2021-06-17 16:32:57

by Tuan Phan

[permalink] [raw]
Subject: [PATCH] perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same IRQ number

When multiple dtcs share the same IRQ number, the irq_friend which
used to refer to dtc object gets calculated incorrect which leads
to invalid pointer.

Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver")

Signed-off-by: Tuan Phan <[email protected]>
---
drivers/perf/arm-cmn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c
index 56a5c35..49016f2 100644
--- a/drivers/perf/arm-cmn.c
+++ b/drivers/perf/arm-cmn.c
@@ -1212,7 +1212,7 @@ static int arm_cmn_init_irqs(struct arm_cmn *cmn)
irq = cmn->dtc[i].irq;
for (j = i; j--; ) {
if (cmn->dtc[j].irq == irq) {
- cmn->dtc[j].irq_friend = j - i;
+ cmn->dtc[j].irq_friend = i - j;
goto next;
}
}
--
2.7.4


2021-06-17 22:38:37

by Robin Murphy

[permalink] [raw]
Subject: Re: [PATCH] perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same IRQ number

On 2021-06-17 17:08, Tuan Phan wrote:
> When multiple dtcs share the same IRQ number, the irq_friend which
> used to refer to dtc object gets calculated incorrect which leads
> to invalid pointer.

Oops, indeed this is supposed to be a forward offset *from* the previous
match *to* the current dtc. It's almost as if I never managed to test
it... :)

Reviewed-by: Robin Murphy <[email protected]>

> Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver")
>
> Signed-off-by: Tuan Phan <[email protected]>
> ---
> drivers/perf/arm-cmn.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c
> index 56a5c35..49016f2 100644
> --- a/drivers/perf/arm-cmn.c
> +++ b/drivers/perf/arm-cmn.c
> @@ -1212,7 +1212,7 @@ static int arm_cmn_init_irqs(struct arm_cmn *cmn)
> irq = cmn->dtc[i].irq;
> for (j = i; j--; ) {
> if (cmn->dtc[j].irq == irq) {
> - cmn->dtc[j].irq_friend = j - i;
> + cmn->dtc[j].irq_friend = i - j;
> goto next;
> }
> }
>

2021-06-18 02:49:48

by Will Deacon

[permalink] [raw]
Subject: Re: [PATCH] perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same IRQ number

On Thu, 17 Jun 2021 09:08:49 -0700, Tuan Phan wrote:
> When multiple dtcs share the same IRQ number, the irq_friend which
> used to refer to dtc object gets calculated incorrect which leads
> to invalid pointer.
>
> Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver")

Applied to will (for-next/perf), thanks!

[1/1] perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same IRQ number
https://git.kernel.org/will/c/4e16f283edc2

Cheers,
--
Will

https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev