linux/drivers/irqchip
Suzuki K Poulose 866d7c1b0a irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
The GICv3 driver doesn't check if the target CPU for gic_set_affinity
is valid before going ahead and making the changes. This triggers the
following splat with KASAN:

[  141.189434] BUG: KASAN: global-out-of-bounds in gic_set_affinity+0x8c/0x140
[  141.189704] Read of size 8 at addr ffff200009741d20 by task swapper/1/0
[  141.189958]
[  141.190158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.12.0-rc7
[  141.190458] Hardware name: Foundation-v8A (DT)
[  141.190658] Call trace:
[  141.190908] [<ffff200008089d70>] dump_backtrace+0x0/0x328
[  141.191224] [<ffff20000808a1b4>] show_stack+0x14/0x20
[  141.191507] [<ffff200008504c3c>] dump_stack+0xa4/0xc8
[  141.191858] [<ffff20000826c19c>] print_address_description+0x13c/0x250
[  141.192219] [<ffff20000826c5c8>] kasan_report+0x210/0x300
[  141.192547] [<ffff20000826ad54>] __asan_load8+0x84/0x98
[  141.192874] [<ffff20000854eeec>] gic_set_affinity+0x8c/0x140
[  141.193158] [<ffff200008148b14>] irq_do_set_affinity+0x54/0xb8
[  141.193473] [<ffff200008148d2c>] irq_set_affinity_locked+0x64/0xf0
[  141.193828] [<ffff200008148e00>] __irq_set_affinity+0x48/0x78
[  141.194158] [<ffff200008bc48a4>] arm_perf_starting_cpu+0x104/0x150
[  141.194513] [<ffff2000080d73bc>] cpuhp_invoke_callback+0x17c/0x1f8
[  141.194783] [<ffff2000080d94ec>] notify_cpu_starting+0x8c/0xb8
[  141.195130] [<ffff2000080911ec>] secondary_start_kernel+0x15c/0x200
[  141.195390] [<0000000080db81b4>] 0x80db81b4
[  141.195603]
[  141.195685] The buggy address belongs to the variable:
[  141.196012]  __cpu_logical_map+0x200/0x220
[  141.196176]
[  141.196315] Memory state around the buggy address:
[  141.196586]  ffff200009741c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  141.196913]  ffff200009741c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  141.197158] >ffff200009741d00: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
[  141.197487]                                ^
[  141.197758]  ffff200009741d80: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
[  141.198060]  ffff200009741e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  141.198358] ==================================================================
[  141.198609] Disabling lock debugging due to kernel taint
[  141.198961] CPU1: Booted secondary processor [410fd051]

This patch adds the check to make sure the cpu is valid.

Fixes: commit 021f653791 ("irqchip: gic-v3: Initial support for GICv3")
Cc: stable@vger.kernel.org
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2017-06-30 15:32:17 +01:00
..
alphascale_asm9260-icoll.h irqchip/mxs: Add Alphascale ASM9260 support 2015-10-14 09:37:47 +02:00
exynos-combiner.c irqchip/exynos-combiner: Fix usage of __raw IO 2016-06-23 18:26:42 +00:00
irq-alpine-msi.c irqchip/irq-alpine-msi: Don't use <asm-generic/msi.h> 2016-05-11 10:12:25 +01:00
irq-armada-370-xp.c Revert "irqchip/armada-370-xp: Fix regression by clearing IRQ_NOAUTOEN" 2017-06-22 14:13:33 +01:00
irq-aspeed-i2c-ic.c irqchip/aspeed-i2c-ic: Add I2C IRQ controller for Aspeed 2017-06-22 14:15:00 +01:00
irq-aspeed-vic.c irqchip/aspeed-vic: Add AST2500 compatible string 2017-06-22 14:13:39 +01:00
irq-ath79-cpu.c irqchip/ath79-cpu: Move the CPU IRQ driver from arch/mips/ath79/ 2016-02-17 13:47:19 +00:00
irq-ath79-misc.c irqchip/ath79-misc: Move the MISC driver from arch/mips/ath79/ 2016-02-17 13:44:31 +00:00
irq-atmel-aic5.c irqchip/atmel-aic5: Handle suspend to RAM 2017-04-12 09:12:53 +01:00
irq-atmel-aic-common.c irqchip/atmel-aic: Change return type of aic_common_set_priority() 2016-02-08 15:03:42 +01:00
irq-atmel-aic-common.h irqchip/atmel-aic: Change return type of aic_common_set_priority() 2016-02-08 15:03:42 +01:00
