| Message ID | alpine.DEB.2.10.1612081704150.22778@sstabellini-ThinkPad-X260 (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show
Return-Path: <xen-devel-bounces@lists.xen.org> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 75E3F607D4 for <patchwork-xen-devel@patchwork.kernel.org>; Fri, 9 Dec 2016 01:13:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 70C052858D for <patchwork-xen-devel@patchwork.kernel.org>; Fri, 9 Dec 2016 01:13:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 64FFD285C8; Fri, 9 Dec 2016 01:13:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D88172858D for <patchwork-xen-devel@patchwork.kernel.org>; Fri, 9 Dec 2016 01:13:02 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from <xen-devel-bounces@lists.xen.org>) id 1cF9hr-00034F-NF; Fri, 09 Dec 2016 01:10:35 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from <sstabellini@kernel.org>) id 1cF9hp-000349-Th for xen-devel@lists.xenproject.org; Fri, 09 Dec 2016 01:10:34 +0000 Received: from [85.158.137.68] by server-13.bemta-3.messagelabs.com id 73/F1-23854-9840A485; Fri, 09 Dec 2016 01:10:33 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBIsWRWlGSWpSXmKPExsVybKJsh24Hi1e Ewapdhhbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8bWR/vZCu6zVqzeepW1gfExSxcjJ4eQwFRG ibZN3l2MXED2bCaJWQtPM4EkWAS0JH5c3AFmswkYSvx9somti5GDQwLIXvKZAyQsIqAkcW/VZ LASZgEDiS3PfrCD2MICDhIn/jxmBrF5BbwlprVtYgWxRQV0JQ79+8MGEReUODnzCQtEr5bE8u nbwGwJgQyJeT1zWCFsL4lFNy5B2WoSV89tYp7AyD8LSfssJO0LGJlWMaoXpxaVpRbpGuslFWW mZ5TkJmbm6BoaGOvlphYXJ6an5iQmFesl5+duYgSGGgMQ7GBs/uJ0iFGSg0lJlLeYyStCiC8p P6UyI7E4I76oNCe1+BCjDAeHkgQvOzNQTrAoNT21Ii0zBxj0MGkJDh4lEV5ZkDRvcUFibnFmO kTqFKMux4H3K54yCbHk5eelSonzJoEUCYAUZZTmwY2AReAlRlkpYV5GoKOEeApSi3IzS1DlXz GKczAqCfMeAJnCk5lXArfpFdARTEBHzLvhDnJESSJCSqqBcZ1TXcTiNj3jxbZPS7iSRfsu622 aVmxcGPHp07H8U19FlAKMm3WLdOe6pl+6uih2dsuDmLdaUfZmK7bOvHY1SfOHuJNA29P74Z5r lz6KuxOR2Oxksubipqx9S08tP/dRb9uX8w+KDf1+CYpyTH1XdfSKg6CglsPJ1oV7/gfVdHxgv um42aFRQYmlOCPRUIu5qDgRAE7y/fi7AgAA X-Env-Sender: sstabellini@kernel.org X-Msg-Ref: server-5.tower-31.messagelabs.com!1481245831!71998348!1 X-Originating-IP: [198.145.29.136] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.0.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 40707 invoked from network); 9 Dec 2016 01:10:32 -0000 Received: from mail.kernel.org (HELO mail.kernel.org) (198.145.29.136) by server-5.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 9 Dec 2016 01:10:32 -0000 Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 4F377203A5; Fri, 9 Dec 2016 01:10:30 +0000 (UTC) Received: from [10.1.10.56] (96-82-76-110-static.hfc.comcastbusiness.net [96.82.76.110]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5862420383; Fri, 9 Dec 2016 01:10:29 +0000 (UTC) Date: Thu, 8 Dec 2016 17:10:28 -0800 (PST) From: Stefano Stabellini <sstabellini@kernel.org> X-X-Sender: sstabellini@sstabellini-ThinkPad-X260 To: xen-devel@lists.xenproject.org Message-ID: <alpine.DEB.2.10.1612081704150.22778@sstabellini-ThinkPad-X260> User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Cc: julien.grall@arm.com, sstabellini@kernel.org Subject: [Xen-devel] [PATCH] fix potential pa_range_info out of bound access X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion <xen-devel.lists.xen.org> List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>, <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe> List-Post: <mailto:xen-devel@lists.xen.org> List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help> List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xen.org?subject=subscribe> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org> X-Virus-Scanned: ClamAV using ClamSMTP |
diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index e4991df..245fcd1 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1629,7 +1629,7 @@ void __init setup_virt_paging(void) }; unsigned int cpu; - unsigned int pa_range = 0x10; /* Larger than any possible value */ + unsigned int pa_range = sizeof(pa_range_info) / sizeof(pa_range_info[0]); for_each_online_cpu ( cpu ) {
pa_range_info has only 8 elements and is accessed using pa_range as index. pa_range is initialized to 16, potentially causing out of bound access errors. Fix the issue by initializing pa_range to the effective number of pa_range_info elements. CID 1381865 Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>