5ec3444c83
qcom_scm_call_atomic1() can crash with a NULL pointer dereference at qcom_scm_call_atomic1+0x30/0x48. disassembly of qcom_scm_call_atomic1(): ... <0xc08d73b0 <+12>: ldr r3, [r12] ... (no instruction explicitly modifies r12) 0xc08d73cc <+40>: smc 0 ... (no instruction explicitly modifies r12) 0xc08d73d4 <+48>: ldr r3, [r12] <- crashing instruction ... Since the first ldr is successful, and since r12 isn't explicitly modified by any instruction between the first and the second ldr, it must have been modified by the smc call, which is ok, since r12 is caller save according to the AAPCS. Add r12 to the clobber list so that the compiler knows that the callee potentially overwrites the value in r12. Clobber descriptions may not in any way overlap with an input or output operand. Signed-off-by: Niklas Cassel <niklas.cassel@linaro.org> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Reviewed-by: Stephen Boyd <sboyd@kernel.org> Signed-off-by: Andy Gross <andy.gross@linaro.org> |
||
|---|---|---|
| .. | ||
| arm_scmi | ||
| broadcom | ||
| efi | ||
| meson | ||
| tegra | ||
| Kconfig | ||
| Makefile | ||
| arm_scpi.c | ||
| arm_sdei.c | ||
| dcdbas.c | ||
| dcdbas.h | ||
| dell_rbu.c | ||
| dmi-id.c | ||
| dmi-sysfs.c | ||
| dmi_scan.c | ||
| edd.c | ||
| iscsi_ibft.c | ||
| iscsi_ibft_find.c | ||
| memmap.c | ||
| pcdp.c | ||
| pcdp.h | ||
| psci.c | ||
| psci_checker.c | ||
| qcom_scm-32.c | ||
| qcom_scm-64.c | ||
| qcom_scm.c | ||
| qcom_scm.h | ||
| qemu_fw_cfg.c | ||
| raspberrypi.c | ||
| scpi_pm_domain.c | ||
| ti_sci.c | ||
| ti_sci.h | ||