From: Mathieu Poirier <mathieu.poirier@linaro.org>
To: gregkh@linuxfoundation.org
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH 05/14] coresight: etm4x: Fix input validation for sysfs.
Date: Mon, 4 Nov 2019 11:12:42 -0700 [thread overview]
Message-ID: <20191104181251.26732-6-mathieu.poirier@linaro.org> (raw)
In-Reply-To: <20191104181251.26732-1-mathieu.poirier@linaro.org>
From: Mike Leach <mike.leach@linaro.org>
A number of issues are fixed relating to sysfs input validation:-
1) bb_ctrl_store() - incorrect compare of bit select field to absolute
value. Reworked per ETMv4 specification.
2) seq_event_store() - incorrect mask value - register has two
event values.
3) cyc_threshold_store() - must mask with max before checking min
otherwise wrapped values can set illegal value below min.
4) res_ctrl_store() - update to mask off all res0 bits.
Reviewed-by: Leo Yan <leo.yan@linaro.org>
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Mike Leach <mike.leach@linaro.org>
Fixes: a77de2637c9eb ("coresight: etm4x: moving sysFS entries to a dedicated file")
Cc: stable <stable@vger.kernel.org> # 4.9+
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
---
.../coresight/coresight-etm4x-sysfs.c | 21 ++++++++++++-------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c
index b6984be0c515..cc8156318018 100644
--- a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c
@@ -652,10 +652,13 @@ static ssize_t cyc_threshold_store(struct device *dev,
if (kstrtoul(buf, 16, &val))
return -EINVAL;
+
+ /* mask off max threshold before checking min value */
+ val &= ETM_CYC_THRESHOLD_MASK;
if (val < drvdata->ccitmin)
return -EINVAL;
- config->ccctlr = val & ETM_CYC_THRESHOLD_MASK;
+ config->ccctlr = val;
return size;
}
static DEVICE_ATTR_RW(cyc_threshold);
@@ -686,14 +689,16 @@ static ssize_t bb_ctrl_store(struct device *dev,
return -EINVAL;
if (!drvdata->nr_addr_cmp)
return -EINVAL;
+
/*
- * Bit[7:0] selects which address range comparator is used for
- * branch broadcast control.
+ * Bit[8] controls include(1) / exclude(0), bits[0-7] select
+ * individual range comparators. If include then at least 1
+ * range must be selected.
*/
- if (BMVAL(val, 0, 7) > drvdata->nr_addr_cmp)
+ if ((val & BIT(8)) && (BMVAL(val, 0, 7) == 0))
return -EINVAL;
- config->bb_ctrl = val;
+ config->bb_ctrl = val & GENMASK(8, 0);
return size;
}
static DEVICE_ATTR_RW(bb_ctrl);
@@ -1324,8 +1329,8 @@ static ssize_t seq_event_store(struct device *dev,
spin_lock(&drvdata->spinlock);
idx = config->seq_idx;
- /* RST, bits[7:0] */
- config->seq_ctrl[idx] = val & 0xFF;
+ /* Seq control has two masks B[15:8] F[7:0] */
+ config->seq_ctrl[idx] = val & 0xFFFF;
spin_unlock(&drvdata->spinlock);
return size;
}
@@ -1580,7 +1585,7 @@ static ssize_t res_ctrl_store(struct device *dev,
if (idx % 2 != 0)
/* PAIRINV, bit[21] */
val &= ~BIT(21);
- config->res_ctrl[idx] = val;
+ config->res_ctrl[idx] = val & GENMASK(21, 0);
spin_unlock(&drvdata->spinlock);
return size;
}
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Mathieu Poirier <mathieu.poirier@linaro.org>
To: gregkh@linuxfoundation.org
Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Subject: [PATCH 05/14] coresight: etm4x: Fix input validation for sysfs.
Date: Mon, 4 Nov 2019 11:12:42 -0700 [thread overview]
Message-ID: <20191104181251.26732-6-mathieu.poirier@linaro.org> (raw)
In-Reply-To: <20191104181251.26732-1-mathieu.poirier@linaro.org>
From: Mike Leach <mike.leach@linaro.org>
A number of issues are fixed relating to sysfs input validation:-
1) bb_ctrl_store() - incorrect compare of bit select field to absolute
value. Reworked per ETMv4 specification.
2) seq_event_store() - incorrect mask value - register has two
event values.
3) cyc_threshold_store() - must mask with max before checking min
otherwise wrapped values can set illegal value below min.
