Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp3311848rdh;
        Mon, 27 Nov 2023 10:53:16 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGm++mosNepDzmqAJC9jMAd7CU72wkRvSqopUMnhpjx9Yw18M7y0g8u5PMc29z29PDoMpMi
X-Received: by 2002:a9d:4815:0:b0:6c4:d08c:6a2 with SMTP id c21-20020a9d4815000000b006c4d08c06a2mr13684592otf.9.1701111196146;
        Mon, 27 Nov 2023 10:53:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701111196; cv=none;
        d=google.com; s=arc-20160816;
        b=MFXNFhg/5AGi5F5eYWQ1o/Kgfm/gvIHKWmEdfZup42WH2OKJTq2Xl5g3MXeYJCmY6E
         WBKwUki6gTh0jMJuDaBIExcRtpjjr8LfyMHlppLpYSyiC3JDMwouVnaDDvfDZJNeu3pG
         kH3w5BXR9oz59YCztbV77Mesh1mUUSgD3zExxnX8x2gRicv7DbejlFRf3QNidNAgUhlf
         Fb2364YUkFVdNCmDnQxu8IJ33Js6MhI9FCPYHz/l6kJlHZ6Jsh2aINdtfI0ig60gyzEJ
         RxkmfB8BXhCtx4e+OdArISwh/LPCsCCV9Pa5rU4nZPjouYudjZ1h6rM63jEpKq942If7
         D/+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=F2Q4KL5XqsixLYRzH3xkZ3cNbD12c5MZazjBgdL9AcU=;
        fh=lcgkX3gSKg+C9MFv8z2bC5+7VXMYhKxZwUwm9UN+Oww=;
        b=M++W6P4LZNNS5h+eUp/FY2DM85bxpMZo2lfFoSDsQzzKl2nrk8maQn9i2tLS0p2UYw
         kFfmVqOU+JnsnafunvwJMLIR2GjL1gGz3hE1R7V3OVccOX1XJ6XicP33O/+XxY6KzjxD
         DIy+IN+DYW+AAjsoxcrZsX/22CccJowjBu9lQFXdLmZDz0iZj3GKkTDKD4aLPeruzEPZ
         vivHm+ix/10J5y+TgZKrTdPwdG6bRMusBEjIr2pZc/UvA4aWZEIYqD/NXLjoAmFIEXby
         lD8byku7iySAESh9fMNRj6+A7VC1YaSnfN6Suqv2N1+iuWAPYx+5dkaH4hQaYQHs1iPG
         74Rw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="euPMm/T4";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1])
        by mx.google.com with ESMTPS id z4-20020a63e104000000b005be30c35ef7si10523367pgh.162.2023.11.27.10.52.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 27 Nov 2023 10:53:16 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="euPMm/T4";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by morse.vger.email (Postfix) with ESMTP id 243CA80E7099;
	Mon, 27 Nov 2023 10:52:57 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232386AbjK0Swm (ORCPT <rfc822;aaronngray.lists@gmail.com>
        + 99 others); Mon, 27 Nov 2023 13:52:42 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59144 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229531AbjK0Swl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Nov 2023 13:52:41 -0500
Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.31])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 02A54D53
        for <linux-kernel@vger.kernel.org>; Mon, 27 Nov 2023 10:52:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1701111168; x=1732647168;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=PPBIE6cpgWRt0aOkO4Ilhqr7AooU9+BSua75NG//P5Y=;
  b=euPMm/T4INzkfCXnvEo9+GiPf11tfhXi7I/0tvclFTq4Egflag4VZ0Y+
   oMk46sjAfRJ5kwhThtcY4kwHtiN6t9ieUxE0Nn+VIKCgaOayy64hzWiHz
   KNwIO+TEcGLfPIk5QdJFPPcQKtuNx8cL/G3vl1tJyLmbln3f1KdyaBQjM
   r+rRNwOClJB8ffN4BzyhOYeiJAbHXqah5SrR14t/wYwmDqxt8+pCPMOgG
   yFM0qgH/nS8PtnF/btXjlj55bgx1uOul0oCHAGsDTeY8dH+R8RFNwKi0k
   Q6gAgkuxlREzZoAhDU69r9mWomjilHxvkgio8uf39W4HlQ/A13thCp9TO
   Q==;
X-IronPort-AV: E=McAfee;i="6600,9927,10907"; a="457099426"
X-IronPort-AV: E=Sophos;i="6.04,231,1695711600"; 
   d="scan'208";a="457099426"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Nov 2023 10:52:47 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10907"; a="772021665"
X-IronPort-AV: E=Sophos;i="6.04,231,1695711600"; 
   d="scan'208";a="772021665"
Received: from jfdev013vml03.jf.intel.com ([10.165.161.72])
  by fmsmga007.fm.intel.com with ESMTP; 27 Nov 2023 10:52:47 -0800
From:   alexander.antonov@linux.intel.com
To:     peterz@infradead.org, linux-kernel@vger.kernel.org
Cc:     kan.liang@linux.intel.com, kyle.meyer@hpe.com,
        alexey.v.bayduraev@linux.intel.com,
        alexander.antonov@linux.intel.com
Subject: [PATCH v2 0/2] Fix NULL pointer dereference issue during discovering UPI topology
Date:   Mon, 27 Nov 2023 10:52:44 -0800
Message-Id: <20231127185246.2371939-1-alexander.antonov@linux.intel.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 27 Nov 2023 10:52:57 -0800 (PST)

From: Alexander Antonov <alexander.antonov@linux.intel.com>

The NULL dereference happens inside upi_fill_topology() procedure in
case of disabling one of the sockets on the system.

For example, if you disable the 2nd socket on a 4-socket system then
uncore_max_dies() returns 3 and inside pmu_alloc_topology() memory will
be allocated only for 3 sockets and stored in type->topology.
In discover_upi_topology() memory is accessed by socket id from CPUNODEID
registers which contain physical ids (from 0 to 3) and on the line:

    upi = &type->topology[nid][idx];

out-of-bound access will happen and the 'upi' pointer will be passed to
upi_fill_topology() where it will be dereferenced.

To avoid this issue update the code to convert physical socket id to
logical socket id in discover_upi_topology() before accessing memory.

Changed in v2:
 1. Factor out topology_gidnid_map() with common code for GIDNIDMAP procedure

Alexander Antonov (2):
  perf/x86/intel/uncore: Fix NULL pointer dereference issue in
    upi_fill_topology()
  perf/x86/intel/uncore: Factor out topology_gidnid_map()

 arch/x86/events/intel/uncore_snbep.c | 71 ++++++++++++++++------------
 1 file changed, 40 insertions(+), 31 deletions(-)

-- 
2.25.1