irq-atmel-aic.c irqchip/atmel-aic: Fix potential deadlock in ->xlate() 2016-09-13 16:57:40 +02:00
irq-bcm2835.c irqchip: bcm2835: Avoid arch/arm-specific handle_IRQ 2016-06-04 14:16:59 +00:00
irq-bcm2836.c cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
irq-bcm6345-l1.c treewide: remove redundant #include <linux/kconfig.h> 2016-10-11 15:06:33 -07:00
irq-bcm7038-l1.c irqchip/bcm7038-l1: Implement irq_cpu_offline() callback 2016-11-18 14:17:22 +01:00
irq-bcm7120-l2.c treewide: remove redundant #include <linux/kconfig.h> 2016-10-11 15:06:33 -07:00
irq-brcmstb-l2.c treewide: remove redundant #include <linux/kconfig.h> 2016-10-11 15:06:33 -07:00
irq-clps711x.c irqchip: clps711x: Changing the compatibility string to match with the smallest supported chip 2016-07-06 17:38:15 +02:00
irq-crossbar.c irqchip/irqdomain updates for 4.11-rc2 2017-03-09 12:06:41 +01:00
irq-digicolor.c irqchip: Prepare for local stub header removal 2015-07-11 23:14:23 +02:00
irq-dw-apb-ictl.c genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
irq-eznps.c irqchip/eznps: Drop pointless static qualifier in nps400_of_init() 2016-10-19 14:24:36 +02:00
irq-ftintc010.c irqchip/faraday: Replace moxa with ftintc010 2017-04-07 10:36:30 +01:00
irq-gic-common.c irqchip/gic: Prepare for adding platform driver 2016-06-13 11:53:52 +01:00
irq-gic-common.h irqchip/gic-v2: Parse and export virtual GIC information 2016-05-03 12:54:21 +02:00
irq-gic-pm.c irqchip/gic-pm: Update driver to use of_pm_clk_add_clk 2016-09-12 19:46:28 +01:00
irq-gic-realview.c irqchip/gic/realview: Support more RealView DCC variants 2016-03-09 09:38:05 +00:00
irq-gic-v2m.c iommu/dma: Add support for mapping MSIs 2016-09-16 09:34:22 +01:00
irq-gic-v3-its-pci-msi.c irqchip/gic-v3-its: Fix MSI alias accounting 2017-06-22 14:13:26 +01:00
irq-gic-v3-its-platform-msi.c irqchip/gic-v3-its-platform-msi: Make of_device_ids const 2017-06-23 09:14:58 +01:00
irq-gic-v3-its.c irqchip/gic-v3-its: Don't assume GICv3 hardware supports 16bit INTID 2017-06-23 09:14:59 +01:00
irq-gic-v3.c irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity 2017-06-30 15:32:17 +01:00
irq-gic.c cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
irq-hip04.c cpu/hotplug: Cleanup state names 2016-12-25 10:47:44 +01:00
irq-i8259.c irqchip/i8259: Constify irq_domain_ops 2017-06-22 14:12:49 +01:00
irq-imgpdc.c genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
irq-imx-gpcv2.c irqchip/irq-imx-gpcv2: Constify irq_domain_ops 2017-06-22 14:12:55 +01:00
irq-ingenic.c irqchip: Prepare for local stub header removal 2015-07-11 23:14:23 +02:00
irq-jcore-aic.c irqchip/jcore: Fix lost per-cpu interrupts 2016-10-14 14:26:55 +02:00
irq-keystone.c irqchip/keystone: Fix "scheduling while atomic" on rt 2016-12-31 18:41:45 +00:00
irq-lpc32xx.c irqchip: Add LPC32xx interrupt controller driver 2016-05-11 10:12:11 +01:00
irq-ls-scfg-msi.c irqchip: Add Layerscape SCFG MSI controller support 2016-05-04 09:58:04 +01:00
irq-mbigen.c irqchip/irq-mbigen: Constify irq_domain_ops 2017-06-22 14:13:00 +01:00
irq-metag-ext.c irqchip/metag-ext: Improve function-level documentation 2016-10-05 11:53:35 +02:00
irq-metag.c genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
irq-mips-cpu.c irqchip: mips-cpu: Introduce IPI IRQ domain support 2017-04-12 23:12:35 +02:00
irq-mips-gic.c irqchip/irq-mips-gic: Constify irq_domain_ops 2017-06-22 14:13:07 +01:00
irq-mmp.c irqchip: Kill off set_irq_flags usage 2015-09-16 16:53:38 +02:00
irq-mtk-cirq.c irqchip: Add Mediatek mtk-cirq driver 2017-04-07 10:52:22 +01:00
irq-mtk-sysirq.c irqchip/mtk-sysirq: Remove unnecessary barrier when configuring trigger 2017-04-07 10:52:17 +01:00
