From: Adrian Hunter <adrian.hunter@xxxxxxxxx> commit ad97196379d0b8cb24ef3d5006978a6554e6467f upstream. topa_entry->base is a bit-field. Bit-fields are not promoted to a 64-bit type, even if the underlying type is 64-bit, and so, if necessary, must be cast to a larger type when calculations are done. Fix a topa_entry->base address calculation by adding a cast. Without the cast, the address was limited to 36-bits i.e. 64GiB. The address calculation is used on systems that do not support Multiple Entry ToPA (only Broadwell), and affects physical addresses on or above 64GiB. Instead of writing to the correct address, the address comprising the first 36 bits would be written to. Intel PT snapshot and sampling modes are not affected. Fixes: 52ca9ced3f70 ("perf/x86/intel/pt: Add Intel PT PMU driver") Reported-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> Signed-off-by: Adrian Hunter <adrian.hunter@xxxxxxxxx> Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Link: https://lore.kernel.org/r/20240624201101.60186-3-adrian.hunter@xxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/x86/events/intel/pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/events/intel/pt.c +++ b/arch/x86/events/intel/pt.c @@ -827,7 +827,7 @@ static void pt_update_head(struct pt *pt */ static void *pt_buffer_region(struct pt_buffer *buf) { - return phys_to_virt(TOPA_ENTRY(buf->cur, buf->cur_idx)->base << TOPA_SHIFT); + return phys_to_virt((phys_addr_t)TOPA_ENTRY(buf->cur, buf->cur_idx)->base << TOPA_SHIFT); } /** Patches currently in stable-queue which might be from adrian.hunter@xxxxxxxxx are queue-5.4/perf-prevent-passing-zero-nr_pages-to-rb_alloc_aux.patch queue-5.4/perf-x86-intel-pt-fix-a-topa_entry-base-address-calculation.patch queue-5.4/perf-fix-perf_aux_size-for-greater-than-32-bit-size.patch queue-5.4/perf-x86-intel-pt-fix-pt_topa_entry_for_page-address.patch queue-5.4/perf-x86-intel-pt-fix-topa_entry-base-length.patch