lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 20 Apr 2022 15:48:09 -0700
From:   Atish Kumar Patra <atishp@...osinc.com>
To:     Palmer Dabbelt <palmer@...osinc.com>
Cc:     dan.carpenter@...cle.com, kbuild@...ts.01.org,
        kernel test robot <lkp@...el.com>, kbuild-all@...ts.01.org,
        "linux-kernel@...r.kernel.org List" <linux-kernel@...r.kernel.org>
Subject: Re: drivers/perf/riscv_pmu_sbi.c:464 pmu_sbi_get_ctrinfo() warn:
 potentially one past the end of array 'pmu_ctr_list[i]'

On Wed, Apr 20, 2022 at 3:38 PM Palmer Dabbelt <palmer@...osinc.com> wrote:
>
> On Wed, 20 Apr 2022 02:31:33 PDT (-0700), dan.carpenter@...cle.com wrote:
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> > head:   59250f8a7f3a60a2661b84cbafc1e0eb5d05ec9b
> > commit: e9991434596f5373dfd75857b445eb92a9253c56 RISC-V: Add perf platform driver based on SBI PMU extension
> > config: riscv-randconfig-m031-20220416 (https://download.01.org/0day-ci/archive/20220416/202204161940.BrRZvzdD-lkp@intel.com/config)
> > compiler: riscv32-linux-gcc (GCC) 11.2.0
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@...el.com>
> > Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> >
> > smatch warnings:
> > drivers/perf/riscv_pmu_sbi.c:464 pmu_sbi_get_ctrinfo() warn: potentially one past the end of array 'pmu_ctr_list[i]'
> > drivers/perf/riscv_pmu_sbi.c:464 pmu_sbi_get_ctrinfo() warn: potentially one past the end of array 'pmu_ctr_list[i]'
> >
> > vim +464 drivers/perf/riscv_pmu_sbi.c
> >
> > e9991434596f53 Atish Patra 2022-02-18  444  static int pmu_sbi_get_ctrinfo(int nctr)
> > e9991434596f53 Atish Patra 2022-02-18  445  {
> > e9991434596f53 Atish Patra 2022-02-18  446    struct sbiret ret;
> > e9991434596f53 Atish Patra 2022-02-18  447    int i, num_hw_ctr = 0, num_fw_ctr = 0;
> > e9991434596f53 Atish Patra 2022-02-18  448    union sbi_pmu_ctr_info cinfo;
> > e9991434596f53 Atish Patra 2022-02-18  449
> > e9991434596f53 Atish Patra 2022-02-18  450    pmu_ctr_list = kcalloc(nctr, sizeof(*pmu_ctr_list), GFP_KERNEL);
> >                                                                        ^^^^
> >
> > e9991434596f53 Atish Patra 2022-02-18  451    if (!pmu_ctr_list)
> > e9991434596f53 Atish Patra 2022-02-18  452            return -ENOMEM;
> > e9991434596f53 Atish Patra 2022-02-18  453
> > e9991434596f53 Atish Patra 2022-02-18  454    for (i = 0; i <= nctr; i++) {
> >                                                             ^^^^^^^^^
> > The <= should be <
> >
> > e9991434596f53 Atish Patra 2022-02-18  455            ret = sbi_ecall(SBI_EXT_PMU, SBI_EXT_PMU_COUNTER_GET_INFO, i, 0, 0, 0, 0, 0);
> > e9991434596f53 Atish Patra 2022-02-18  456            if (ret.error)
> > e9991434596f53 Atish Patra 2022-02-18  457                    /* The logical counter ids are not expected to be contiguous */
> > e9991434596f53 Atish Patra 2022-02-18  458                    continue;
> > e9991434596f53 Atish Patra 2022-02-18  459            cinfo.value = ret.value;
> > e9991434596f53 Atish Patra 2022-02-18  460            if (cinfo.type == SBI_PMU_CTR_TYPE_FW)
> > e9991434596f53 Atish Patra 2022-02-18  461                    num_fw_ctr++;
> > e9991434596f53 Atish Patra 2022-02-18  462            else
> > e9991434596f53 Atish Patra 2022-02-18  463                    num_hw_ctr++;
> > e9991434596f53 Atish Patra 2022-02-18 @464            pmu_ctr_list[i].value = cinfo.value;
> >                                                         ^^^^^^^^^^^^^^^
> > Off by one
> >
> > e9991434596f53 Atish Patra 2022-02-18  465    }
> > e9991434596f53 Atish Patra 2022-02-18  466
> > e9991434596f53 Atish Patra 2022-02-18  467    pr_info("%d firmware and %d hardware counters\n", num_fw_ctr, num_hw_ctr);
> > e9991434596f53 Atish Patra 2022-02-18  468
> > e9991434596f53 Atish Patra 2022-02-18  469    return 0;
> > e9991434596f53 Atish Patra 2022-02-18  470  }
>
> I think this should do it
>
>     diff --git a/drivers/perf/riscv_pmu_sbi.c b/drivers/perf/riscv_pmu_sbi.c
>     index a1317a483512..50394ef1adef 100644
>     --- a/drivers/perf/riscv_pmu_sbi.c
>     +++ b/drivers/perf/riscv_pmu_sbi.c
>     @@ -457,7 +457,7 @@ static int pmu_sbi_get_ctrinfo(int nctr)
>         if (!pmu_ctr_list)
>                 return -ENOMEM;
>
>     -   for (i = 0; i <= nctr; i++) {
>     +   for (i = 0; i < nctr; i++) {
>                 ret = sbi_ecall(SBI_EXT_PMU, SBI_EXT_PMU_COUNTER_GET_INFO, i, 0, 0, 0, 0, 0);
>                 if (ret.error)
>                         /* The logical counter ids are not expected to be contiguous */
>
> but I'm not super familiar with the perf code and there's frequently this
> pattern of "0 is reserved as a special value" in the RISC-V specs (interrupt
> numbers, for example) so I may be wrong here.  IIUC none of that is going on
> here, as these are all indirect/non-contiguous, but I'll let Atish take a look.
>

You are right. This was just a typo/oversight on my part. I will send
a fix asap.

> Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