| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 25 Apr 2021 23:09:03 +0800
From: Ben Dai <ben.dai9703@...il.com>
To: tglx@...utronix.de
Cc: linux-kernel@...r.kernel.org, Ben Dai <ben.dai@...soc.com>
Subject: [PATCH] genirq/timings: prevent potential array overflow in __irq_timings_store()
From: Ben Dai <ben.dai@...soc.com>
When the interrupt interval is greater than 2 ^ PREDICTION_BUFFER_SIZE *
PREDICTION_FACTOR us and less than 1s, the calculated index will be greater
than the length of irqs->ema_time[]. Check the calculated index before
using it to prevent array overflow.
Signed-off-by: Ben Dai <ben.dai@...soc.com>
---
kernel/irq/timings.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/irq/timings.c b/kernel/irq/timings.c
index 773b6105c4ae..6990490fa67b 100644
--- a/kernel/irq/timings.c
+++ b/kernel/irq/timings.c
@@ -453,6 +453,11 @@ static __always_inline void __irq_timings_store(int irq, struct irqt_stat *irqs,
*/
index = irq_timings_interval_index(interval);
+ if (index > PREDICTION_BUFFER_SIZE - 1) {
+ irqs->count = 0;
+ return;
+ }
+
/*
* Store the index as an element of the pattern in another
* circular array.
--
2.25.1
Powered by blists - more mailing lists