Re: [PATCH] thermal: intel_powerclamp: Check for a possible array out of bounds access.
From: Rafael J. Wysocki
Date: Sun Jun 04 2023 - 12:13:50 EST
Cc list trimmed.
On Fri, Jun 2, 2023 at 11:12 AM Daniil Dulov <d.dulov@xxxxxxxxxx> wrote:
>
> ratio may be equal to MAX_TARGET_RATIO - 1 that will result in
> out of bound access.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: d6d71ee4a14a ("PM: Introduce Intel PowerClamp Driver")
> Signed-off-by: Daniil Dulov <d.dulov@xxxxxxxxxx>
> ---
> drivers/thermal/intel/intel_powerclamp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/thermal/intel/intel_powerclamp.c b/drivers/thermal/intel/intel_powerclamp.c
> index fb04470d7d4b..9deaf2b8ccf6 100644
> --- a/drivers/thermal/intel/intel_powerclamp.c
> +++ b/drivers/thermal/intel/intel_powerclamp.c
> @@ -277,7 +277,8 @@ static unsigned int get_compensation(int ratio)
> comp = (cal_data[ratio].steady_comp +
> cal_data[ratio - 1].steady_comp +
> cal_data[ratio - 2].steady_comp) / 3;
> - } else if (cal_data[ratio].confidence >= CONFIDENCE_OK &&
> + } else if (ratio < MAX_TARGET_RATIO - 1 &&
> + cal_data[ratio].confidence >= CONFIDENCE_OK &&
> cal_data[ratio - 1].confidence >= CONFIDENCE_OK &&
> cal_data[ratio + 1].confidence >= CONFIDENCE_OK) {
> comp = (cal_data[ratio].steady_comp +
> --
Rui, Srinivas, can you have a look at this, please?