From: Will Deacon <will.deacon@arm.com>
Date: Tue, 20 Aug 2013 10:47:39 +0000 (+0100)
Subject: arm64: perf: fix array out of bounds access in armpmu_map_hw_event()
X-Git-Tag: firefly_0821_release~3680^2~35^2~1^2~124^2~24
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=741dff38f169e49d8731e7362569fe4b1f9482de;p=firefly-linux-kernel-4.4.55.git

arm64: perf: fix array out of bounds access in armpmu_map_hw_event()

commit 868f6fea8fa63f09acbfa93256d0d2abdcabff79 upstream.

This is a port of d9f966357b14 ("ARM: 7810/1: perf: Fix array out of
bounds access in armpmu_map_hw_event()") to arm64, which fixes an oops
in the arm64 perf backend found as a result of Vince's fuzzing tool.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

(cherry picked from commit 975a3cd4cc0dff06a635cb16b8fb25fd3ae88234)
Signed-off-by: Mark Brown <broonie@linaro.org>
---

diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c
index 9ba33c40cdf8..2012646fb46f 100644
--- a/arch/arm64/kernel/perf_event.c
+++ b/arch/arm64/kernel/perf_event.c
@@ -107,7 +107,12 @@ armpmu_map_cache_event(const unsigned (*cache_map)
 static int
 armpmu_map_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config)
 {
-	int mapping = (*event_map)[config];
+	int mapping;
+
+	if (config >= PERF_COUNT_HW_MAX)
+		return -EINVAL;
+
+	mapping = (*event_map)[config];
 	return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping;
 }