irq-mvebu-gicp.c irqchip/irq-mvebu-gicp: Add new driver for Marvell GICP 2017-06-23 09:14:57 +01:00
irq-mvebu-gicp.h irqchip/irq-mvebu-gicp: Add new driver for Marvell GICP 2017-06-23 09:14:57 +01:00
irq-mvebu-icu.c irqchip/irq-mvebu-icu: Add new driver for Marvell ICU 2017-06-23 09:14:57 +01:00
irq-mvebu-odmi.c irqchip/gic: Return IRQ_SET_MASK_OK_DONE in the set_affinity method 2016-02-19 15:42:29 +00:00
irq-mvebu-pic.c irqchip/mvebu-pic: New driver for Marvell Armada 7K/8K PIC 2016-08-22 22:58:27 +00:00
irq-mxs.c irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND 2016-12-31 19:06:44 +00:00
irq-nvic.c irqchip: Convert all alloc/xlate users from of_node to fwnode 2015-10-13 19:01:23 +02:00
irq-omap-intc.c irqchip/omap-intc: Fix missing <linux/irqchip/irq-omap-intc.h> include 2016-06-13 00:57:23 +00:00
irq-or1k-pic.c irqchip: Prepare for local stub header removal 2015-07-11 23:14:23 +02:00
irq-orion.c genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
irq-partition-percpu.c irqchip: Add per-cpu interrupt partitioning library 2016-05-02 13:42:51 +02:00
irq-pic32-evic.c irqchip/irq-pic32-evic: Fix bug with external interrupts. 2016-06-02 18:03:50 +01:00
irq-renesas-h8s.c irqchip/irq-renesas-h8s: Constify irq_domain_ops 2017-06-22 14:13:20 +01:00
irq-renesas-h8300h.c irqchip/irq-renesas-h8300h: Constify irq_domain_ops 2017-06-22 14:13:14 +01:00
irq-renesas-intc-irqpin.c irqchip/renesas-intc-irqpin: Improve clock error handling and reporting 2015-11-24 16:54:19 +00:00
irq-renesas-irqc.c irqchip/renesas-irqc: Move over to nested generic chip 2015-09-29 20:41:00 +02:00
irq-s3c24xx.c irqchip/s3c24xx: Fixup IO accessors for big endian 2016-06-23 18:28:00 +00:00
irq-sa11x0.c ARM: kill off set_irq_flags usage 2015-07-28 13:58:13 +02:00
irq-sirfsoc.c irqchip/sirfsoc: Fix sparse warnings on __iomem 2016-06-13 00:48:31 +00:00
irq-st.c irqchip/st: Mark st_irq_syscfg_resume() __maybe_unused 2016-12-19 10:55:43 +01:00
irq-stm32-exti.c drivers/irqchip: Add STM32 external interrupts support 2016-09-21 14:13:21 +02:00
irq-sun4i.c irqchip/sun4i: Fix compilation outside of arch/arm 2016-02-02 15:46:40 +01:00
irq-sunxi-nmi.c irqchip/sunxi-nmi: Support sun6i-a31-r-intc compatible 2017-06-22 14:08:17 +01:00
irq-tango.c irqchip/tango: Add support for Sigma Designs SMP86xx/SMP87xx interrupt controller 2016-02-18 01:18:14 +00:00
irq-tb10x.c genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
irq-tegra.c irqchip/tegra: Fix sparse warnings on __iomem 2016-06-13 00:49:39 +00:00
irq-ts4800.c irqchip/ts4800: Make ts4800_ic_ops static const 2016-02-18 02:09:18 +00:00
irq-versatile-fpga.c irqchip: versatile-fpga: add new compatible for OX810SE SoC 2016-04-26 09:50:51 +02:00
irq-vf610-mscm-ir.c irqchip: Convert all alloc/xlate users from of_node to fwnode 2015-10-13 19:01:23 +02:00
irq-vic.c irqchip/vic: Improve function-level documentation 2016-10-05 11:53:35 +02:00
irq-vt8500.c irqchip: Kill off set_irq_flags usage 2015-09-16 16:53:38 +02:00
irq-xilinx-intc.c powerpc/virtex: Use generic xilinx irqchip driver 2016-11-29 09:14:50 +00:00
irq-xtensa-mx.c irqchip: Prepare for local stub header removal 2015-07-11 23:14:23 +02:00
irq-xtensa-pic.c irqchip: Prepare for local stub header removal 2015-07-11 23:14:23 +02:00
irq-zevio.c irqchip/zevio: Use irq_data_get_chip_type() helper 2015-12-30 18:29:02 +01:00
irqchip.c irqchip / GIC: Convert the GIC driver to ACPI probing 2015-10-01 02:18:38 +02:00
Kconfig irqchip/irq-mvebu-icu: Add new driver for Marvell ICU 2017-06-23 09:14:57 +01:00
Makefile irqchip/irq-mvebu-icu: Add new driver for Marvell ICU 2017-06-23 09:14:57 +01:00
qcom-irq-combiner.c irqchip/qcom: Use builtin_platform_driver to simplify the code 2017-06-22 14:15:00 +01:00
spear-shirq.c remove lots of IS_ERR_VALUE abuses 2016-05-27 15:26:11 -07:00