Re: [PATCH 1/3] memory: tegra186-emc: stop borrowing MC aggregate hook for EMC

[Jon Hunter]

On 09/06/2026 16:01, Krzysztof Kozlowski wrote:
> On 27/05/2026 16:01, Sumit Gupta wrote:
> > tegra186_emc_interconnect_init() copies the MC's ICC aggregate hook
> > into the EMC provider.  That hook (tegra234_mc_icc_aggregate /
> > tegra264_mc_icc_aggregate) uses container_of() to recover 'mc',
> > which is only valid when the icc_provider is embedded in struct
> > tegra_mc.  For an EMC node the provider is embedded in struct
> > tegra186_emc, so 'mc' points into unrelated memory.
> >
> > This stayed harmless until commit faafd6ca7e6e ("memory: tegra:
> > make icc_set_bw return zero if BWMGR not supported") added an
> > unconditional read of mc->bwmgr_mrq_supported at the top of the
> > hook.  UBSAN catches the stray load on every EMC aggregation:
> >
> >    UBSAN: invalid-load in drivers/memory/tegra/tegra234.c:1104:9
> >    load of value 112 is not a valid value for type '_Bool'
> >
> > No functional impact in practice, since the hook's only other mc
> > dereference (mc->num_channels) sits inside a
> > TEGRA_ICC_MC_CPU_CLUSTER* branch that EMC nodes never enter.
> >
> > Fix this by setting the EMC provider's aggregate hook to
> > icc_std_aggregate, instead of borrowing the MC's hook.  The MC
> > providers continue using their own aggregate hooks, where
> > container_of() correctly resolves to struct tegra_mc.
> >
> > Reported-by: Jon Hunter <jonathanh@xxxxxxxxxx>
>
> I assume these reports were offlist. Otherwise this has a valid
> checkpatch warning.


Yes some of our internal testing flagged this and I had asked Sumit to 
take a look.

Cheers
Jon

--
nvpublic