Re: [PATCH] thermal: cpu_cooling: fix out of bounds access in time_in_idle
From: Javi Merino
Date: Thu Feb 11 2016 - 13:45:16 EST
On Thu, Feb 11, 2016 at 07:00:28AM -0800, Eduardo Valentin wrote:
> On Thu, Feb 11, 2016 at 12:00:51PM +0000, Javi Merino wrote:
> > In __cpufreq_cooling_register() we allocate the arrays for time_in_idle
> > and time_in_idle_timestamp to be as big as the number of cpus in this
> > cpufreq device. However, in get_load() we access this array using the
> > cpu number as index, which can result in an out of bound access.
> >
> > Index time_in_idle{,_timestamp} using the index in the cpufreq_device's
> > allowed_cpus mask, as we do for the load_cpu array in
> > cpufreq_get_requested_power()
> >
> > Reported-by: Nicolas Boichat <drinkcat@xxxxxxxxxxxx>
> > Cc: Amit Daniel Kachhap <amit.kachhap@xxxxxxxxx>
> > Cc: Zhang Rui <rui.zhang@xxxxxxxxx>
> > Cc: Eduardo Valentin <edubezval@xxxxxxxxx>
> > Tested-by: Nicolas Boichat <drinkcat@xxxxxxxxxxxx>
> > Acked-by: Viresh Kumar <viresh.kumar@xxxxxxxxxx>
> > Signed-off-by: Javi Merino <javi.merino@xxxxxxx>
>
>
> > ---
> > Hi Andrew,
> >
> > This patch fixes an out of bounds access found by Nicolas Boichat
> > using KASAN. It is acked by Viresh, comaintainer of the cpu cooling
> > device and tested by the reporter. It's been in the list[0] for more
> > than a month, I've pinged the thermal maintainers three times but they
> > haven't replied.
> >
> > Can you merge it via your tree? Thanks,
> > Javi
>
> Somehow this patch was marked as accepted in patchwork and I missed it,
> apologize for this. I am adding it to thermal-soc.
Great, thanks!
Javi