memory: tegra186-emc: stop borrowing MC aggregate hook for EMC

tegra186_emc_interconnect_init() copies the MC's ICC aggregate hook
into the EMC provider.  That hook (tegra234_mc_icc_aggregate /
tegra264_mc_icc_aggregate) uses container_of() to recover 'mc',
which is only valid when the icc_provider is embedded in struct
tegra_mc.  For an EMC node the provider is embedded in struct
tegra186_emc, so 'mc' points into unrelated memory.

This stayed harmless until commit faafd6ca7e6e ("memory: tegra:
make icc_set_bw return zero if BWMGR not supported") added an
unconditional read of mc->bwmgr_mrq_supported at the top of the
hook.  UBSAN catches the stray load on every EMC aggregation:

  UBSAN: invalid-load in drivers/memory/tegra/tegra234.c:1104:9
  load of value 112 is not a valid value for type '_Bool'

No functional impact in practice, since the hook's only other mc
dereference (mc->num_channels) sits inside a
TEGRA_ICC_MC_CPU_CLUSTER* branch that EMC nodes never enter.

Fix this by setting the EMC provider's aggregate hook to
icc_std_aggregate, instead of borrowing the MC's hook.  The MC
providers continue using their own aggregate hooks, where
container_of() correctly resolves to struct tegra_mc.

Reported-by: Jon Hunter <jonathanh@nvidia.com>
Fixes: 9a38cb27668e ("memory: tegra: Add interconnect support for DRAM scaling in Tegra234")
Signed-off-by: Sumit Gupta <sumitg@nvidia.com>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://patch.msgid.link/20260527140127.49172-2-sumitg@nvidia.com
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>

diff --git a/drivers/memory/tegra/tegra186-emc.c b/drivers/memory/tegra/tegra186-emc.c
index 03ebab6fbe68fe8030ab9a4358aba7bef641e521..f71265b303b9762e854bc1b9138f59cb11dc347a 100644 (file)
--- a/drivers/memory/tegra/tegra186-emc.c
+++ b/drivers/memory/tegra/tegra186-emc.c
@@ -258,15 +258,13 @@ static int tegra186_emc_icc_get_init_bw(struct icc_node *node, u32 *avg, u32 *pe
 
 static int tegra186_emc_interconnect_init(struct tegra186_emc *emc)
 {
-       struct tegra_mc *mc = dev_get_drvdata(emc->dev->parent);
-       const struct tegra_mc_soc *soc = mc->soc;
        struct icc_node *node;
        int err;
 
        emc->provider.dev = emc->dev;
        emc->provider.set = tegra186_emc_icc_set_bw;
        emc->provider.data = &emc->provider;
-       emc->provider.aggregate = soc->icc_ops->aggregate;
+       emc->provider.aggregate = icc_std_aggregate;
        emc->provider.xlate = tegra186_emc_of_icc_xlate;
        emc->provider.get_bw = tegra186_emc_icc_get_init_bw;