From a3d56a7137f68e935e03e6a763c8113fc699af2b Mon Sep 17 00:00:00 2001 From: Kassey Li Date: Wed, 20 May 2020 17:43:00 +0530 Subject: sched: Fix out of bounds issue in for_each_cluster macro [ 31.504753] ================================================================= [ 31.512215] BUG: KASAN: global-out-of-bounds in core_ctl_set_boost+0x554/0x558 [ 31.519637] Read of size 4 at addr ffffffd0327c18f4 by task init/456 [ 31.526160] [ 31.527707] CPU: 1 PID: 456 Comm: init Tainted: G S W 5.4.12-qgki-debug-gdc9adf3559a6-dirty #25 [ 31.537793] Hardware name: Qualcomm Technologies, Inc. 8350 venus (DT) [ 31.544499] Call trace: [ 31.547026] dump_backtrace+0x0/0x2e0 [ 31.550797] show_stack+0x14/0x20 [ 31.554220] dump_stack+0xf0/0x144 [ 31.557732] print_address_description.isra.7+0x3c/0x3d8 [ 31.563190] __kasan_report+0x158/0x23c [ 31.567144] kasan_report+0xc/0x18 [ 31.570649] __asan_report_load4_noabort+0x18/0x20 [ 31.575572] core_ctl_set_boost+0x554/0x558 [ 31.579881] z3d22747cee+0x14/0x58 [ 31.583385] z991cee001b+0x884/0xd70 [ 31.587071] sched_boost_handler+0xe4/0x108 [ 31.591381] proc_sys_call_handler+0x384/0x420 [ 31.595954] proc_sys_write+0x10/0x18 [ 31.599728] __vfs_write+0x54/0xe8 [ 31.603232] vfs_write+0x15c/0x430 [ 31.606736] ksys_write+0xe8/0x1c0 [ 31.610241] __arm64_sys_write+0x68/0x98 [ 31.614282] el0_svc_common.constprop.0+0x1c0/0x370 [ 31.619302] el0_svc_handler+0xd4/0x178 [ 31.623257] el0_svc+0x8/0xc Change-Id: I71e71d61e080c1ce948bd0400f9ebb0705a2210b Signed-off-by: Kassey Li Signed-off-by: Lingutla Chandrasekhar [rshaha: Resolved trivial merge conflicts] Signed-off-by: Rahul Shahare --- kernel/sched/core_ctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'kernel') diff --git a/kernel/sched/core_ctl.c b/kernel/sched/core_ctl.c index ce15ae7fe76b..70cd0649ac9b 100644 --- a/kernel/sched/core_ctl.c +++ b/kernel/sched/core_ctl.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2017, The Linux Foundation. All rights reserved. +/* Copyright (c) 2014-2017, 2020 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -70,8 +70,8 @@ static struct cluster_data cluster_state[MAX_CLUSTERS]; static unsigned int num_clusters; #define for_each_cluster(cluster, idx) \ - for ((cluster) = &cluster_state[idx]; (idx) < num_clusters;\ - (idx)++, (cluster) = &cluster_state[idx]) + for (; (idx) < num_clusters && ((cluster) = &cluster_state[idx]);\ + (idx)++) static DEFINE_SPINLOCK(state_lock); static void apply_need(struct cluster_data *state); -- cgit v1.2.3