| Message ID | bebba768156aa3c0757140457bdd0fec10819388.1652217788.git.robin.murphy@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | perf/arm-cmn: Fix filter_sel lookup | expand |
On Tue, 10 May 2022 22:23:08 +0100, Robin Murphy wrote: > Carefully considering the bounds of an array is all well and good, > until you forget that that array also contains a NULL sentinel at > the end and dereference it. So close... > > Applied to will (for-next/perf), thanks! [1/1] perf/arm-cmn: Fix filter_sel lookup https://git.kernel.org/will/c/3630b2a86390 Cheers,
diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c index 15586bbec2f7..282d2f874ec1 100644 --- a/drivers/perf/arm-cmn.c +++ b/drivers/perf/arm-cmn.c @@ -1514,7 +1514,7 @@ static enum cmn_filter_select arm_cmn_filter_sel(enum cmn_model model, struct arm_cmn_event_attr *e; int i; - for (i = 0; i < ARRAY_SIZE(arm_cmn_event_attrs); i++) { + for (i = 0; i < ARRAY_SIZE(arm_cmn_event_attrs) - 1; i++) { e = container_of(arm_cmn_event_attrs[i], typeof(*e), attr.attr); if (e->model & model && e->type == type && e->eventid == eventid) return e->fsel;
Carefully considering the bounds of an array is all well and good, until you forget that that array also contains a NULL sentinel at the end and dereference it. So close... Reported-by: Qian Cai <quic_qiancai@quicinc.com> Signed-off-by: Robin Murphy <robin.murphy@arm.com> --- drivers/perf/arm-cmn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)