Received: by 2002:ab2:1c04:0:b0:1f7:53ba:1ebe with SMTP id f4csp74694lqg; Fri, 26 Apr 2024 09:07:20 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVcROeJuChuxLUu4GbzWWbfcCDP/RXl+dtvNdoF9538qjTehk/plzewJVhdvkHxVpYDlHiy0Io7f6M6+bSaHwfQbMsn4wW+iFKR4oyjFQ== X-Google-Smtp-Source: AGHT+IFkKYBTPGqKtsQuEqA9eMUTI1dWjzTZzNQfvrqjqXXx8gTlenj8eMf3EiROoij5qmktCkar X-Received: by 2002:a05:6a00:238b:b0:6e7:117:c5d5 with SMTP id f11-20020a056a00238b00b006e70117c5d5mr3835146pfc.23.1714147639408; Fri, 26 Apr 2024 09:07:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714147639; cv=pass; d=google.com; s=arc-20160816; b=iCdPaguowIEmMDc89mcs1y4GE18muy2T4m8eqFk23Tg1SMjQfQG4xTYAwo1rDnhX4U x92eNSowt+TqP6mSw0BMCpEm0ibT2RBP5KaD46bUl4+tfldVaVPBYPrduXxNImy6kG2E GlE5VQ3Oy5TuUmpt3e7v5mNZdSfsnVNQCZBeBa0U5gW+IqI8U+eZEM9XpmLUMuleXYyy Cq+f9BmwqrlGP9OiIT0JZJ8iszQrBZYwR4BKDCCtvhgV8yecc9x+fBwSIIoqXA0tXZMV io1w+vxascL22n/CM3/d8mPsQwBM6zC9UVYpAbjAv/rNkZZDPZG5lIJ9nSy3hZMYziC/ ZL8Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:organization:references :in-reply-to:message-id:subject:cc:to:from:date; bh=L/Z4fuMwDEz4mulJeo7ewq8AnIxhyl6l+3rFEaJuFis=; fh=ykgdrGlauQr5w1dxqQBySs3WkcLGF8Uw7oINJy4pk0A=; b=qGyqV/IqeAeBmjtOtFReO0IKpv0lTa+dXBFHvE13aoHuNdglMOlBKGe0Lrp1rZWv8q JEiNzMbQH6OH0IFYw246bblhgkfZErj9s2iAczitli+nFmiZue/m3fIAD565c5vwSbD2 6kT6zrKr8A9zefAl1LBFDwy/RkqI1fGnKyfHn03bMG3+NtJrbuB3TggJovvGr2mrMOzX UxsR+DANEeFr1C7WKCGZvQOYXl05Utq1+X2Ke06q/gwWNEOZiiLEkNWO7QD5+dGL02sY efn3fdUKlNW9lClyA+BQ4XXmj2ubYOdk/ti5h0IH7clv7rAJcfR3+uOZ6vLGlXYg2s91 Sdrg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-kernel+bounces-160315-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-160315-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id t23-20020a656097000000b005fd0a5cc54bsi10966386pgu.220.2024.04.26.09.07.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Apr 2024 09:07:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-160315-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-kernel+bounces-160315-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-160315-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 92A05B2160C for ; Fri, 26 Apr 2024 15:41:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E9AA4149C73; Fri, 26 Apr 2024 15:41:35 +0000 (UTC) Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC55F1DFFC for ; Fri, 26 Apr 2024 15:41:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.176.79.56 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714146095; cv=none; b=SAnA/eZQ56PthaTp0ZhyZozblCPwq9t4y9cp4UFmvcnLOTDAB3WP88p0dZufnzCEnnCwfVskxuBQLVkkSBmCuDgHXC3kBk0RmBn70NmnN0QL2Ex92JV6cqmva3tOHj3u2ic4UNVubmOnDO/qeHIffWuIEyDwLcZjOX1UAyNarGo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714146095; c=relaxed/simple; bh=akSXuCsPICaiLz3ncjvxcTIZY/ePkkrqw52xd8vA6sY=; h=Date:From:To:CC:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Rc+j7pOba7us56ikMMdNPMlbm7f8U6diootEnYqfo/wXpScwKLemp+6jW25lYi7eUGHPFvH2jUwkOIV55etEB65ASih1w7MkRmEg9Kg3yCMT3GqiSXT7iGnm4kvyYWaTxAwo3awGU6W1AU4Ad4TF8z+QfJ9ufLTOr4DojeV33Ek= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=Huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=185.176.79.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=Huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.18.186.231]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4VQxlg3jhlz6DBLt; Fri, 26 Apr 2024 23:41:19 +0800 (CST) Received: from lhrpeml500005.china.huawei.com (unknown [7.191.163.240]) by mail.maildlp.com (Postfix) with ESMTPS id 46A21140A36; Fri, 26 Apr 2024 23:41:31 +0800 (CST) Received: from localhost (10.202.227.76) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Fri, 26 Apr 2024 16:41:30 +0100 Date: Fri, 26 Apr 2024 16:41:29 +0100 From: Jonathan Cameron To: Junhao He CC: , , , , , , , Subject: Re: [PATCH 2/3] drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group Message-ID: <20240426164129.00004b37@Huawei.com> In-Reply-To: <20240425124627.13764-3-hejunhao3@huawei.com> References: <20240425124627.13764-1-hejunhao3@huawei.com> <20240425124627.13764-3-hejunhao3@huawei.com> Organization: Huawei Technologies Research and Development (UK) Ltd. X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-ClientProxiedBy: lhrpeml100002.china.huawei.com (7.191.160.241) To lhrpeml500005.china.huawei.com (7.191.163.240) On Thu, 25 Apr 2024 20:46:26 +0800 Junhao He wrote: > The perf tool allows users to create event groups through following > cmd [1], but the driver does not check whether the array index is out > of bounds when writing data to the event_group array. If the number of > events in an event_group is greater than HNS3_PMU_MAX_HW_EVENTS, the > memory write overflow of event_group array occurs. > > Add array index check to fix the possible array out of bounds violation, > and return directly when write new events are written to array bounds. > > There are 9 different events in an event_group. > [1] perf stat -e '{pmu/event1/, ... ,pmu/event9/} > > Fixes: 66637ab137b4 ("drivers/perf: hisi: add driver for HNS3 PMU") > Signed-off-by: Junhao He > Signed-off-by: Hao Chen Acked-by: Jonathan Cameron > --- > drivers/perf/hisilicon/hns3_pmu.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > > diff --git a/drivers/perf/hisilicon/hns3_pmu.c b/drivers/perf/hisilicon/hns3_pmu.c > index 16869bf5bf4c..cbdd53b0a034 100644 > --- a/drivers/perf/hisilicon/hns3_pmu.c > +++ b/drivers/perf/hisilicon/hns3_pmu.c > @@ -1085,15 +1085,27 @@ static bool hns3_pmu_validate_event_group(struct perf_event *event) > return false; > > for (num = 0; num < counters; num++) { > + /* > + * If we find a related event, then it's a valid group > + * since we don't need to allocate a new counter for it. > + */ > if (hns3_pmu_cmp_event(event_group[num], sibling)) > break; > } > > + /* > + * Otherwise it's a new event but if there's no available counter, > + * fail the check since we cannot schedule all the events in > + * the group simultaneously. > + */ > + if (num == HNS3_PMU_MAX_HW_EVENTS) > + return false; > + > if (num == counters) > event_group[counters++] = sibling; > } > > - return counters <= HNS3_PMU_MAX_HW_EVENTS; > + return true; > } > > static u32 hns3_pmu_get_filter_condition(struct perf_event *event)