[PATCH 5.8 229/633] coresight: fix offset by one error in counting ports

From: Greg Kroah-Hartman
Date: Tue Oct 27 2020 - 13:17:11 EST


From: Mian Yousaf Kaukab <ykaukab@xxxxxxx>

[ Upstream commit 9554c3551ed35d79b029e5e69383ae33117d9765 ]

Since port-numbers start from 0, add 1 to port-number to get the port
count.

Fix following crash when Coresight is enabled on ACPI based systems:

[ 61.061736] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
...
[ 61.135494] pc : acpi_coresight_parse_graph+0x1c4/0x37c
[ 61.140705] lr : acpi_coresight_parse_graph+0x160/0x37c
[ 61.145915] sp : ffff800012f4ba40
[ 61.145917] x29: ffff800012f4ba40 x28: ffff00becce62f98
[ 61.159896] x27: 0000000000000005 x26: ffff00becd8a7c88
[ 61.165195] x25: ffff00becd8a7d88 x24: ffff00becce62f80
[ 61.170492] x23: ffff800011ef99c0 x22: ffff009efb8bc010
[ 61.175790] x21: 0000000000000018 x20: 0000000000000005
[ 61.181087] x19: ffff00becce62e80 x18: 0000000000000020
[ 61.186385] x17: 0000000000000001 x16: 00000000000002a8
[ 61.191682] x15: ffff000838648550 x14: ffffffffffffffff
[ 61.196980] x13: 0000000000000000 x12: ffff00becce62d87
[ 61.202277] x11: 00000000ffffff76 x10: 000000000000002e
[ 61.207575] x9 : ffff8000107e1a68 x8 : ffff00becce63000
[ 61.212873] x7 : 0000000000000018 x6 : 000000000000003f
[ 61.218170] x5 : 0000000000000000 x4 : 0000000000000000
[ 61.223467] x3 : 0000000000000000 x2 : 0000000000000000
[ 61.228764] x1 : ffff00becce62f80 x0 : 0000000000000000
[ 61.234062] Call trace:
[ 61.236497] acpi_coresight_parse_graph+0x1c4/0x37c
[ 61.241361] coresight_get_platform_data+0xdc/0x130
[ 61.246225] tmc_probe+0x138/0x2dc
[ 61.246227] amba_probe+0xdc/0x220
[ 61.255779] really_probe+0xe8/0x49c
[ 61.255781] driver_probe_device+0xec/0x140
[ 61.255782] device_driver_attach+0xc8/0xd0
[ 61.255785] __driver_attach+0xac/0x180
[ 61.265857] bus_for_each_dev+0x78/0xcc
[ 61.265859] driver_attach+0x2c/0x40
[ 61.265861] bus_add_driver+0x150/0x244
[ 61.265863] driver_register+0x80/0x13c
[ 61.273591] amba_driver_register+0x60/0x70
[ 61.273594] tmc_driver_init+0x20/0x2c
[ 61.281582] do_one_initcall+0x50/0x230
[ 61.281585] do_initcalls+0x104/0x144
[ 61.291831] kernel_init_freeable+0x168/0x1dc
[ 61.291834] kernel_init+0x1c/0x120
[ 61.299215] ret_from_fork+0x10/0x18
[ 61.299219] Code: b9400022 f9400660 9b277c42 8b020000 (f9400404)
[ 61.307381] ---[ end trace 63c6c3d7ec6a9b7c ]---
[ 61.315225] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

Fixes: d375b356e687 ("coresight: Fix support for sparsely populated ports")
Reported-by: Ruediger Oertel <ro@xxxxxxxx>
Tested-by: Jeremy Linton <jeremy.linton@xxxxxxx>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
Reviewed-by: Jeremy Linton <jeremy.linton@xxxxxxx>
Signed-off-by: Mian Yousaf Kaukab <ykaukab@xxxxxxx>
Signed-off-by: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20200916191737.4001561-4-mathieu.poirier@xxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/hwtracing/coresight/coresight-platform.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/hwtracing/coresight/coresight-platform.c b/drivers/hwtracing/coresight/coresight-platform.c
index e4912abda3aa2..85a6c099ddeb1 100644
--- a/drivers/hwtracing/coresight/coresight-platform.c
+++ b/drivers/hwtracing/coresight/coresight-platform.c
@@ -712,11 +712,11 @@ static int acpi_coresight_parse_graph(struct acpi_device *adev,
return dir;

if (dir == ACPI_CORESIGHT_LINK_MASTER) {
- if (ptr->outport > pdata->nr_outport)
- pdata->nr_outport = ptr->outport;
+ if (ptr->outport >= pdata->nr_outport)
+ pdata->nr_outport = ptr->outport + 1;
ptr++;
} else {
- WARN_ON(pdata->nr_inport == ptr->child_port);
+ WARN_ON(pdata->nr_inport == ptr->child_port + 1);
/*
* We do not track input port connections for a device.
* However we need the highest port number described,
@@ -724,8 +724,8 @@ static int acpi_coresight_parse_graph(struct acpi_device *adev,
* record for an output connection. Hence, do not move
* the ptr for input connections
*/
- if (ptr->child_port > pdata->nr_inport)
- pdata->nr_inport = ptr->child_port;
+ if (ptr->child_port >= pdata->nr_inport)
+ pdata->nr_inport = ptr->child_port + 1;
}
}

--
2.25.1