[PATCH v8 1/4] coresight: cti: Convert trigger usage fields to dynamic bitmaps and arrays
Yingchao Deng (Consultant)
quic_yingdeng at quicinc.com
Mon Apr 27 19:25:11 PDT 2026
On 4/28/2026 12:59 AM, Leo Yan wrote:
> On Sun, Apr 26, 2026 at 05:44:38PM +0800, Yingchao Deng wrote:
>
> [...]
>
>> @@ -316,23 +316,33 @@ static int cti_plat_process_filter_sigs(struct cti_drvdata *drvdata,
>> {
>> struct cti_trig_grp *tg = NULL;
>> int err = 0, nr_filter_sigs;
>> + int nr_trigs = drvdata->config.nr_trig_max;
>>
>> nr_filter_sigs = cti_plat_count_sig_elements(fwnode,
>> CTI_DT_FILTER_OUT_SIGS);
>> if (nr_filter_sigs == 0)
>> return 0;
>>
>> - if (nr_filter_sigs > drvdata->config.nr_trig_max)
>> + if (nr_filter_sigs > nr_trigs)
>> return -EINVAL;
>>
>> tg = kzalloc_obj(*tg);
>> if (!tg)
>> return -ENOMEM;
>>
>> + tg->used_mask = bitmap_zalloc(nr_trigs, GFP_KERNEL);
> Here would be:
>
> tg->used_mask = bitmap_zalloc(nr_filter_sigs, GFP_KERNEL);
"nr_filter_sigs" is the count of entries in the DT property array, if
the DT property is:
arm,trig-filters = <22 23>;
Here nr_filter_sigs=2, so bitmap_zalloc(2) allocates only 1 unsigned long
(64 bits). set_bit(22/23, used_mask) still fits, but it's logically an
OOB, and any index >=64 would
write past the end.
>> + if (!tg->used_mask) {
>> + kfree(tg);
>> + return -ENOMEM;
>> + }
>> +
> It is likely this will have merge conflict with the new patch [1].
>
> You might need to rebase this patch on the top of [1]. We need to
> give [1] priority as it is a fix.
>
> [1] https://lore.kernel.org/linux-arm-kernel/20260426-nr_sigs-v1-1-3b9df99dab97@oss.qualcomm.com/
>
> Otherwise, LGTM:
>
> Reviewed-by: Leo Yan <leo.yan at arm.com>
Will update.
Thanks,
Yingchao
More information about the linux-arm-kernel
mailing list