[PATCH 50/50] arm64: Fix out-of-bounds read access in gic_cpu_reset
3 views
Skip to first unread message
Jan Kiszka
Oct 18, 2016, 4:09:32 AM10/18/16
to jailho...@googlegroups.com, Antonios Motakis, Claudio Fontana, Dmitry Voytik, Marc Zyngier, Mark Rutland
While practically harmless (it's read-only on the stack, and we don't
evaluate bits 32..63), Coverity is right in pointing this out. Resolve
the issue by using unsigned long for the variable that is passed to
test_bit.
Remove the unneeded braces from the loop at this chance.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
hypervisor/arch/arm-common/gic-v2.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hypervisor/arch/arm-common/gic-v2.c b/hypervisor/arch/arm-common/gic-v2.c
index 2eac125..0cfae76 100644
--- a/hypervisor/arch/arm-common/gic-v2.c
+++ b/hypervisor/arch/arm-common/gic-v2.c
@@ -53,7 +53,7 @@ static void gic_cpu_reset(struct per_cpu *cpu_data, bool is_shutdown)
unsigned int mnt_irq = system_config->platform_info.arm.maintenance_irq;
unsigned int i;
bool root_shutdown = is_shutdown && (cpu_data->cell == &root_cell);
- u32 active;
+ unsigned long active;
u32 gich_vmcr = 0;
u32 gicc_ctlr, gicc_pmr;
@@ -61,10 +61,9 @@ static void gic_cpu_reset(struct per_cpu *cpu_data, bool is_shutdown)
/* Deactivate all PPIs */
active = mmio_read32(gicd_base + GICD_ISACTIVER);
- for (i = 16; i < 32; i++) {
- if (test_bit(i, (unsigned long *)&active))
+ for (i = 16; i < 32; i++)
+ if (test_bit(i, &active))
mmio_write32(gicc_base + GICC_DIR, i);
- }
/* Ensure all IPIs and the maintenance PPI are enabled */
mmio_write32(gicd_base + GICD_ISENABLER, 0x0000ffff | (1 << mnt_irq));
--
2.1.4
evaluate bits 32..63), Coverity is right in pointing this out. Resolve
the issue by using unsigned long for the variable that is passed to
test_bit.
Remove the unneeded braces from the loop at this chance.
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
hypervisor/arch/arm-common/gic-v2.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hypervisor/arch/arm-common/gic-v2.c b/hypervisor/arch/arm-common/gic-v2.c
index 2eac125..0cfae76 100644
--- a/hypervisor/arch/arm-common/gic-v2.c
+++ b/hypervisor/arch/arm-common/gic-v2.c
@@ -53,7 +53,7 @@ static void gic_cpu_reset(struct per_cpu *cpu_data, bool is_shutdown)
unsigned int mnt_irq = system_config->platform_info.arm.maintenance_irq;
unsigned int i;
bool root_shutdown = is_shutdown && (cpu_data->cell == &root_cell);
- u32 active;
+ unsigned long active;
u32 gich_vmcr = 0;
u32 gicc_ctlr, gicc_pmr;
@@ -61,10 +61,9 @@ static void gic_cpu_reset(struct per_cpu *cpu_data, bool is_shutdown)
/* Deactivate all PPIs */
active = mmio_read32(gicd_base + GICD_ISACTIVER);
- for (i = 16; i < 32; i++) {
- if (test_bit(i, (unsigned long *)&active))
+ for (i = 16; i < 32; i++)
+ if (test_bit(i, &active))
mmio_write32(gicc_base + GICC_DIR, i);
- }
/* Ensure all IPIs and the maintenance PPI are enabled */
mmio_write32(gicd_base + GICD_ISENABLER, 0x0000ffff | (1 << mnt_irq));
--
2.1.4
Reply all
Reply to author
Forward
0 new messages