From: Jason Wessel <jason.wessel@windriver.com>
Date: Fri, 11 Dec 2009 14:43:13 +0000 (-0600)
Subject: kgdb: Read buffer overflow
X-Git-Tag: firefly_0821_release~9833^2~3897^2~7
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=84667d4849b0e0a939a76f9f62d45fa3b4d59692;p=firefly-linux-kernel-4.4.55.git

kgdb: Read buffer overflow

Roel Kluin reported an error found with Parfait.  Where we want to
ensure that that kgdb_info[-1] never gets accessed.

Also check to ensure any negative tid does not exceed the size of the
shadow CPU array, else report critical debug context because it is an
internal kgdb failure.

Reported-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
---

diff --git a/kernel/kgdb.c b/kernel/kgdb.c
index 7d7014634022..29357a9ccfb2 100644
--- a/kernel/kgdb.c
+++ b/kernel/kgdb.c
@@ -541,12 +541,17 @@ static struct task_struct *getthread(struct pt_regs *regs, int tid)
 	 */
 	if (tid == 0 || tid == -1)
 		tid = -atomic_read(&kgdb_active) - 2;
-	if (tid < 0) {
+	if (tid < -1 && tid > -NR_CPUS - 2) {
 		if (kgdb_info[-tid - 2].task)
 			return kgdb_info[-tid - 2].task;
 		else
 			return idle_task(-tid - 2);
 	}
+	if (tid <= 0) {
+		printk(KERN_ERR "KGDB: Internal thread select error\n");
+		dump_stack();
+		return NULL;
+	}
 
 	/*
 	 * find_task_by_pid_ns() does not take the tasklist lock anymore