forked fromtorvalds/linux
- Notifications
You must be signed in to change notification settings - Fork0
Commitf3217d6
firmware: xilinx: fix out-of-bounds access
The zynqmp_pm_set_suspend_mode() and zynqmp_pm_get_trustzone_version()functions pass values as api_id into zynqmp_pm_invoke_fnthat are beyond PM_API_MAX, resulting in an out-of-bounds access:drivers/firmware/xilinx/zynqmp.c: In function 'zynqmp_pm_set_suspend_mode':drivers/firmware/xilinx/zynqmp.c:150:24: warning: array subscript 2562 is above array bounds of 'u32[64]' {aka 'unsigned int[64]'} [-Warray-bounds] 150 | if (zynqmp_pm_features[api_id] != PM_FEATURE_UNCHECKED) | ~~~~~~~~~~~~~~~~~~^~~~~~~~drivers/firmware/xilinx/zynqmp.c:28:12: note: while referencing 'zynqmp_pm_features' 28 | static u32 zynqmp_pm_features[PM_API_MAX]; | ^~~~~~~~~~~~~~~~~~Replace the resulting undefined behavior with an error return.This may break some things that happen to work at the momentbut seems better than randomly overwriting kernel data.I assume we need additional fixes for the two functions that nowreturn an error.Fixes:7658267 ("firmware: xilinx: Add Zynqmp firmware driver")Fixes:e178df3 ("firmware: xilinx: Implement ZynqMP power management APIs")Signed-off-by: Arnd Bergmann <arnd@arndb.de>Link:https://lore.kernel.org/r/20201026155449.3703142-1-arnd@kernel.orgCc: stable <stable@vger.kernel.org>Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>1 parentd9109fe commitf3217d6
1 file changed
+3
-0
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
147 | 147 | | |
148 | 148 | | |
149 | 149 | | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
150 | 153 | | |
151 | 154 | | |
152 | 155 | | |
| |||
0 commit comments
Comments
(0)