| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200219080024.4002-3-lkundrak@v3.sk>
Date: Wed, 19 Feb 2020 09:00:24 +0100
From: Lubomir Rintel <lkundrak@...sk>
To: Marc Zyngier <maz@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Jason Cooper <jason@...edaemon.net>,
linux-kernel@...r.kernel.org, Lubomir Rintel <lkundrak@...sk>
Subject: [PATCH 2/2] irqchip/mmp: Avoid overflowing icu_data[]
In case someone messes up and adds too many interrupt muxes in the device
tree, icu_data would overflow into things that follow it in bss, likely
mmp_icu2_base and mmp_icu_base.
Let's add a safeguard, so that we fail gracefully instead of panicking
at some later point for reasons that are then not immediately clear.
Signed-off-by: Lubomir Rintel <lkundrak@...sk>
---
drivers/irqchip/irq-mmp.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/irqchip/irq-mmp.c b/drivers/irqchip/irq-mmp.c
index f597d96409a1f..c7ef2cea1c020 100644
--- a/drivers/irqchip/irq-mmp.c
+++ b/drivers/irqchip/irq-mmp.c
@@ -505,6 +505,11 @@ static int __init mmp2_mux_of_init(struct device_node *node,
return -ENODEV;
i = max_icu_nr;
+ if (i >= MAX_ICU_NR) {
+ pr_err("Too many interrupt muxes\n");
+ return -EINVAL;
+ }
+
ret = of_property_read_u32(node, "mrvl,intc-nr-irqs",
&nr_irqs);
if (ret) {
--
2.24.1
Powered by blists - more mailing lists