Re: [PATCH] thermal: cpu_cooling: fix out of bounds access in time_in_idle

[Eduardo Valentin]

On Thu, Feb 11, 2016 at 12:00:51PM +0000, Javi Merino wrote:
> In __cpufreq_cooling_register() we allocate the arrays for time_in_idle
> and time_in_idle_timestamp to be as big as the number of cpus in this
> cpufreq device.  However, in get_load() we access this array using the
> cpu number as index, which can result in an out of bound access.
> 
> Index time_in_idle{,_timestamp} using the index in the cpufreq_device's
> allowed_cpus mask, as we do for the load_cpu array in
> cpufreq_get_requested_power()
> 
> Reported-by: Nicolas Boichat <drinkcat@xxxxxxxxxxxx>
> Cc: Amit Daniel Kachhap <amit.kachhap@xxxxxxxxx>
> Cc: Zhang Rui <rui.zhang@xxxxxxxxx>
> Cc: Eduardo Valentin <edubezval@xxxxxxxxx>
> Tested-by: Nicolas Boichat <drinkcat@xxxxxxxxxxxx>
> Acked-by: Viresh Kumar <viresh.kumar@xxxxxxxxxx>
> Signed-off-by: Javi Merino <javi.merino@xxxxxxx>


> ---
> Hi Andrew,
> 
> This patch fixes an out of bounds access found by Nicolas Boichat
> using KASAN.  It is acked by Viresh, comaintainer of the cpu cooling
> device and tested by the reporter.  It's been in the list[0] for more
> than a month, I've pinged the thermal maintainers three times but they
> haven't replied.
> 
> Can you merge it via your tree?  Thanks,
> Javi

Somehow this patch was marked as accepted in patchwork and I missed it,
apologize for this. I am adding it to thermal-soc.

BR,
Eduardo