From a599a7a83745820b3e1bee9d4b625bd54337e4d0 Mon Sep 17 00:00:00 2001 From: Kishor PK Date: Thu, 18 Feb 2016 15:26:50 +0530 Subject: msm: perf: validate input argument of ev_constraints functions Validate input argument before writing into pmu_constraints_codes array. CRs-Fixed: 975404 Change-Id: Id68b1d2201ab1af783af2236833b1dc894e08cc7 Signed-off-by: Kishor PK --- arch/arm/mach-msm/perf_event_msm_krait_l2.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/arch/arm/mach-msm/perf_event_msm_krait_l2.c b/arch/arm/mach-msm/perf_event_msm_krait_l2.c index 65a5d2f..43233ab 100644 --- a/arch/arm/mach-msm/perf_event_msm_krait_l2.c +++ b/arch/arm/mach-msm/perf_event_msm_krait_l2.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011,2012,2014 The Linux Foundation. All rights reserved. + * Copyright (c) 2011,2012,2014,2016 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -18,13 +18,15 @@ #include +#define PMU_CODES_SIZE 64 + /* * The L2 PMU is shared between all CPU's, so protect * its bitmap access. */ struct pmu_constraints { u64 pmu_bitmap; - u8 codes[64]; + u8 codes[PMU_CODES_SIZE]; raw_spinlock_t lock; } l2_pmu_constraints = { .pmu_bitmap = 0, @@ -427,10 +429,9 @@ static int msm_l2_test_set_ev_constraint(struct perf_event *event) u8 group = evt_type & 0x0000F; u8 code = (evt_type & 0x00FF0) >> 4; unsigned long flags; - u32 err = 0; + int err = 0; u64 bitmap_t; u32 shift_idx; - if (evt_prefix == L2_TRACECTR_PREFIX) return err; /* @@ -444,6 +445,11 @@ static int msm_l2_test_set_ev_constraint(struct perf_event *event) shift_idx = ((reg * 4) + group); + if (shift_idx >= PMU_CODES_SIZE) { + err = -EINVAL; + goto out; + } + bitmap_t = 1 << shift_idx; if (!(l2_pmu_constraints.pmu_bitmap & bitmap_t)) { @@ -484,6 +490,7 @@ static int msm_l2_clear_ev_constraint(struct perf_event *event) unsigned long flags; u64 bitmap_t; u32 shift_idx; + int err = 1; if (evt_prefix == L2_TRACECTR_PREFIX) return 1; @@ -491,6 +498,10 @@ static int msm_l2_clear_ev_constraint(struct perf_event *event) shift_idx = ((reg * 4) + group); + if (shift_idx >= PMU_CODES_SIZE) { + err = -EINVAL; + goto out; + } bitmap_t = 1 << shift_idx; /* Clear constraint bit. */ @@ -498,9 +509,9 @@ static int msm_l2_clear_ev_constraint(struct perf_event *event) /* Clear code. */ l2_pmu_constraints.codes[shift_idx] = -1; - +out: raw_spin_unlock_irqrestore(&l2_pmu_constraints.lock, flags); - return 1; + return err; } int get_num_events(void) -- cgit v1.1