[Bionic][PATCH 11/12] powerpc/powernv/npu: Check mmio_atsd array bounds when populating
Jose Ricardo Ziviani
joserz at linux.ibm.com
Thu Mar 14 17:56:51 UTC 2019
From: Alexey Kardashevskiy <aik at ozlabs.ru>
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1819989
A broken device tree might contain more than 8 values and introduce hard
to debug memory corruption bug. This adds the boundary check.
Signed-off-by: Alexey Kardashevskiy <aik at ozlabs.ru>
Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>
(cherry picked from commit 135ef954051b102870a8d47a8eb822af1f1b1ec1)
Signed-off-by: Jose Ricardo Ziviani <joserz at linux.ibm.com>
---
arch/powerpc/platforms/powernv/npu-dma.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/npu-dma.c b/arch/powerpc/platforms/powernv/npu-dma.c
index 53713ff439a9..0440d0c01142 100644
--- a/arch/powerpc/platforms/powernv/npu-dma.c
+++ b/arch/powerpc/platforms/powernv/npu-dma.c
@@ -964,8 +964,9 @@ int pnv_npu2_init(struct pci_controller *hose)
npu->nmmu_flush = of_property_read_bool(hose->dn, "ibm,nmmu-flush");
- for (i = 0; !of_property_read_u64_index(hose->dn, "ibm,mmio-atsd",
- i, &mmio_atsd); i++)
+ for (i = 0; i < ARRAY_SIZE(npu->mmio_atsd_regs) &&
+ !of_property_read_u64_index(hose->dn, "ibm,mmio-atsd",
+ i, &mmio_atsd); i++)
npu->mmio_atsd_regs[i] = ioremap(mmio_atsd, 32);
pr_info("NPU%d: Found %d MMIO ATSD registers", hose->global_number, i);
--
2.20.1
More information about the kernel-team
mailing list