[PATCH 1/3] memory: tegra186-emc: stop borrowing MC aggregate hook for EMC
From: Sumit Gupta
Date: Wed May 27 2026 - 10:06:32 EST
tegra186_emc_interconnect_init() copies the MC's ICC aggregate hook
into the EMC provider. That hook (tegra234_mc_icc_aggregate /
tegra264_mc_icc_aggregate) uses container_of() to recover 'mc',
which is only valid when the icc_provider is embedded in struct
tegra_mc. For an EMC node the provider is embedded in struct
tegra186_emc, so 'mc' points into unrelated memory.
This stayed harmless until commit faafd6ca7e6e ("memory: tegra:
make icc_set_bw return zero if BWMGR not supported") added an
unconditional read of mc->bwmgr_mrq_supported at the top of the
hook. UBSAN catches the stray load on every EMC aggregation:
UBSAN: invalid-load in drivers/memory/tegra/tegra234.c:1104:9
load of value 112 is not a valid value for type '_Bool'
No functional impact in practice, since the hook's only other mc
dereference (mc->num_channels) sits inside a
TEGRA_ICC_MC_CPU_CLUSTER* branch that EMC nodes never enter.
Fix this by setting the EMC provider's aggregate hook to
icc_std_aggregate, instead of borrowing the MC's hook. The MC
providers continue using their own aggregate hooks, where
container_of() correctly resolves to struct tegra_mc.
Reported-by: Jon Hunter <jonathanh@xxxxxxxxxx>
Fixes: 9a38cb27668e ("memory: tegra: Add interconnect support for DRAM scaling in Tegra234")
Signed-off-by: Sumit Gupta <sumitg@xxxxxxxxxx>
---
drivers/memory/tegra/tegra186-emc.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/memory/tegra/tegra186-emc.c b/drivers/memory/tegra/tegra186-emc.c
index 03ebab6fbe68..f71265b303b9 100644
--- a/drivers/memory/tegra/tegra186-emc.c
+++ b/drivers/memory/tegra/tegra186-emc.c
@@ -258,15 +258,13 @@ static int tegra186_emc_icc_get_init_bw(struct icc_node *node, u32 *avg, u32 *pe
static int tegra186_emc_interconnect_init(struct tegra186_emc *emc)
{
- struct tegra_mc *mc = dev_get_drvdata(emc->dev->parent);
- const struct tegra_mc_soc *soc = mc->soc;
struct icc_node *node;
int err;
emc->provider.dev = emc->dev;
emc->provider.set = tegra186_emc_icc_set_bw;
emc->provider.data = &emc->provider;
- emc->provider.aggregate = soc->icc_ops->aggregate;
+ emc->provider.aggregate = icc_std_aggregate;
emc->provider.xlate = tegra186_emc_of_icc_xlate;
emc->provider.get_bw = tegra186_emc_icc_get_init_bw;
--
2.34.1