lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1553010745-26585-1-git-send-email-yamada.masahiro@socionext.com>
Date:   Wed, 20 Mar 2019 00:52:25 +0900
From:   Masahiro Yamada <yamada.masahiro@...ionext.com>
To:     linux-arm-kernel@...ts.infradead.org
Cc:     Marc Zyngier <marc.zyngier@....com>,
        Russell King <rmk+kernel@...linux.org.uk>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Grygorii Strashko <grygorii.strashko@...com>,
        linux-kernel@...r.kernel.org, Yufen Wang <wangyufen@...wei.com>,
        Russell King <linux@...linux.org.uk>,
        Dietmar Eggemann <dietmar.eggemann@....com>
Subject: [PATCH] ARM: fix out-of-bound access to ipi_types[]

Since commit e7273ff49acf ("ARM: 8488/1: Make IPI_CPU_BACKTRACE a
"non-secure" SGI"), IPI_CPU_BACKTRACE is assigned to SGI7.

raise_nmi() passes IPI_CPU_BACKTRACE (=7) into smp_cross_call(),
but it is above the array bound of ipi_types[].

Increase NR_IPI, and add the entry to ipi_types[].

This fixes the following GCC warning:

  CC      arch/arm/kernel/smp.o
arch/arm/kernel/smp.c: In function 'raise_nmi':
arch/arm/kernel/smp.c:522:2: warning: array subscript 7 is above array bounds of 'const char *[7]' [-Warray-bounds]
  trace_ipi_raise_rcuidle(target, ipi_types[ipinr]);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Masahiro Yamada <yamada.masahiro@...ionext.com>
---

 arch/arm/include/asm/hardirq.h | 2 +-
 arch/arm/kernel/smp.c          | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/hardirq.h b/arch/arm/include/asm/hardirq.h
index cba23ea..c7e3a71 100644
--- a/arch/arm/include/asm/hardirq.h
+++ b/arch/arm/include/asm/hardirq.h
@@ -6,7 +6,7 @@
 #include <linux/threads.h>
 #include <asm/irq.h>
 
-#define NR_IPI	7
+#define NR_IPI	8
 
 typedef struct {
 	unsigned int __softirq_pending;
diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
index facd424..8046f9b 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -515,6 +515,7 @@ static const char *ipi_types[NR_IPI] __tracepoint_string = {
 	S(IPI_CPU_STOP, "CPU stop interrupts"),
 	S(IPI_IRQ_WORK, "IRQ work interrupts"),
 	S(IPI_COMPLETION, "completion interrupts"),
+	S(IPI_CPU_BACKTRACE, "Backtrace interrupts"),
 };
 
 static void smp_cross_call(const struct cpumask *target, unsigned int ipinr)
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