From patchwork Fri Aug 12 16:25:53 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [2/5] bus: arm-ccn: Do not attempt to configure XPs for cycle counter X-Patchwork-Submitter: Pawel Moll X-Patchwork-Id: 73858 Message-Id: <1471019156-5485-3-git-send-email-pawel.moll@arm.com> To: arm@kernel.org Cc: Mark Rutland , linux-arm-kernel@lists.infradead.org Date: Fri, 12 Aug 2016 17:25:53 +0100 From: Pawel Moll List-Id: Fuzzing the CCN perf driver revealed a small but definitely dangerous mistake in the event setup code. When a cycle counter is requested, the driver should not reconfigure the events bus at all, otherwise it will corrupt (in most but the simplest cases) its configuration and may end up accessing XP array out of its bounds. Reported-by: Mark Rutland Reviewed-by: Mark Rutland Tested-by: Mark Rutland Cc: stable@vger.kernel.org # 3.17+ Signed-off-by: Pawel Moll --- drivers/bus/arm-ccn.c | 4 ++++ 1 file changed, 4 insertions(+) -- 2.7.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel diff --git a/drivers/bus/arm-ccn.c b/drivers/bus/arm-ccn.c index a11b9bb..9bbb0ab 100644 --- a/drivers/bus/arm-ccn.c +++ b/drivers/bus/arm-ccn.c @@ -897,6 +897,10 @@ static void arm_ccn_pmu_xp_dt_config(struct perf_event *event, int enable) struct arm_ccn_component *xp; u32 val, dt_cfg; + /* Nothing to do for cycle counter */ + if (hw->idx == CCN_IDX_PMU_CYCLE_COUNTER) + return; + if (CCN_CONFIG_TYPE(event->attr.config) == CCN_TYPE_XP) xp = &ccn->xp[CCN_CONFIG_XP(event->attr.config)]; else