* Gautham R Shenoy <ego@xxxxxxxxxxxxxxxxxx> [2019-03-08 21:03:24]:
> From: "Gautham R. Shenoy" <ego@xxxxxxxxxxxxxxxxxx>
>
> In cpu_to_drc_index() in the case when FW_FEATURE_DRC_INFO is absent,
> we currently use of_read_property() to obtain the pointer to the array
> corresponding to the property "ibm,drc-indexes". The elements of this
> array are of type __be32, but are accessed without any conversion to
> the OS-endianness, which is buggy on a Little Endian OS.
>
> Fix this by using of_property_read_u32_index() accessor function to
> safely read the elements of the array.
>
> Fixes: commit e83636ac3334 ("pseries/drc-info: Search DRC properties for CPU indexes")
> Cc: <stable@xxxxxxxxxxxxxxx> #v4.16+
> Reported-by: Pavithra R. Prakash <pavrampu@xxxxxxxxxx>
> Signed-off-by: Gautham R. Shenoy <ego@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Vaidyanathan Srinivasan <svaidy@xxxxxxxxxxxxxxxxxx>
> ---
> arch/powerpc/platforms/pseries/pseries_energy.c | 27 ++++++++++++++++---------
> 1 file changed, 18 insertions(+), 9 deletions(-)
>
> diff --git a/arch/powerpc/platforms/pseries/pseries_energy.c b/arch/powerpc/platforms/pseries/pseries_energy.c
> index 6ed2212..1c4d1ba 100644
> --- a/arch/powerpc/platforms/pseries/pseries_energy.c
> +++ b/arch/powerpc/platforms/pseries/pseries_energy.c
> @@ -77,18 +77,27 @@ static u32 cpu_to_drc_index(int cpu)
>
> ret = drc.drc_index_start + (thread_index * drc.sequential_inc);
> } else {
> - const __be32 *indexes;
> -
> - indexes = of_get_property(dn, "ibm,drc-indexes", NULL);
> - if (indexes == NULL)
> - goto err_of_node_put;
> + u32 nr_drc_indexes, thread_drc_index;
>
> /*
> - * The first element indexes[0] is the number of drc_indexes
> - * returned in the list. Hence thread_index+1 will get the
> - * drc_index corresponding to core number thread_index.
> + * The first element of ibm,drc-indexes array is the
> + * number of drc_indexes returned in the list. Hence
> + * thread_index+1 will get the drc_index corresponding
> + * to core number thread_index.
> */
> - ret = indexes[thread_index + 1];
> + rc = of_property_read_u32_index(dn, "ibm,drc-indexes",
> + 0, &nr_drc_indexes);
> + if (rc)
> + goto err_of_node_put;
> +
> + WARN_ON(thread_index > nr_drc_indexes);
> + rc = of_property_read_u32_index(dn, "ibm,drc-indexes",
> + thread_index + 1,
> + &thread_drc_index);
> + if (rc)
> + goto err_of_node_put;
> +
> + ret = thread_drc_index;
Oops! Good bugfix. We should use device tree accessors like this in
all places for correct and safe code.
Thanks!
--Vaidy
