lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Sep 2021 14:32:58 +0800 From: Fenglin Wu <quic_fenglinw@...cinc.com> To: <linux-arm-msm@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <sboyd@...nel.org> CC: <collinsd@...eaurora.org>, <subbaram@...eaurora.org>, <quic_fenglinw@...cinc.com> Subject: [RESEND PATCH v1 3/9] spmi: pmic-arb: check apid against limits before calling irq handler From: David Collins <collinsd@...eaurora.org> Check that the apid for an SPMI interrupt falls between the min_apid and max_apid that can be handled by the APPS processor before invoking the per-apid interrupt handler: periph_interrupt(). This avoids an access violation in rare cases where the status bit is set for an interrupt that is not owned by the APPS processor. Signed-off-by: David Collins <collinsd@...eaurora.org> Signed-off-by: Fenglin Wu <quic_fenglinw@...cinc.com> --- drivers/spmi/spmi-pmic-arb.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/spmi/spmi-pmic-arb.c b/drivers/spmi/spmi-pmic-arb.c index 4d7ad004..c4adc06 100644 --- a/drivers/spmi/spmi-pmic-arb.c +++ b/drivers/spmi/spmi-pmic-arb.c @@ -535,6 +535,12 @@ static void pmic_arb_chained_irq(struct irq_desc *desc) id = ffs(status) - 1; status &= ~BIT(id); apid = id + i * 32; + if (apid < pmic_arb->min_apid + || apid > pmic_arb->max_apid) { + WARN_ONCE(true, "spurious spmi irq received for apid=%d\n", + apid); + continue; + } enable = readl_relaxed( ver_ops->acc_enable(pmic_arb, apid)); if (enable & SPMI_PIC_ACC_ENABLE_BIT) -- 2.7.4
Powered by blists - more mailing lists