From patchwork Tue Jun 14 17:17:14 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mathieu Poirier <mathieu.poirier@linaro.org>
X-Patchwork-Id: 9176341
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	7037660772 for <patchwork-linux-arm@patchwork.kernel.org>;
	Tue, 14 Jun 2016 17:19:24 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6311828047
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Tue, 14 Jun 2016 17:19:24 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 580A32823D; Tue, 14 Jun 2016 17:19:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.9])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1768328047
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Tue, 14 Jun 2016 17:19:24 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1bCrye-0005qy-7p; Tue, 14 Jun 2016 17:18:12 +0000
Received: from mail-it0-x235.google.com ([2607:f8b0:4001:c0b::235])
	by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
	Linux)) id 1bCry8-0005Un-L5
	for linux-arm-kernel@lists.infradead.org;
	Tue, 14 Jun 2016 17:17:41 +0000
Received: by mail-it0-x235.google.com with SMTP id e5so443708ith.0
	for <linux-arm-kernel@lists.infradead.org>;
	Tue, 14 Jun 2016 10:17:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=9HOZjo3AzCY9MglSdmbERj/QbYi9UShcAHUSI9oVq4w=;
	b=bjs0E5CJ9Odl9cdSKTSo8RY6YLMJoS5WoeGH/G4BJPrI2ZkZdRzccHEo8ki8JLXobg
	BxvL1yvkKx3kHRPZAIDMAgI5NnDzdaT0qEF89znTDjqYszublqGkk8Z0osfbEfnkcs7h
	yuHBSydHnahVozfJQdW2CNko9RlPsCVWxhjYo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=9HOZjo3AzCY9MglSdmbERj/QbYi9UShcAHUSI9oVq4w=;
	b=ZaQG6dHTFApHgUkOIxevpP1qYtw+8rl180lYcv9/BwI4VPstzGCuUTiT8HOYzG4NAe
	PdHbiWnFHOT33MZJz8PQ+CJFZQ/efbfxCxaNb1OoasVFFFjnIXswHXE2kb+a4Wr7qe5v
	sl383ql2jyUs20+Kg4F+2JPHI/nyJZzcUQzDrGQdwcvuebiQGMz49/ULNHAsOVGWIEcD
	TRrzqPpbyObq5fgDF7E4XhhXKa1r0nXCetqf3DOOHbbaOr3azS9umhKH77cgtpkKnl8t
	aS773jCELuNyByVTxZfp2YskPgwDYpoDdmMZvBQmkKzZp3XMnT/9MRvl8zJtz+Iw1q/d
	x5MQ==
X-Gm-Message-State: 
 ALyK8tJelqBPVdKZhxeUtAIeza6J44BI+bBHY37oaA9vvSl4fmBiUusaH1NSSa8HbZPPFt0Y
X-Received: by 10.36.200.131 with SMTP id w125mr27136742itf.80.1465924639674;
	Tue, 14 Jun 2016 10:17:19 -0700 (PDT)
Received: from t430.cg.shawcable.net (S0106002369de4dac.cg.shawcable.net.
	[68.147.8.254]) by smtp.gmail.com with ESMTPSA id
	k101sm10505401ioi.9.2016.06.14.10.17.18
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 14 Jun 2016 10:17:19 -0700 (PDT)
From: Mathieu Poirier <mathieu.poirier@linaro.org>
To: gregkh@linuxfoundation.org
Subject: [PATCH 3/3] coresight: Fix erroneous memset in
	tmc_read_unprepare_etr
Date: Tue, 14 Jun 2016 11:17:14 -0600
Message-Id: <1465924634-22310-4-git-send-email-mathieu.poirier@linaro.org>
X-Mailer: git-send-email 2.5.0
In-Reply-To: <1465924634-22310-1-git-send-email-mathieu.poirier@linaro.org>
References: <1465924634-22310-1-git-send-email-mathieu.poirier@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20160614_101740_818106_0885C28E 
X-CRM114-Status: GOOD (  14.75  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	suzuki.poulose@arm.com
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Suzuki K Poulose <suzuki.poulose@arm.com>

At the end of a trace collection, we try to clear the entire buffer
and enable the ETR back if it was already enabled. But, we would have
adjusted the drvdata->buf to point to the beginning of the trace data
in the trace buffer @drvdata->vaddr. So, the following code which
clears the buffer is dangerous and can cause crashes, like below :

	memset(drvdata->buf, 0, drvdata->size);

 Unable to handle kernel paging request at virtual address ffffff800a145000
 pgd = ffffffc974726000
 *pgd=00000009f3e91003, *pud=00000009f3e91003, *pmd=0000000000000000
 PREEMPT SMP
 Modules linked in:
 CPU: 4 PID: 1692 Comm: dd Not tainted 4.7.0-rc2+ #1721
 Hardware name: ARM Juno development board (r0) (DT)
 task: ffffffc9734a0080 ti: ffffffc974460000 task.ti: ffffffc974460000
 PC is at __memset+0x1ac/0x200
 LR is at tmc_read_unprepare_etr+0x144/0x1bc
 pc : [<ffffff80083a05ac>] lr : [<ffffff800859c984>] pstate: 200001c5
 ...
 [<ffffff80083a05ac>] __memset+0x1ac/0x200
 [<ffffff800859b2e4>] tmc_release+0x90/0x94
 [<ffffff8008202f58>] __fput+0xa8/0x1ec
 [<ffffff80082030f4>] ____fput+0xc/0x14
 [<ffffff80080c3ef8>] task_work_run+0xb0/0xe4
 [<ffffff8008088bf4>] do_notify_resume+0x64/0x6c
 [<ffffff8008084d5c>] work_pending+0x10/0x14
 Code: 91010108 54ffff4a 8b040108 cb050042 (d50b7428)

Since we clear the buffer anyway in the following call to
tmc_etr_enable_hw(), remove the erroneous memset().

Fixes: commit de5461970b3e9e1 ("coresight: tmc: allocating memory when needed")
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
---
 drivers/hwtracing/coresight/coresight-tmc-etr.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c
index 3369d7a80a51..688be9e060fc 100644
--- a/drivers/hwtracing/coresight/coresight-tmc-etr.c
+++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c
@@ -300,13 +300,10 @@ int tmc_read_unprepare_etr(struct tmc_drvdata *drvdata)
 	if (local_read(&drvdata->mode) == CS_MODE_SYSFS) {
 		/*
 		 * The trace run will continue with the same allocated trace
-		 * buffer. As such zero-out the buffer so that we don't end
-		 * up with stale data.
-		 *
-		 * Since the tracer is still enabled drvdata::buf
-		 * can't be NULL.
+		 * buffer. The trace buffer is cleared in tmc_etr_enable_hw(),
+		 * so we don't have to explicitly clear it. Also, since the
+		 * tracer is still enabled drvdata::buf can't be NULL.
 		 */
-		memset(drvdata->buf, 0, drvdata->size);
 		tmc_etr_enable_hw(drvdata);
 	} else {
 		/*