [#1] ARM
Modules linked in:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.19.0-rc1 #1 PREEMPT
Hardware name: ARM Integrator/CP (Device Tree)
PC is at sp804_read_delay_timer_read+0x8/0x1c
LR is at read_current_timer+0x24/0x44
pc : [<c0af98d0>] lr : [<c0cd9010>] psr: a00001d3
sp : c1211fa0 ip : c0dfd818 fp : 00000000
r10: 000003e6 r9 : c10080f8 r8 : 00000000
r7 : c1217940 r6 : c6fffe60 r5 : c11ad510 r4 : c1211fb0
r3 : 00000000 r2 : 00000000 r1 : ffffffff r0 : c1211fb0
Flags: NzCv IRQs off FIQs off Mode SVC_32 ISA ARM Segment none
Control: 00093177 Table: 00004000 DAC: 00000053
Register r0 information: non-slab/vmalloc memory
Register r1 information: non-paged memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: non-slab/vmalloc memory
Register r5 information: non-slab/vmalloc memory
Register r6 information: 0-page vmalloc region starting at 0xc7000000 allocated at iotable_init+0x0/0xc4
Register r7 information: non-slab/vmalloc memory
Register r8 information: NULL pointer
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-paged memory
Register r11 information: NULL pointer
Register r12 information: non-slab/vmalloc memory
Process swapper/0 (pid: 0, stack limit = 0xc1210000)
Stack: (0xc1211fa0 to 0xc1212000)
1fa0: c1324000 c11d8708 00000000 c121794c c1324000 c11ad510 c6fffe60 c121794c
1fc0: 00000000 c1324000 c11ad510 c11adf28 ffffffff ffffffff 00000000 c11ad57c
1fe0: c11eca2c c121794c 00000000 00000113 00000000 00000000 00000000 00000000
Call trace:
sp804_read_delay_timer_read from read_current_timer+0x24/0x44
This is not surprising since sp804_read_delay_timer_read() calls
sp804_read() which dereferences sched_clkevt. sched_clkevt is not
initialized for integratorcp.
static int __init sp804_clocksource_and_sched_clock_init(void __iomem *base,
const char *name,
struct clk *clk,
int use_sched_clock)
{
...
if (use_sched_clock) {
sched_clkevt = clkevt;
sched_clock_register(sp804_read, 32, rate);
}
...
static int __init integrator_cp_of_init(struct device_node *np)
{
...
ret = sp804_clocksource_and_sched_clock_init(base,
name, clk, 0);
^
Guenter
Powered by blists - more mailing lists