AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-24 01:10:54 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
epyc7002
linux_dsm_epyc7002/drivers/hwtracing/coresight
History
Sai Prakash Ranjan 35c1c4bd2d coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() 
commit 5fae8a946ac2df879caf3f79a193d4766d00239b upstream.

commit 6f755e85c3 ("coresight: Add helper for inserting synchronization
packets") removed trailing '\0' from barrier_pkt array and updated the
call sites like etb_update_buffer() to have proper checks for barrier_pkt
size before read but missed updating tmc_update_etf_buffer() which still
reads barrier_pkt past the array size resulting in KASAN out-of-bounds
bug. Fix this by adding a check for barrier_pkt size before accessing
like it is done in etb_update_buffer().

 BUG: KASAN: global-out-of-bounds in tmc_update_etf_buffer+0x4b8/0x698
 Read of size 4 at addr ffffffd05b7d1030 by task perf/2629

 Call trace:
  dump_backtrace+0x0/0x27c
  show_stack+0x20/0x2c
  dump_stack+0x11c/0x188
  print_address_description+0x3c/0x4a4
  __kasan_report+0x140/0x164
  kasan_report+0x10/0x18
  __asan_report_load4_noabort+0x1c/0x24
  tmc_update_etf_buffer+0x4b8/0x698
  etm_event_stop+0x248/0x2d8
  etm_event_del+0x20/0x2c
  event_sched_out+0x214/0x6f0
  group_sched_out+0xd0/0x270
  ctx_sched_out+0x2ec/0x518
  __perf_event_task_sched_out+0x4fc/0xe6c
  __schedule+0x1094/0x16a0
  preempt_schedule_irq+0x88/0x170
  arm64_preempt_schedule_irq+0xf0/0x18c
  el1_irq+0xe8/0x180
  perf_event_exec+0x4d8/0x56c
  setup_new_exec+0x204/0x400
  load_elf_binary+0x72c/0x18c0
  search_binary_handler+0x13c/0x420
  load_script+0x500/0x6c4
  search_binary_handler+0x13c/0x420
  exec_binprm+0x118/0x654
  __do_execve_file+0x77c/0xba4
  __arm64_compat_sys_execve+0x98/0xac
  el0_svc_common+0x1f8/0x5e0
  el0_svc_compat_handler+0x84/0xb0
  el0_svc_compat+0x10/0x50

 The buggy address belongs to the variable:
  barrier_pkt+0x10/0x40

 Memory state around the buggy address:
  ffffffd05b7d0f00: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00
  ffffffd05b7d0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 >ffffffd05b7d1000: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 03
                                      ^
  ffffffd05b7d1080: fa fa fa fa 00 02 fa fa fa fa fa fa 03 fa fa fa
  ffffffd05b7d1100: fa fa fa fa 00 00 00 00 05 fa fa fa fa fa fa fa
 ==================================================================

Link: https://lore.kernel.org/r/20210505093430.18445-1-saiprakash.ranjan@codeaurora.org
Fixes: 0c3fc4d5fa ("coresight: Add barrier packet for synchronisation")
Cc: stable@vger.kernel.org
Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Link: https://lore.kernel.org/r/20210614175901.532683-6-mathieu.poirier@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-07-19 09:45:01 +02:00
..
coresight-catu.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
coresight-catu.h coresight: tmc-etr: Add function to register catu ops 2020-09-28 19:47:42 +02:00
coresight-core.c coresight: Propagate symlink failure 2021-07-19 09:45:01 +02:00
coresight-cpu-debug.c coresight: cpu_debug: Define MODULE_DEVICE_TABLE 2020-09-28 19:47:40 +02:00
coresight-cti-core.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
coresight-cti-platform.c Char/Misc driver patches for 5.8-rc1 2020-06-07 10:59:32 -07:00
coresight-cti-sysfs.c coresight: cti: Initialize dynamic sysfs attributes 2020-10-29 20:10:25 +01:00
coresight-cti.h coresight: Include required headers in C files 2020-05-19 16:31:18 +02:00
coresight-etb10.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
coresight-etm3x-core.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
coresight-etm3x-sysfs.c coresight: etm: Clean up device specific data 2019-06-19 20:29:14 +02:00
coresight-etm4x-core.c coresight: etm4x: Handle accesses to TRCSTALLCTLR 2021-03-04 11:38:37 +01:00
coresight-etm4x-sysfs.c coresight: etm4x: Handle accesses to TRCSTALLCTLR 2021-03-04 11:38:37 +01:00
coresight-etm4x.h coresight: etm4x: Fix number of resources check for ETM 4.3 and above 2020-09-17 18:46:05 +02:00
coresight-etm-cp14.c coresight: Moving framework and drivers to SPDX identifier 2018-05-14 16:19:59 +02:00
coresight-etm-perf.c coresight: Fix uninitialised pointer bug in etm_setup_aux() 2020-10-29 20:10:25 +01:00
coresight-etm-perf.h coresight: core: Allow the coresight core driver to be built as a module 2020-09-28 19:47:42 +02:00
coresight-etm.h coresight: etm: Clean up device specific data 2019-06-19 20:29:14 +02:00
coresight-funnel.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
coresight-platform.c coresight: Do not scan for graph if none is present 2021-05-19 10:12:55 +02:00
coresight-priv.h coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf() 2020-12-26 16:02:40 +01:00
coresight-replicator.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
coresight-stm.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
coresight-sysfs.c coresight: Export global symbols 2020-09-28 19:47:40 +02:00
coresight-tmc-core.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
coresight-tmc-etf.c coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() 2021-07-19 09:45:01 +02:00
coresight-tmc-etr.c coresight: tmc-etr: Fix barrier packet insertion for perf buffer 2020-12-26 16:02:41 +01:00
coresight-tmc.h coresight: tmc-etr: Add function to register catu ops 2020-09-28 19:47:42 +02:00
coresight-tpiu.c coresight: remove broken __exit annotations 2020-12-30 11:53:44 +01:00
Kconfig coresight: core: Allow the coresight core driver to be built as a module 2020-09-28 19:47:42 +02:00
Makefile coresight: core: Allow the coresight core driver to be built as a module 2020-09-28 19:47:42 +02:00