| From d7694782b6ab2affce16b1a98406d5e413549e2e Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Thu, 7 Mar 2019 08:41:22 +0300 |
| Subject: xen, cpu_hotplug: Prevent an out of bounds access |
| |
| From: Dan Carpenter <dan.carpenter@oracle.com> |
| |
| [ Upstream commit 201676095dda7e5b31a5e1d116d10fc22985075e ] |
| |
| The "cpu" variable comes from the sscanf() so Smatch marks it as |
| untrusted data. We can't pass a higher value than "nr_cpu_ids" to |
| cpu_possible() or it results in an out of bounds access. |
| |
| Fixes: d68d82afd4c8 ("xen: implement CPU hotplugging") |
| Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> |
| Reviewed-by: Juergen Gross <jgross@suse.com> |
| Signed-off-by: Juergen Gross <jgross@suse.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/xen/cpu_hotplug.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/drivers/xen/cpu_hotplug.c b/drivers/xen/cpu_hotplug.c |
| index f4e59c445964d..17054d6954117 100644 |
| --- a/drivers/xen/cpu_hotplug.c |
| +++ b/drivers/xen/cpu_hotplug.c |
| @@ -53,7 +53,7 @@ static int vcpu_online(unsigned int cpu) |
| } |
| static void vcpu_hotplug(unsigned int cpu) |
| { |
| - if (!cpu_possible(cpu)) |
| + if (cpu >= nr_cpu_ids || !cpu_possible(cpu)) |
| return; |
| |
| switch (vcpu_online(cpu)) { |
| -- |
| 2.20.1 |
| |
