[PATCH 1/3] perf: RISC-V: fix access beyond allocated array
Sergey Matyukevich
geomatsi at gmail.com
Thu Jun 23 04:27:33 PDT 2022
From: Sergey Matyukevich <sergey.matyukevich at syntacore.com>
Both OpenSBI and Linux driver explicitly assume that pmu counter IDs are
not expected to be contiguous. Namely, there is no hardware counter with
index 1: hardware uses that bit for TM control. However counter array is
allocated without that assumption. As a result, memory beyond allocated
array is accessed. Fix this by adding unused array element for index 1.
Signed-off-by: Sergey Matyukevich <sergey.matyukevich at syntacore.com>
---
drivers/perf/riscv_pmu_sbi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/perf/riscv_pmu_sbi.c b/drivers/perf/riscv_pmu_sbi.c
index dca3537a8dcc..3e0ea564b9b8 100644
--- a/drivers/perf/riscv_pmu_sbi.c
+++ b/drivers/perf/riscv_pmu_sbi.c
@@ -453,7 +453,7 @@ static int pmu_sbi_get_ctrinfo(int nctr)
int i, num_hw_ctr = 0, num_fw_ctr = 0;
union sbi_pmu_ctr_info cinfo;
- pmu_ctr_list = kcalloc(nctr, sizeof(*pmu_ctr_list), GFP_KERNEL);
+ pmu_ctr_list = kcalloc(nctr + 1, sizeof(*pmu_ctr_list), GFP_KERNEL);
if (!pmu_ctr_list)
return -ENOMEM;
--
2.36.1
More information about the linux-riscv
mailing list