| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1631860384-26608-4-git-send-email-quic_fenglinw@quicinc.com>
Date: Fri, 17 Sep 2021 14:32:58 +0800
From: Fenglin Wu <quic_fenglinw@...cinc.com>
To: <linux-arm-msm@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<sboyd@...nel.org>
CC: <collinsd@...eaurora.org>, <subbaram@...eaurora.org>,
<quic_fenglinw@...cinc.com>
Subject: [RESEND PATCH v1 3/9] spmi: pmic-arb: check apid against limits before calling irq handler
From: David Collins <collinsd@...eaurora.org>
Check that the apid for an SPMI interrupt falls between the
min_apid and max_apid that can be handled by the APPS processor
before invoking the per-apid interrupt handler:
periph_interrupt().
This avoids an access violation in rare cases where the status
bit is set for an interrupt that is not owned by the APPS
processor.
Signed-off-by: David Collins <collinsd@...eaurora.org>
Signed-off-by: Fenglin Wu <quic_fenglinw@...cinc.com>
---
drivers/spmi/spmi-pmic-arb.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/spmi/spmi-pmic-arb.c b/drivers/spmi/spmi-pmic-arb.c
index 4d7ad004..c4adc06 100644
--- a/drivers/spmi/spmi-pmic-arb.c
+++ b/drivers/spmi/spmi-pmic-arb.c
@@ -535,6 +535,12 @@ static void pmic_arb_chained_irq(struct irq_desc *desc)
id = ffs(status) - 1;
status &= ~BIT(id);
apid = id + i * 32;
+ if (apid < pmic_arb->min_apid
+ || apid > pmic_arb->max_apid) {
+ WARN_ONCE(true, "spurious spmi irq received for apid=%d\n",
+ apid);
+ continue;
+ }
enable = readl_relaxed(
ver_ops->acc_enable(pmic_arb, apid));
if (enable & SPMI_PIC_ACC_ENABLE_BIT)
--
2.7.4
Powered by blists - more mailing lists