From: Heinrich Schuchardt Date: Mon, 14 Apr 2014 07:42:01 +0000 (+0100) Subject: arm/mach-vexpress: array accessed out of bounds X-Git-Tag: firefly_0821_release~176^2~3923^2~11^2~2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=bb6dd5757c12e9f3f25da971f1ea45c777ae79ab;p=firefly-linux-kernel-4.4.55.git arm/mach-vexpress: array accessed out of bounds dcscb_allcpus_mask is an array of size 2. The index variable cluster has to be checked against this limit before accessing the array. Signed-off-by: Heinrich Schuchardt Acked-by: Nicolas Pitre Signed-off-by: Pawel Moll --- diff --git a/arch/arm/mach-vexpress/dcscb.c b/arch/arm/mach-vexpress/dcscb.c index 788495d35cf9..30b993399ed7 100644 --- a/arch/arm/mach-vexpress/dcscb.c +++ b/arch/arm/mach-vexpress/dcscb.c @@ -51,12 +51,14 @@ static int dcscb_allcpus_mask[2]; static int dcscb_power_up(unsigned int cpu, unsigned int cluster) { unsigned int rst_hold, cpumask = (1 << cpu); - unsigned int all_mask = dcscb_allcpus_mask[cluster]; + unsigned int all_mask; pr_debug("%s: cpu %u cluster %u\n", __func__, cpu, cluster); if (cpu >= 4 || cluster >= 2) return -EINVAL; + all_mask = dcscb_allcpus_mask[cluster]; + /* * Since this is called with IRQs enabled, and no arch_spin_lock_irq * variant exists, we need to disable IRQs manually here. @@ -101,11 +103,12 @@ static void dcscb_power_down(void) cpu = MPIDR_AFFINITY_LEVEL(mpidr, 0); cluster = MPIDR_AFFINITY_LEVEL(mpidr, 1); cpumask = (1 << cpu); - all_mask = dcscb_allcpus_mask[cluster]; pr_debug("%s: cpu %u cluster %u\n", __func__, cpu, cluster); BUG_ON(cpu >= 4 || cluster >= 2); + all_mask = dcscb_allcpus_mask[cluster]; + __mcpm_cpu_going_down(cpu, cluster); arch_spin_lock(&dcscb_lock);