From: Will Deacon <will.deacon@arm.com>
Date: Tue, 20 Aug 2013 10:47:39 +0000 (+0100)
Subject: arm64: perf: fix array out of bounds access in armpmu_map_hw_event()
X-Git-Tag: v3.11-rc7~21^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=868f6fea8fa63f09acbfa93256d0d2abdcabff79;p=profile%2Fcommon%2Fkernel-common.git

arm64: perf: fix array out of bounds access in armpmu_map_hw_event()

This is a port of d9f966357b14 ("ARM: 7810/1: perf: Fix array out of
bounds access in armpmu_map_hw_event()") to arm64, which fixes an oops
in the arm64 perf backend found as a result of Vince's fuzzing tool.

Cc: <stable@vger.kernel.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
---

diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c
index 9ba33c4..2012646 100644
--- a/arch/arm64/kernel/perf_event.c
+++ b/arch/arm64/kernel/perf_event.c
@@ -107,7 +107,12 @@ armpmu_map_cache_event(const unsigned (*cache_map)
 static int
 armpmu_map_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config)
 {
-	int mapping = (*event_map)[config];
+	int mapping;
+
+	if (config >= PERF_COUNT_HW_MAX)
+		return -EINVAL;
+
+	mapping = (*event_map)[config];
 	return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping;
 }