[PATCH 3/3] lib: sbi: sbi_pmu: added checks for ctr_idx in match

Anup Patel anup at brainfault.org
Mon Oct 27 04:37:03 PDT 2025 

On Thu, Sep 18, 2025 at 2:37 PM Alexander Chuprunov
<alexander.chuprunov at syntacore.com> wrote:
>
> Previously, in sbi_pmu_ctr_cfg_match() function, ctr_idx was used immediately
> after pmu_ctr_find_fw() or pmu_ctr_find_hw() calls. In first case, array index
> was (ctr_idx - num_hw_ctrs), in second - ctr_idx. But pmu_ctr_find_fw() and
> pmu_ctr_find_hw() functions can return negative value, in which case writing
> in arrays with such indexes would corrupt sbi_pmu_hart_state structure.
> To avoid this situation, direct ctr_idx value check added.
>
> Signed-off-by: Alexander Chuprunov <alexander.chuprunov at syntacore.com>
> ---
>  lib/sbi/sbi_pmu.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/lib/sbi/sbi_pmu.c b/lib/sbi/sbi_pmu.c
> index 5d98a532..f76236e1 100644
> --- a/lib/sbi/sbi_pmu.c
> +++ b/lib/sbi/sbi_pmu.c
> @@ -877,13 +877,14 @@ int sbi_pmu_ctr_cfg_match(unsigned long cidx_base, unsigned long cidx_mask,
>                 /* Any firmware counter can be used track any firmware event */
>                 ctr_idx = pmu_ctr_find_fw(phs, cidx_base, cidx_mask,
>                                           event_code, event_data);
> -               if (event_code == SBI_PMU_FW_PLATFORM)
> +               if ((event_code == SBI_PMU_FW_PLATFORM) && (ctr_idx >= num_hw_ctrs))

No issues with this patch but it seems pmu_ctr_find_fw()
is returning an incorrect counter to address I have folded
following change with this patch.

diff --git a/lib/sbi/sbi_pmu.c b/lib/sbi/sbi_pmu.c
index b618be43..70c49abc 100644
--- a/lib/sbi/sbi_pmu.c
+++ b/lib/sbi/sbi_pmu.c
@@ -830,7 +830,7 @@ static int pmu_ctr_find_fw(struct sbi_pmu_hart_state *phs,
                cidx = i + cbase;
                if (cidx < num_hw_ctrs || total_ctrs <= cidx)
                        continue;
-               if (phs->active_events[i] != SBI_PMU_EVENT_IDX_INVALID)
+               if (phs->active_events[cidx] != SBI_PMU_EVENT_IDX_INVALID)
                        continue;
                if (SBI_PMU_FW_PLATFORM == event_code &&
                    pmu_dev && pmu_dev->fw_counter_match_encoding) {
@@ -840,7 +840,7 @@ static int pmu_ctr_find_fw(struct sbi_pmu_hart_state *phs,
                                continue;
                }

-               return i;
+               return cidx;
        }

        return SBI_ENOTSUPP;

Reviewed-by: Anup Patel <anup at brainfault.org>

Applied this patch to the riscv/opensbi repo.

Thanks,
Anup

>                         phs->fw_counters_data[ctr_idx - num_hw_ctrs] =
>                                                                 event_data;
>         } else {
>                 ctr_idx = pmu_ctr_find_hw(phs, cidx_base, cidx_mask, flags,
>                                           event_idx, event_data);
> -               phs->hw_counters_data[ctr_idx] = event_data;
> +               if (ctr_idx >= 0)
> +                       phs->hw_counters_data[ctr_idx] = event_data;
>         }
>
>         if (ctr_idx < 0)
> --
> 2.43.0
>
>
> --
> opensbi mailing list
> opensbi at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi

More information about the opensbi mailing list