From: "Gautham R. Shenoy" ego@linux.vnet.ibm.com
In cpu_to_drc_index() in the case when FW_FEATURE_DRC_INFO is absent, we currently use of_read_property() to obtain the pointer to the array corresponding to the property "ibm,drc-indexes". The elements of this array are of type __be32, but are accessed without any conversion to the OS-endianness, which is buggy on a Little Endian OS.
Fix this by using of_property_read_u32_index() accessor function to safely read the elements of the array.
Fixes: commit e83636ac3334 ("pseries/drc-info: Search DRC properties for CPU indexes") Cc: stable@vger.kernel.org #v4.16+ Reported-by: Pavithra R. Prakash pavrampu@in.ibm.com Signed-off-by: Gautham R. Shenoy ego@linux.vnet.ibm.com --- arch/powerpc/platforms/pseries/pseries_energy.c | 27 ++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/pseries_energy.c b/arch/powerpc/platforms/pseries/pseries_energy.c index 6ed2212..1c4d1ba 100644 --- a/arch/powerpc/platforms/pseries/pseries_energy.c +++ b/arch/powerpc/platforms/pseries/pseries_energy.c @@ -77,18 +77,27 @@ static u32 cpu_to_drc_index(int cpu)
ret = drc.drc_index_start + (thread_index * drc.sequential_inc); } else { - const __be32 *indexes; - - indexes = of_get_property(dn, "ibm,drc-indexes", NULL); - if (indexes == NULL) - goto err_of_node_put; + u32 nr_drc_indexes, thread_drc_index;
/* - * The first element indexes[0] is the number of drc_indexes - * returned in the list. Hence thread_index+1 will get the - * drc_index corresponding to core number thread_index. + * The first element of ibm,drc-indexes array is the + * number of drc_indexes returned in the list. Hence + * thread_index+1 will get the drc_index corresponding + * to core number thread_index. */ - ret = indexes[thread_index + 1]; + rc = of_property_read_u32_index(dn, "ibm,drc-indexes", + 0, &nr_drc_indexes); + if (rc) + goto err_of_node_put; + + WARN_ON(thread_index > nr_drc_indexes); + rc = of_property_read_u32_index(dn, "ibm,drc-indexes", + thread_index + 1, + &thread_drc_index); + if (rc) + goto err_of_node_put; + + ret = thread_drc_index; }
rc = 0;
* Gautham R Shenoy ego@linux.vnet.ibm.com [2019-03-08 21:03:24]:
From: "Gautham R. Shenoy" ego@linux.vnet.ibm.com
In cpu_to_drc_index() in the case when FW_FEATURE_DRC_INFO is absent, we currently use of_read_property() to obtain the pointer to the array corresponding to the property "ibm,drc-indexes". The elements of this array are of type __be32, but are accessed without any conversion to the OS-endianness, which is buggy on a Little Endian OS.
Fix this by using of_property_read_u32_index() accessor function to safely read the elements of the array.
Fixes: commit e83636ac3334 ("pseries/drc-info: Search DRC properties for CPU indexes") Cc: stable@vger.kernel.org #v4.16+ Reported-by: Pavithra R. Prakash pavrampu@in.ibm.com Signed-off-by: Gautham R. Shenoy ego@linux.vnet.ibm.com
Reviewed-by: Vaidyanathan Srinivasan svaidy@linux.vnet.ibm.com
arch/powerpc/platforms/pseries/pseries_energy.c | 27 ++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/pseries_energy.c b/arch/powerpc/platforms/pseries/pseries_energy.c index 6ed2212..1c4d1ba 100644 --- a/arch/powerpc/platforms/pseries/pseries_energy.c +++ b/arch/powerpc/platforms/pseries/pseries_energy.c @@ -77,18 +77,27 @@ static u32 cpu_to_drc_index(int cpu)
ret = drc.drc_index_start + (thread_index * drc.sequential_inc);} else {
const __be32 *indexes;indexes = of_get_property(dn, "ibm,drc-indexes", NULL);if (indexes == NULL)goto err_of_node_put;
u32 nr_drc_indexes, thread_drc_index;/*
* The first element indexes[0] is the number of drc_indexes* returned in the list. Hence thread_index+1 will get the* drc_index corresponding to core number thread_index.
* The first element of ibm,drc-indexes array is the* number of drc_indexes returned in the list. Hence* thread_index+1 will get the drc_index corresponding* to core number thread_index.
ret = indexes[thread_index + 1];
rc = of_property_read_u32_index(dn, "ibm,drc-indexes",0, &nr_drc_indexes);if (rc)goto err_of_node_put;WARN_ON(thread_index > nr_drc_indexes);rc = of_property_read_u32_index(dn, "ibm,drc-indexes",thread_index + 1,&thread_drc_index);if (rc)goto err_of_node_put;ret = thread_drc_index;
Oops! Good bugfix. We should use device tree accessors like this in all places for correct and safe code.
Thanks!
--Vaidy
On Fri, 2019-03-08 at 15:33:24 UTC, "Gautham R. Shenoy" wrote:
From: "Gautham R. Shenoy" ego@linux.vnet.ibm.com
In cpu_to_drc_index() in the case when FW_FEATURE_DRC_INFO is absent, we currently use of_read_property() to obtain the pointer to the array corresponding to the property "ibm,drc-indexes". The elements of this array are of type __be32, but are accessed without any conversion to the OS-endianness, which is buggy on a Little Endian OS.
Fix this by using of_property_read_u32_index() accessor function to safely read the elements of the array.
Fixes: commit e83636ac3334 ("pseries/drc-info: Search DRC properties for CPU indexes") Cc: stable@vger.kernel.org #v4.16+ Reported-by: Pavithra R. Prakash pavrampu@in.ibm.com Signed-off-by: Gautham R. Shenoy ego@linux.vnet.ibm.com Reviewed-by: Vaidyanathan Srinivasan svaidy@linux.vnet.ibm.com
Applied to powerpc fixes, thanks.
https://git.kernel.org/powerpc/c/ce9afe08e71e3f7d64f337a6e932e508
cheers
linux-stable-mirror@lists.linaro.org
-
Gautham R. Shenoy -
Michael Ellerman -
Vaidyanathan Srinivasan