diff options
| author | Jeffrey Deans <jeffrey.deans@imgtec.com> | 2014-07-17 09:20:56 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2014-09-13 23:41:41 +0100 |
| commit | 43b781e0e4426c91f5b14b1ffe1cbecacfcb7b1c (patch) | |
| tree | 7cfacafd73565a96ba58ca302791cd4a2ad41ab7 /arch/mips | |
| parent | 3e6d3af6998364cc2242dbc7a1d3eccd8bd25eba (diff) | |
| download | kernel_samsung_smdk4412-43b781e0e4426c91f5b14b1ffe1cbecacfcb7b1c.zip kernel_samsung_smdk4412-43b781e0e4426c91f5b14b1ffe1cbecacfcb7b1c.tar.gz kernel_samsung_smdk4412-43b781e0e4426c91f5b14b1ffe1cbecacfcb7b1c.tar.bz2 | |
MIPS: GIC: Prevent array overrun
commit ffc8415afab20bd97754efae6aad1f67b531132b upstream.
A GIC interrupt which is declared as having a GIC_MAP_TO_NMI_MSK
mapping causes the cpu parameter to gic_setup_intr() to be increased
to 32, causing memory corruption when pcpu_masks[] is written to again
later in the function.
Signed-off-by: Jeffrey Deans <jeffrey.deans@imgtec.com>
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7375/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'arch/mips')
| -rw-r--r-- | arch/mips/kernel/irq-gic.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/arch/mips/kernel/irq-gic.c b/arch/mips/kernel/irq-gic.c index 0c527f6..e132bfd 100644 --- a/arch/mips/kernel/irq-gic.c +++ b/arch/mips/kernel/irq-gic.c @@ -166,11 +166,13 @@ static void __init gic_setup_intr(unsigned int intr, unsigned int cpu, { /* Setup Intr to Pin mapping */ if (pin & GIC_MAP_TO_NMI_MSK) { + int i; + GICWRITE(GIC_REG_ADDR(SHARED, GIC_SH_MAP_TO_PIN(intr)), pin); /* FIXME: hack to route NMI to all cpu's */ - for (cpu = 0; cpu < NR_CPUS; cpu += 32) { + for (i = 0; i < NR_CPUS; i += 32) { GICWRITE(GIC_REG_ADDR(SHARED, - GIC_SH_MAP_TO_VPE_REG_OFF(intr, cpu)), + GIC_SH_MAP_TO_VPE_REG_OFF(intr, i)), 0xffffffff); } } else { |