| From ffc8415afab20bd97754efae6aad1f67b531132b Mon Sep 17 00:00:00 2001 |
| From: Jeffrey Deans <jeffrey.deans@imgtec.com> |
| Date: Thu, 17 Jul 2014 09:20:56 +0100 |
| Subject: MIPS: GIC: Prevent array overrun |
| |
| From: Jeffrey Deans <jeffrey.deans@imgtec.com> |
| |
| commit ffc8415afab20bd97754efae6aad1f67b531132b upstream. |
| |
| A GIC interrupt which is declared as having a GIC_MAP_TO_NMI_MSK |
| mapping causes the cpu parameter to gic_setup_intr() to be increased |
| to 32, causing memory corruption when pcpu_masks[] is written to again |
| later in the function. |
| |
| Signed-off-by: Jeffrey Deans <jeffrey.deans@imgtec.com> |
| Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> |
| Cc: linux-mips@linux-mips.org |
| Patchwork: https://patchwork.linux-mips.org/patch/7375/ |
| Signed-off-by: Ralf Baechle <ralf@linux-mips.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/mips/kernel/irq-gic.c | 6 ++++-- |
| 1 file changed, 4 insertions(+), 2 deletions(-) |
| |
| --- a/arch/mips/kernel/irq-gic.c |
| +++ b/arch/mips/kernel/irq-gic.c |
| @@ -269,11 +269,13 @@ static void __init gic_setup_intr(unsign |
| |
| /* Setup Intr to Pin mapping */ |
| if (pin & GIC_MAP_TO_NMI_MSK) { |
| + int i; |
| + |
| GICWRITE(GIC_REG_ADDR(SHARED, GIC_SH_MAP_TO_PIN(intr)), pin); |
| /* FIXME: hack to route NMI to all cpu's */ |
| - for (cpu = 0; cpu < NR_CPUS; cpu += 32) { |
| + for (i = 0; i < NR_CPUS; i += 32) { |
| GICWRITE(GIC_REG_ADDR(SHARED, |
| - GIC_SH_MAP_TO_VPE_REG_OFF(intr, cpu)), |
| + GIC_SH_MAP_TO_VPE_REG_OFF(intr, i)), |
| 0xffffffff); |
| } |
| } else { |
