Re: [PATCH] ARM: fix out-of-bound access to ipi_types[]

From: Marc Zyngier
Date: Tue Mar 19 2019 - 12:37:43 EST

Next message: Philipp Zabel: "Re: [PATCH 1/5] reset: add acquired/released state for exclusive reset controls"
Previous message: Wolfram Sang: "[PATCH 2/2] drm/omap: simplify getting .driver_data"
In reply to: Masahiro Yamada: "[PATCH] ARM: fix out-of-bound access to ipi_types[]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 19 Mar 2019 15:52:25 +0000,
Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx> wrote:
>
> Since commit e7273ff49acf ("ARM: 8488/1: Make IPI_CPU_BACKTRACE a
> "non-secure" SGI"), IPI_CPU_BACKTRACE is assigned to SGI7.
>
> raise_nmi() passes IPI_CPU_BACKTRACE (=7) into smp_cross_call(),
> but it is above the array bound of ipi_types[].
>
> Increase NR_IPI, and add the entry to ipi_types[].
>
> This fixes the following GCC warning:
>
> CC arch/arm/kernel/smp.o
> arch/arm/kernel/smp.c: In function 'raise_nmi':
> arch/arm/kernel/smp.c:522:2: warning: array subscript 7 is above array bounds of 'const char *[7]' [-Warray-bounds]
> trace_ipi_raise_rcuidle(target, ipi_types[ipinr]);
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Signed-off-by: Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>
> ---

+Arnd.

A fix for this has been around since 2016:

http://lists.infradead.org/pipermail/linux-arm-kernel/2016-February/409393.html

and reposted several times since. I don't know why it hasn't been
picked up.

M.

--
Jazz is not dead, it just smell funny.

Next message: Philipp Zabel: "Re: [PATCH 1/5] reset: add acquired/released state for exclusive reset controls"
Previous message: Wolfram Sang: "[PATCH 2/2] drm/omap: simplify getting .driver_data"
In reply to: Masahiro Yamada: "[PATCH] ARM: fix out-of-bound access to ipi_types[]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]