[PATCH] coresight: tmc: Fix overflow when calculating is bigger than 2GiB
Leo Yan
leo.yan at arm.com
Mon Feb 23 02:23:43 PST 2026
On Mon, Feb 23, 2026 at 09:50:41AM +0000, Suzuki K Poulose wrote:
[...]
> > --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c
> > +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c
> > @@ -154,7 +154,7 @@ tmc_pages_get_offset(struct tmc_pages *tmc_pages, dma_addr_t addr)
> > for (i = 0; i < tmc_pages->nr_pages; i++) {
> > page_start = tmc_pages->daddrs[i];
> > if (addr >= page_start && addr < (page_start + PAGE_SIZE))
> > - return i * PAGE_SIZE + (addr - page_start);
> > + return (long)i * PAGE_SIZE + (addr - page_start);
> > }
> > return -EINVAL;
> > @@ -1381,7 +1381,7 @@ alloc_etr_buf(struct tmc_drvdata *drvdata, struct perf_event *event,
> > node = (event->cpu == -1) ? NUMA_NO_NODE : cpu_to_node(event->cpu);
> > /* Use the minimum limit if the required size is smaller */
> > - size = nr_pages << PAGE_SHIFT;
> > + size = (ssize_t)nr_pages << PAGE_SHIFT;
> > size = max_t(ssize_t, size, TMC_ETR_PERF_MIN_BUF_SIZE);
> > /*
> >
>
> Thanks for the fix. Could we not fix the declaration of the variables
> instead ? (Also add a comment to make sure people don't revert it back )
I thought a bit the variable declaration when worked on the patch, but
it is tricky.
"nr_pages" is passed down from the perf core layer as an int type. In
CoreSight, the value is passed down through several functions using the
same type, and it does not seem necessary to change the type in every
function in the call path.
We could silently use wider type for the "nr_pages" argument or the
index variable "i". As you said, we need comments to remind future
changing. This might be more error-prone than using an explicit
cast at the point of calculation ?
Thanks,
Leo
More information about the linux-arm-kernel
mailing list