Re: [PATCH 1/3] memory: tegra186-emc: stop borrowing MC aggregate hook for EMC

[Krzysztof Kozlowski]

On 09/06/2026 17:07, Jon Hunter wrote:
> 
> On 09/06/2026 16:01, Krzysztof Kozlowski wrote:
>> On 27/05/2026 16:01, Sumit Gupta wrote:
>>> tegra186_emc_interconnect_init() copies the MC's ICC aggregate hook
>>> into the EMC provider.  That hook (tegra234_mc_icc_aggregate /
>>> tegra264_mc_icc_aggregate) uses container_of() to recover 'mc',
>>> which is only valid when the icc_provider is embedded in struct
>>> tegra_mc.  For an EMC node the provider is embedded in struct
>>> tegra186_emc, so 'mc' points into unrelated memory.
>>>
>>> This stayed harmless until commit faafd6ca7e6e ("memory: tegra:
>>> make icc_set_bw return zero if BWMGR not supported") added an
>>> unconditional read of mc->bwmgr_mrq_supported at the top of the
>>> hook.  UBSAN catches the stray load on every EMC aggregation:
>>>
>>>    UBSAN: invalid-load in drivers/memory/tegra/tegra234.c:1104:9
>>>    load of value 112 is not a valid value for type '_Bool'
>>>
>>> No functional impact in practice, since the hook's only other mc
>>> dereference (mc->num_channels) sits inside a
>>> TEGRA_ICC_MC_CPU_CLUSTER* branch that EMC nodes never enter.
>>>
>>> Fix this by setting the EMC provider's aggregate hook to
>>> icc_std_aggregate, instead of borrowing the MC's hook.  The MC
>>> providers continue using their own aggregate hooks, where
>>> container_of() correctly resolves to struct tegra_mc.
>>>
>>> Reported-by: Jon Hunter <jonathanh@xxxxxxxxxx>
>>
>> I assume these reports were offlist. Otherwise this has a valid
>> checkpatch warning.
> 
> 
> Yes some of our internal testing flagged this and I had asked Sumit to 
> take a look.
> 

Ack, thanks!

Best regards,
Krzysztof