When multiple dtcs share the same IRQ number, the irq_friend which
used to refer to dtc object gets calculated incorrect which leads
to invalid pointer.
Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver")
Signed-off-by: Tuan Phan <[email protected]>
---
drivers/perf/arm-cmn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c
index 56a5c35..49016f2 100644
--- a/drivers/perf/arm-cmn.c
+++ b/drivers/perf/arm-cmn.c
@@ -1212,7 +1212,7 @@ static int arm_cmn_init_irqs(struct arm_cmn *cmn)
irq = cmn->dtc[i].irq;
for (j = i; j--; ) {
if (cmn->dtc[j].irq == irq) {
- cmn->dtc[j].irq_friend = j - i;
+ cmn->dtc[j].irq_friend = i - j;
goto next;
}
}
--
2.7.4
On 2021-06-17 17:08, Tuan Phan wrote:
> When multiple dtcs share the same IRQ number, the irq_friend which
> used to refer to dtc object gets calculated incorrect which leads
> to invalid pointer.
Oops, indeed this is supposed to be a forward offset *from* the previous
match *to* the current dtc. It's almost as if I never managed to test
it... :)
Reviewed-by: Robin Murphy <[email protected]>
> Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver")
>
> Signed-off-by: Tuan Phan <[email protected]>
> ---
> drivers/perf/arm-cmn.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c
> index 56a5c35..49016f2 100644
> --- a/drivers/perf/arm-cmn.c
> +++ b/drivers/perf/arm-cmn.c
> @@ -1212,7 +1212,7 @@ static int arm_cmn_init_irqs(struct arm_cmn *cmn)
> irq = cmn->dtc[i].irq;
> for (j = i; j--; ) {
> if (cmn->dtc[j].irq == irq) {
> - cmn->dtc[j].irq_friend = j - i;
> + cmn->dtc[j].irq_friend = i - j;
> goto next;
> }
> }
>
On Thu, 17 Jun 2021 09:08:49 -0700, Tuan Phan wrote:
> When multiple dtcs share the same IRQ number, the irq_friend which
> used to refer to dtc object gets calculated incorrect which leads
> to invalid pointer.
>
> Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver")
Applied to will (for-next/perf), thanks!
[1/1] perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same IRQ number
https://git.kernel.org/will/c/4e16f283edc2
Cheers,
--
Will
https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev