lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 13 Aug 2020 12:04:55 +0200
From:   Mian Yousaf Kaukab <ykaukab@...e.de>
To:     linux-arm-kernel@...ts.infradead.org, mathieu.poirier@...aro.org,
        suzuki.poulose@....com
Cc:     linux-kernel@...r.kernel.org, alexander.shishkin@...ux.intel.com,
        mike.leach@...aro.org, gregkh@...uxfoundation.org,
        tingwei@...eaurora.org, Mian Yousaf Kaukab <ykaukab@...e.de>,
        Ruediger Oertel <ro@...e.com>
Subject: [PATCH] coresight: fix offset by one error in counting ports

Since port-numbers start from 0, add 1 to port-number to get the port
count.

Fix following crash when Coresight is enabled on ACPI based systems:

[   61.061736] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
...
[   61.135494] pc : acpi_coresight_parse_graph+0x1c4/0x37c
[   61.140705] lr : acpi_coresight_parse_graph+0x160/0x37c
[   61.145915] sp : ffff800012f4ba40
[   61.145917] x29: ffff800012f4ba40 x28: ffff00becce62f98
[   61.159896] x27: 0000000000000005 x26: ffff00becd8a7c88
[   61.165195] x25: ffff00becd8a7d88 x24: ffff00becce62f80
[   61.170492] x23: ffff800011ef99c0 x22: ffff009efb8bc010
[   61.175790] x21: 0000000000000018 x20: 0000000000000005
[   61.181087] x19: ffff00becce62e80 x18: 0000000000000020
[   61.186385] x17: 0000000000000001 x16: 00000000000002a8
[   61.191682] x15: ffff000838648550 x14: ffffffffffffffff
[   61.196980] x13: 0000000000000000 x12: ffff00becce62d87
[   61.202277] x11: 00000000ffffff76 x10: 000000000000002e
[   61.207575] x9 : ffff8000107e1a68 x8 : ffff00becce63000
[   61.212873] x7 : 0000000000000018 x6 : 000000000000003f
[   61.218170] x5 : 0000000000000000 x4 : 0000000000000000
[   61.223467] x3 : 0000000000000000 x2 : 0000000000000000
[   61.228764] x1 : ffff00becce62f80 x0 : 0000000000000000
[   61.234062] Call trace:
[   61.236497]  acpi_coresight_parse_graph+0x1c4/0x37c
[   61.241361]  coresight_get_platform_data+0xdc/0x130
[   61.246225]  tmc_probe+0x138/0x2dc
[   61.246227]  amba_probe+0xdc/0x220
[   61.255779]  really_probe+0xe8/0x49c
[   61.255781]  driver_probe_device+0xec/0x140
[   61.255782]  device_driver_attach+0xc8/0xd0
[   61.255785]  __driver_attach+0xac/0x180
[   61.265857]  bus_for_each_dev+0x78/0xcc
[   61.265859]  driver_attach+0x2c/0x40
[   61.265861]  bus_add_driver+0x150/0x244
[   61.265863]  driver_register+0x80/0x13c
[   61.273591]  amba_driver_register+0x60/0x70
[   61.273594]  tmc_driver_init+0x20/0x2c
[   61.281582]  do_one_initcall+0x50/0x230
[   61.281585]  do_initcalls+0x104/0x144
[   61.291831]  kernel_init_freeable+0x168/0x1dc
[   61.291834]  kernel_init+0x1c/0x120
[   61.299215]  ret_from_fork+0x10/0x18
[   61.299219] Code: b9400022 f9400660 9b277c42 8b020000 (f9400404)
[   61.307381] ---[ end trace 63c6c3d7ec6a9b7c ]---
[   61.315225] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

Fixes: d375b356e687 ("coresight: Fix support for sparsely populated ports")
Reported-by: Ruediger Oertel <ro@...e.com>
Signed-off-by: Mian Yousaf Kaukab <ykaukab@...e.de>
---
 drivers/hwtracing/coresight/coresight-platform.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/hwtracing/coresight/coresight-platform.c b/drivers/hwtracing/coresight/coresight-platform.c
index bfd44231d7ad..227e234a2470 100644
--- a/drivers/hwtracing/coresight/coresight-platform.c
+++ b/drivers/hwtracing/coresight/coresight-platform.c
@@ -711,11 +711,11 @@ static int acpi_coresight_parse_graph(struct acpi_device *adev,
 			return dir;
 
 		if (dir == ACPI_CORESIGHT_LINK_MASTER) {
-			if (ptr->outport > pdata->nr_outport)
-				pdata->nr_outport = ptr->outport;
+			if (ptr->outport >= pdata->nr_outport)
+				pdata->nr_outport = ptr->outport + 1;
 			ptr++;
 		} else {
-			WARN_ON(pdata->nr_inport == ptr->child_port);
+			WARN_ON(pdata->nr_inport == ptr->child_port + 1);
 			/*
 			 * We do not track input port connections for a device.
 			 * However we need the highest port number described,
@@ -723,8 +723,8 @@ static int acpi_coresight_parse_graph(struct acpi_device *adev,
 			 * record for an output connection. Hence, do not move
 			 * the ptr for input connections
 			 */
-			if (ptr->child_port > pdata->nr_inport)
-				pdata->nr_inport = ptr->child_port;
+			if (ptr->child_port >= pdata->nr_inport)
+				pdata->nr_inport = ptr->child_port + 1;
 		}
 	}
 
-- 
2.26.2

Powered by blists - more mailing lists