Re: [PATCH v8 1/4] coresight: cti: Convert trigger usage fields to dynamic bitmaps and arrays

[Yingchao Deng (Consultant)]

On 4/28/2026 12:59 AM, Leo Yan wrote:
> On Sun, Apr 26, 2026 at 05:44:38PM +0800, Yingchao Deng wrote:
>
> [...]
>
> > @@ -316,23 +316,33 @@ static int cti_plat_process_filter_sigs(struct cti_drvdata *drvdata,
> >   {
> >   	struct cti_trig_grp *tg = NULL;
> >   	int err = 0, nr_filter_sigs;
> > +	int nr_trigs = drvdata->config.nr_trig_max;
> >   
> >   	nr_filter_sigs = cti_plat_count_sig_elements(fwnode,
> >   						     CTI_DT_FILTER_OUT_SIGS);
> >   	if (nr_filter_sigs == 0)
> >   		return 0;
> >   
> > -	if (nr_filter_sigs > drvdata->config.nr_trig_max)
> > +	if (nr_filter_sigs > nr_trigs)
> >   		return -EINVAL;
> >   
> >   	tg = kzalloc_obj(*tg);
> >   	if (!tg)
> >   		return -ENOMEM;
> >   
> > +	tg->used_mask = bitmap_zalloc(nr_trigs, GFP_KERNEL);
> Here would be:
>
>    tg->used_mask = bitmap_zalloc(nr_filter_sigs, GFP_KERNEL);
"nr_filter_sigs" is the count of entries in the DT property array, if 
the DT property is:
    arm,trig-filters = <22 23>;
Here nr_filter_sigs=2, so bitmap_zalloc(2) allocates only 1 unsigned long
(64 bits). set_bit(22/23, used_mask) still fits, but it's logically an 
OOB, and any index >=64 would
write past the end.
> > +	if (!tg->used_mask) {
> > +		kfree(tg);
> > +		return -ENOMEM;
> > +	}
> > +
> It is likely this will have merge conflict with the new patch [1].
>
> You might need to rebase this patch on the top of [1]. We need to
> give [1] priority as it is a fix.
>
> [1] https://lore.kernel.org/linux-arm-kernel/20260426-nr_sigs-v1-1-3b9df99dab97@xxxxxxxxxxxxxxxx/
>
> Otherwise, LGTM:
>
> Reviewed-by: Leo Yan <leo.yan@xxxxxxx>

Will update.

Thanks,
Yingchao