releases/3.16.3/mips-gic-prevent-array-overrun.patch

   1 From ffc8415afab20bd97754efae6aad1f67b531132b Mon Sep 17 00:00:00 2001
   2 From: Jeffrey Deans <jeffrey.deans@imgtec.com>
   3 Date: Thu, 17 Jul 2014 09:20:56 +0100
   4 Subject: MIPS: GIC: Prevent array overrun
   5
   6 From: Jeffrey Deans <jeffrey.deans@imgtec.com>
   7
   8 commit ffc8415afab20bd97754efae6aad1f67b531132b upstream.
   9
  10 A GIC interrupt which is declared as having a GIC_MAP_TO_NMI_MSK
  11 mapping causes the cpu parameter to gic_setup_intr() to be increased
  12 to 32, causing memory corruption when pcpu_masks[] is written to again
  13 later in the function.
  14
  15 Signed-off-by: Jeffrey Deans <jeffrey.deans@imgtec.com>
  16 Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
  17 Cc: linux-mips@linux-mips.org
  18 Patchwork: https://patchwork.linux-mips.org/patch/7375/
  19 Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
  20 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  21
  22 ---
  23  arch/mips/kernel/irq-gic.c |    6 ++++--
  24  1 file changed, 4 insertions(+), 2 deletions(-)
  25
  26 --- a/arch/mips/kernel/irq-gic.c
  27 +++ b/arch/mips/kernel/irq-gic.c
  28 @@ -269,11 +269,13 @@ static void __init gic_setup_intr(unsign
  29
  30         /* Setup Intr to Pin mapping */
  31         if (pin & GIC_MAP_TO_NMI_MSK) {
  32 +               int i;
  33 +
  34                 GICWRITE(GIC_REG_ADDR(SHARED, GIC_SH_MAP_TO_PIN(intr)), pin);
  35                 /* FIXME: hack to route NMI to all cpu's */
  36 -               for (cpu = 0; cpu < NR_CPUS; cpu += 32) {
  37 +               for (i = 0; i < NR_CPUS; i += 32) {
  38                         GICWRITE(GIC_REG_ADDR(SHARED,
  39 -                                         GIC_SH_MAP_TO_VPE_REG_OFF(intr, cpu)),
  40 +                                         GIC_SH_MAP_TO_VPE_REG_OFF(intr, i)),
  41                                  0xffffffff);
  42                 }
  43         } else {