diff options
author | Carl Love <cel@us.ibm.com> | 2008-10-29 05:06:45 +0000 |
---|---|---|
committer | Paul Mackerras <paulus@samba.org> | 2008-10-31 16:13:51 +1100 |
commit | 210434d7633d477aa503454d68511fa2904e418e (patch) | |
tree | 8f06b51f5dc03f35fd7cb54329d0a61c88db9cd2 /arch/powerpc/oprofile | |
parent | 3c10c9c45e290022ca7d2aa1ad33a0b6ed767520 (diff) |
powerpc/cell/OProfile: Fix on-stack array size in activate spu profiling function
The size of the pm_signal_local array should be equal to the
number of SPUs being configured in the array. Currently, the
array is of size 4 (NR_PHYS_CTRS) but being indexed by a for
loop from 0 to 7 (NUM_SPUS_PER_NODE). This could potentially
cause an oops or random memory corruption since the pm_signal_local
array is on the stack. This fixes it.
Signed-off-by: Carl Love <carll@us.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Diffstat (limited to 'arch/powerpc/oprofile')
-rw-r--r-- | arch/powerpc/oprofile/op_model_cell.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/arch/powerpc/oprofile/op_model_cell.c b/arch/powerpc/oprofile/op_model_cell.c index 35141a8bc3d9..25a4ec2514a3 100644 --- a/arch/powerpc/oprofile/op_model_cell.c +++ b/arch/powerpc/oprofile/op_model_cell.c @@ -582,6 +582,13 @@ static int cell_reg_setup(struct op_counter_config *ctr, num_counters = num_ctrs; + if (unlikely(num_ctrs > NR_PHYS_CTRS)) { + printk(KERN_ERR + "%s: Oprofile, number of specified events " \ + "exceeds number of physical counters\n", + __func__); + return -EIO; + } pm_regs.group_control = 0; pm_regs.debug_bus_control = 0; @@ -830,13 +837,13 @@ static int calculate_lfsr(int n) static int pm_rtas_activate_spu_profiling(u32 node) { int ret, i; - struct pm_signal pm_signal_local[NR_PHYS_CTRS]; + struct pm_signal pm_signal_local[NUM_SPUS_PER_NODE]; /* * Set up the rtas call to configure the debug bus to * route the SPU PCs. Setup the pm_signal for each SPU */ - for (i = 0; i < NUM_SPUS_PER_NODE; i++) { + for (i = 0; i < ARRAY_SIZE(pm_signal_local); i++) { pm_signal_local[i].cpu = node; pm_signal_local[i].signal_group = 41; /* spu i on word (i/2) */ @@ -848,7 +855,7 @@ static int pm_rtas_activate_spu_profiling(u32 node) ret = rtas_ibm_cbe_perftools(SUBFUNC_ACTIVATE, PASSTHRU_ENABLE, pm_signal_local, - (NUM_SPUS_PER_NODE + (ARRAY_SIZE(pm_signal_local) * sizeof(struct pm_signal))); if (unlikely(ret)) { |