diff options
| author | Sumit Gupta <sumitg@nvidia.com> | 2026-05-27 19:31:25 +0530 |
|---|---|---|
| committer | Krzysztof Kozlowski <krzk@kernel.org> | 2026-06-09 17:00:30 +0200 |
| commit | 2e05f3d6005d9aa3e2e423d2471f290d9ccbe3d2 (patch) | |
| tree | 58fe59d86eb78436439003ed898c2320dde0c512 | |
| parent | d530ed059dac445dc5b81d564adf1952b5c4adba (diff) | |
| download | lwn-2e05f3d6005d9aa3e2e423d2471f290d9ccbe3d2.tar.gz lwn-2e05f3d6005d9aa3e2e423d2471f290d9ccbe3d2.zip | |
memory: tegra186-emc: stop borrowing MC aggregate hook for EMC
tegra186_emc_interconnect_init() copies the MC's ICC aggregate hook
into the EMC provider. That hook (tegra234_mc_icc_aggregate /
tegra264_mc_icc_aggregate) uses container_of() to recover 'mc',
which is only valid when the icc_provider is embedded in struct
tegra_mc. For an EMC node the provider is embedded in struct
tegra186_emc, so 'mc' points into unrelated memory.
This stayed harmless until commit faafd6ca7e6e ("memory: tegra:
make icc_set_bw return zero if BWMGR not supported") added an
unconditional read of mc->bwmgr_mrq_supported at the top of the
hook. UBSAN catches the stray load on every EMC aggregation:
UBSAN: invalid-load in drivers/memory/tegra/tegra234.c:1104:9
load of value 112 is not a valid value for type '_Bool'
No functional impact in practice, since the hook's only other mc
dereference (mc->num_channels) sits inside a
TEGRA_ICC_MC_CPU_CLUSTER* branch that EMC nodes never enter.
Fix this by setting the EMC provider's aggregate hook to
icc_std_aggregate, instead of borrowing the MC's hook. The MC
providers continue using their own aggregate hooks, where
container_of() correctly resolves to struct tegra_mc.
Reported-by: Jon Hunter <jonathanh@nvidia.com>
Fixes: 9a38cb27668e ("memory: tegra: Add interconnect support for DRAM scaling in Tegra234")
Signed-off-by: Sumit Gupta <sumitg@nvidia.com>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://patch.msgid.link/20260527140127.49172-2-sumitg@nvidia.com
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
| -rw-r--r-- | drivers/memory/tegra/tegra186-emc.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/drivers/memory/tegra/tegra186-emc.c b/drivers/memory/tegra/tegra186-emc.c index 03ebab6fbe68..f71265b303b9 100644 --- a/drivers/memory/tegra/tegra186-emc.c +++ b/drivers/memory/tegra/tegra186-emc.c @@ -258,15 +258,13 @@ static int tegra186_emc_icc_get_init_bw(struct icc_node *node, u32 *avg, u32 *pe static int tegra186_emc_interconnect_init(struct tegra186_emc *emc) { - struct tegra_mc *mc = dev_get_drvdata(emc->dev->parent); - const struct tegra_mc_soc *soc = mc->soc; struct icc_node *node; int err; emc->provider.dev = emc->dev; emc->provider.set = tegra186_emc_icc_set_bw; emc->provider.data = &emc->provider; - emc->provider.aggregate = soc->icc_ops->aggregate; + emc->provider.aggregate = icc_std_aggregate; emc->provider.xlate = tegra186_emc_of_icc_xlate; emc->provider.get_bw = tegra186_emc_icc_get_init_bw; |