diff options
author | Jeffrey Deans <jeffrey.deans@imgtec.com> | 2014-07-17 09:20:56 +0100 |
---|---|---|
committer | Jiri Slaby <jslaby@suse.cz> | 2014-09-17 16:55:06 +0200 |
commit | 41c6ebd1c89fd33d9d55fe5307626b35503d87db (patch) | |
tree | 78ed7cfdeca1de9e4b54256f864091326b087715 /arch/mips | |
parent | 3ebf51b399b298a8f012f711ad514123d00581c5 (diff) | |
download | lwn-41c6ebd1c89fd33d9d55fe5307626b35503d87db.tar.gz lwn-41c6ebd1c89fd33d9d55fe5307626b35503d87db.zip |
MIPS: GIC: Prevent array overrun
commit ffc8415afab20bd97754efae6aad1f67b531132b upstream.
A GIC interrupt which is declared as having a GIC_MAP_TO_NMI_MSK
mapping causes the cpu parameter to gic_setup_intr() to be increased
to 32, causing memory corruption when pcpu_masks[] is written to again
later in the function.
Signed-off-by: Jeffrey Deans <jeffrey.deans@imgtec.com>
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7375/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'arch/mips')
-rw-r--r-- | arch/mips/kernel/irq-gic.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/arch/mips/kernel/irq-gic.c b/arch/mips/kernel/irq-gic.c index 5b5ddb231f26..78f18436cdf2 100644 --- a/arch/mips/kernel/irq-gic.c +++ b/arch/mips/kernel/irq-gic.c @@ -255,11 +255,13 @@ static void __init gic_setup_intr(unsigned int intr, unsigned int cpu, /* Setup Intr to Pin mapping */ if (pin & GIC_MAP_TO_NMI_MSK) { + int i; + GICWRITE(GIC_REG_ADDR(SHARED, GIC_SH_MAP_TO_PIN(intr)), pin); /* FIXME: hack to route NMI to all cpu's */ - for (cpu = 0; cpu < NR_CPUS; cpu += 32) { + for (i = 0; i < NR_CPUS; i += 32) { GICWRITE(GIC_REG_ADDR(SHARED, - GIC_SH_MAP_TO_VPE_REG_OFF(intr, cpu)), + GIC_SH_MAP_TO_VPE_REG_OFF(intr, i)), 0xffffffff); } } else { |