Re: [PATCH] coresight: ultrasoc-smb: Fix OOB write in smb_sync_perf_buffer()

4 Jun 2026


      On Thu, 04 Jun 2026 15:34:25 +0800, Junrui Luo wrote:
...
When the SMB sink is used as a perf AUX sink, smb_update_buffer() calls
smb_sync_perf_buffer() to copy hardware trace data into the perf AUX ring
buffer pages. It derives pg_idx = head >> PAGE_SHIFT from @head, which is
handle->head, and indexes dst_pages[pg_idx]. The pg_idx %= nr_pages
normalization is only applied after the first loop iteration.
This leaves the initial page index underived from the buffer size, which
can result in an out-of-bounds write past dst_pages[] when head exceeds
the AUX buffer size.
[...]
Applied, thanks!
[1/1] coresight: ultrasoc-smb: Fix OOB write in smb_sync_perf_buffer()
      https://git.kernel.org/coresight/c/98495b5a4d77
Best regards,
-- 
Suzuki K Poulose suzuki.poulose@arm.com

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Re: [PATCH] coresight: ultrasoc-smb: Fix OOB write in smb_sync_perf_buffer()