4) res_ctrl_store() - update to mask off all res0 bits.
Reviewed-by: Leo Yan <leo.yan@linaro.org>
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Mike Leach <mike.leach@linaro.org>
Fixes: a77de2637c9eb ("coresight: etm4x: moving sysFS entries to a dedicated file")
Cc: stable <stable@vger.kernel.org> # 4.9+
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
---
.../coresight/coresight-etm4x-sysfs.c | 21 ++++++++++++-------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c
index b6984be0c515..cc8156318018 100644
--- a/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-sysfs.c
@@ -652,10 +652,13 @@ static ssize_t cyc_threshold_store(struct device *dev,
if (kstrtoul(buf, 16, &val))
return -EINVAL;
+
+ /* mask off max threshold before checking min value */
+ val &= ETM_CYC_THRESHOLD_MASK;
if (val < drvdata->ccitmin)
return -EINVAL;
- config->ccctlr = val & ETM_CYC_THRESHOLD_MASK;
+ config->ccctlr = val;
return size;
}
static DEVICE_ATTR_RW(cyc_threshold);
@@ -686,14 +689,16 @@ static ssize_t bb_ctrl_store(struct device *dev,
return -EINVAL;
if (!drvdata->nr_addr_cmp)
return -EINVAL;
+
/*
- * Bit[7:0] selects which address range comparator is used for
- * branch broadcast control.
+ * Bit[8] controls include(1) / exclude(0), bits[0-7] select
+ * individual range comparators. If include then at least 1
+ * range must be selected.
*/
- if (BMVAL(val, 0, 7) > drvdata->nr_addr_cmp)
+ if ((val & BIT(8)) && (BMVAL(val, 0, 7) == 0))
return -EINVAL;
- config->bb_ctrl = val;
+ config->bb_ctrl = val & GENMASK(8, 0);
return size;
}
static DEVICE_ATTR_RW(bb_ctrl);
@@ -1324,8 +1329,8 @@ static ssize_t seq_event_store(struct device *dev,
spin_lock(&drvdata->spinlock);
idx = config->seq_idx;
- /* RST, bits[7:0] */
- config->seq_ctrl[idx] = val & 0xFF;
+ /* Seq control has two masks B[15:8] F[7:0] */
+ config->seq_ctrl[idx] = val & 0xFFFF;
spin_unlock(&drvdata->spinlock);
return size;
}
@@ -1580,7 +1585,7 @@ static ssize_t res_ctrl_store(struct device *dev,
if (idx % 2 != 0)
/* PAIRINV, bit[21] */
val &= ~BIT(21);
- config->res_ctrl[idx] = val;
+ config->res_ctrl[idx] = val & GENMASK(21, 0);
spin_unlock(&drvdata->spinlock);
return size;
}
--
2.17.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-11-04 18:13 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-04 18:12 [PATCH 00/14] coresight: next v5.4-rc6 Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 01/14] coresight: etm4x: Save/restore state across CPU low power states Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 02/14] dt-bindings: arm: coresight: Add support for coresight-loses-context-with-cpu Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 03/14] coresight: etm4x: Add support for ThunderX2 Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 04/14] coresight: etm4x: Fixes for ETM v4.4 architecture updates Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier [this message]
2019-11-04 18:12 ` [PATCH 05/14] coresight: etm4x: Fix input validation for sysfs Mathieu Poirier
2019-11-04 18:12 ` [PATCH 06/14] coresight: etm4x: Add missing API to set EL match on address filters Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 07/14] coresight: etm4x: Fix issues with start-stop logic Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 08/14] coresight: etm4x: Improve usability of sysfs - include/exclude addr Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 09/14] coresight: etm4x: Improve usability of sysfs - CID and VMID masks Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 10/14] coresight: etm4x: Add view comparator settings API to sysfs Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 11/14] coresight: etm4x: Add missing single-shot control " Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 12/14] coresight: Add explicit architecture dependency Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 13/14] coresight: Serialize enabling/disabling a link device Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 18:12 ` [PATCH 14/14] coresight: etm4x: Fix BMVAL misuse Mathieu Poirier
2019-11-04 18:12 ` Mathieu Poirier
2019-11-04 21:03 ` [PATCH 00/14] coresight: next v5.4-rc6 Greg KH
2019-11-04 21:03 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191104181251.26732-6-mathieu.poirier@linaro.org \
--to=mathieu.poirier@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.