From: Suzuki K Poulose <Suzuki.Poulose@arm.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] coresight: Fix erroneous memset in tmc_read_unprepare_etr
Date: Mon, 13 Jun 2016 09:59:56 +0100 [thread overview]
Message-ID: <575E760C.9030009@arm.com> (raw)
In-Reply-To: <CANLsYkw=7fJLR6r5qH0t9BA-GdOW+ZB=depNH=A7CHk1idkYuQ@mail.gmail.com>
On 12/06/16 22:06, Mathieu Poirier wrote:
> On 10 June 2016 at 04:31, Suzuki K Poulose <suzuki.poulose@arm.com> wrote:
>> At the end of a trace collection, we try to clear the entire buffer
>> and enable the ETR back if it was already enabled. But, we would have
>> adjusted the drvdata->buf to point to the beginning of the trace data
>> in the trace buffer @drvdata->vaddr. So, the following code which
>> clears the buffer is dangerous and can cause crashes, like below :
>>
>> memset(drvdata->buf, 0, drvdata->size);
>>
>> Unable to handle kernel paging request at virtual address ffffff800a145000
>> pgd = ffffffc974726000
>> *pgd=00000009f3e91003, *pud=00000009f3e91003, *pmd=0000000000000000
>> PREEMPT SMP
>> Modules linked in:
>> CPU: 4 PID: 1692 Comm: dd Not tainted 4.7.0-rc2+ #1721
>> Hardware name: ARM Juno development board (r0) (DT)
>> task: ffffffc9734a0080 ti: ffffffc974460000 task.ti: ffffffc974460000
>> PC is at __memset+0x1ac/0x200
>> LR is at tmc_read_unprepare_etr+0x144/0x1bc
>> pc : [<ffffff80083a05ac>] lr : [<ffffff800859c984>] pstate: 200001c5
>> ...
>> [<ffffff80083a05ac>] __memset+0x1ac/0x200
>> [<ffffff800859b2e4>] tmc_release+0x90/0x94
>> [<ffffff8008202f58>] __fput+0xa8/0x1ec
>> [<ffffff80082030f4>] ____fput+0xc/0x14
>> [<ffffff80080c3ef8>] task_work_run+0xb0/0xe4
>> [<ffffff8008088bf4>] do_notify_resume+0x64/0x6c
>> [<ffffff8008084d5c>] work_pending+0x10/0x14
>> Code: 91010108 54ffff4a 8b040108 cb050042 (d50b7428)
>>
>> Since we clear the buffer anyway in the following call to
>> tmc_etr_enable_hw(), remove the erroneous memset().
>>
>> Fixes: commit de5461970b3e9e1 ("coresight: tmc: allocating memory when needed")
>> Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
>> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
>> ---
>>
>> Mathieu,
>>
>> I think this should go to 4.7. Please push it.
>
> If this [1] didn't make it, this one won't make it either.
> applied it to my tree for merging in the 4.8 cycle.
I think both should go to 4.7, as these fixes real crashes.
Greg,
We have two fixes [1],[2] for coresight driver which fixes Kernel crashes. Could you
please pick them up ?
I could resend them, if you would like.
[1] https://patchwork.kernel.org/patch/9144589/
[2] https://patchwork.kernel.org/patch/9169407/
Thanks
Suzuki
>
> Thanks,
> Mathieu
>
>
>>
>> ---
>> drivers/hwtracing/coresight/coresight-tmc-etr.c | 9 +++------
>> 1 file changed, 3 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c
>> index 69e104b..24d99ed 100644
>> --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c
>> +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c
>> @@ -306,13 +306,10 @@ int tmc_read_unprepare_etr(struct tmc_drvdata *drvdata)
>> if (local_read(&drvdata->mode) == CS_MODE_SYSFS) {
>> /*
>> * The trace run will continue with the same allocated trace
>> - * buffer. As such zero-out the buffer so that we don't end
>> - * up with stale data.
>> - *
>> - * Since the tracer is still enabled drvdata::buf
>> - * can't be NULL.
>> + * buffer. The trace buffer is cleared in tmc_etr_enable_hw(),
>> + * so we don't have to explicitly clear it. Also, since the
>
> Yes, very good.
>
>> + * tracer is still enabled drvdata::buf can't be NULL.
>> */
>> - memset(drvdata->buf, 0, drvdata->size);
>> tmc_etr_enable_hw(drvdata);
>> } else {
>> /*
>> --
>> 1.9.1
>>
>
prev parent reply other threads:[~2016-06-13 9:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-06 9:11 [PATCH v2 0/9] coresight: Miscellaneous fixes Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 1/9] coresight: Fix NULL pointer dereference in _coresight_build_path Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 2/9] coresight: Fix tmc_read_unprepare_etr Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 3/9] coresight: Remove erroneous dma_free_coherent in tmc_probe Suzuki K Poulose
2016-06-12 20:38 ` Mathieu Poirier
2016-06-06 9:11 ` [PATCH v2 4/9] coresight: Fix csdev connections initialisation Suzuki K Poulose
2016-06-12 20:39 ` Mathieu Poirier
2016-06-13 8:54 ` Suzuki K Poulose
2016-06-13 14:37 ` Mathieu Poirier
2016-06-06 9:11 ` [PATCH v2 5/9] coresight: tmc: Limit the trace to available data Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 6/9] coresight: etmv4: Fix ETMv4x peripheral ID table Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 7/9] coresight: Cleanup TMC status check Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 8/9] coresight: Consolidate error handling path for tmc_probe Suzuki K Poulose
2016-06-06 9:11 ` [PATCH v2 9/9] coresight: Add better messages for coresight_timeout Suzuki K Poulose
2016-06-12 20:36 ` Mathieu Poirier
2016-06-10 10:31 ` [PATCH] coresight: Fix erroneous memset in tmc_read_unprepare_etr Suzuki K Poulose
2016-06-12 21:06 ` Mathieu Poirier
2016-06-13 8:59 ` Suzuki K Poulose [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=575E760C.9030009@arm.com \
--to=suzuki.poulose@arm.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathieu.poirier@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).