[PATCH] Don't index beyond end of intr_remap_fault_reasons array indmar_get_fault_reason

From: Jesper Juhl
Date: Sun Dec 12 2010 - 16:46:49 EST

Next message: Jan Kiszka: "Re: [PATCH v2 2/4] genirq: Inform handler about line sharing state"
Previous message: Saravana Kannan: "Re: [PATCH] regulator: Call into regulator driver only when voltage min/max really changes."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

In drivers/pci/dmar.c::dmar_get_fault_reason() we have 7 entries in the
intr_remap_fault_reasons array and then this code:

...
if (fault_reason >= 0x20 && (fault_reason <= 0x20 +
ARRAY_SIZE(intr_remap_fault_reasons))) {
*fault_type = INTR_REMAP;
return intr_remap_fault_reasons[fault_reason - 0x20];
...

This ends up allowing array index values of 0-7 (both inclusive). A value
of 7 indexes 1 past the end of the array, so I believe the code should be
this instead:

...
if (fault_reason >= 0x20 && (fault_reason <= 0x20 +
ARRAY_SIZE(intr_remap_fault_reasons) - 1)) {
*fault_type = INTR_REMAP;
return intr_remap_fault_reasons[fault_reason - 0x20];
...

Which only allows the actually legal values 0-6.

The patch below makes that change and also (while I was there) removes the
completely unused #define MAX_FAULT_REASON_IDX .

Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx>
---
dmar.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/pci/dmar.c b/drivers/pci/dmar.c
index 0157708..f210f96 100644
--- a/drivers/pci/dmar.c
+++ b/drivers/pci/dmar.c
@@ -1207,12 +1207,10 @@ static const char *intr_remap_fault_reasons[] =
"Blocked an interrupt request due to source-id verification failure",
};

-#define MAX_FAULT_REASON_IDX (ARRAY_SIZE(fault_reason_strings) - 1)
-
const char *dmar_get_fault_reason(u8 fault_reason, int *fault_type)
{
if (fault_reason >= 0x20 && (fault_reason <= 0x20 +
- ARRAY_SIZE(intr_remap_fault_reasons))) {
+ ARRAY_SIZE(intr_remap_fault_reasons) - 1)) {
*fault_type = INTR_REMAP;
return intr_remap_fault_reasons[fault_reason - 0x20];
} else if (fault_reason < ARRAY_SIZE(dma_remap_fault_reasons)) {

--
Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jan Kiszka: "Re: [PATCH v2 2/4] genirq: Inform handler about line sharing state"
Previous message: Saravana Kannan: "Re: [PATCH] regulator: Call into regulator driver only when voltage min/max really changes."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]