| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171213224541.GA31477@embeddedor.com>
Date: Wed, 13 Dec 2017 16:45:41 -0600
From: "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To: "Rafael J. Wysocki" <rjw@...ysocki.net>,
Len Brown <lenb@...nel.org>,
George Cherian <george.cherian@...ium.com>
Cc: linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org,
"Gustavo A. R. Silva" <garsilva@...eddedor.com>
Subject: [PATCH] ACPI / CPPC: Fix negative array index read in cppc_set_perf
If pcc_ss_id is less than 0, there is a negative array index read
before verifying pcc_ss_id is not a negative value.
Fix this by removing the code that triggers this issue.
Notice that this code is already properly placed after the check
on pcc_ss_id at line 1182: pcc_ss_data = pcc_data[pcc_ss_id];
Addresses-Coverity-ID: 1426090 ("Negative array index read")
Fixes: 1ecbd7170d65 ("ACPI / CPPC: Fix KASAN global out of bounds warning")
Signed-off-by: Gustavo A. R. Silva <garsilva@...eddedor.com>
---
drivers/acpi/cppc_acpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
index 30e84cc..06ea474 100644
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -1171,7 +1171,7 @@ int cppc_set_perf(int cpu, struct cppc_perf_ctrls *perf_ctrls)
struct cpc_desc *cpc_desc = per_cpu(cpc_desc_ptr, cpu);
struct cpc_register_resource *desired_reg;
int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu);
- struct cppc_pcc_data *pcc_ss_data = pcc_data[pcc_ss_id];
+ struct cppc_pcc_data *pcc_ss_data;
int ret = 0;
if (!cpc_desc || pcc_ss_id < 0) {
--
2.7.4
Powered by blists - more mailing lists