From patchwork Sun Dec 11 06:54:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bin Meng X-Patchwork-Id: 1714556 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=gpSpDm4U; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NVFrP0Rpwz240J for ; Sun, 11 Dec 2022 17:55:15 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=tgpEA94UWLTKILyoe2gDnkP8XXC3WK8jpwyUF1Ppin4=; b=gpSpDm4UdQBr5O T288M+weA71+ejm40ReyCvqCG3jnV6vziYARogghqkhaTs7aDDVTLyhgqbEKctQamtAVxr3A6bM7X MyEOkZ8H0IPvD5crIxIK1tRnkSIu8uLOE3bDqm72s6iEytm/SBCTrHep9Kgl9ckInd6Jt2xV8M56r FGu6EgwbbmS1ochmDgrqDxEwp1enmVlayhEMjWjV0JPimIhZ0WtAUmJ5PHvMmJERQWgNk76NPnUOs sP4i/3ZT1M6uc5n8NcdfiniY5fUsO+sTN05QBcewfHZQrkzQcbhlPMihBSp3V6Mc85xMAcTTZtaeS j9Flj8hJGQ20dJwZVz3w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1p4GEi-00DxRz-JI; Sun, 11 Dec 2022 06:54:56 +0000 Received: from bg4.exmail.qq.com ([43.154.221.58]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1p4GEY-00DxFG-Pr for opensbi@lists.infradead.org; Sun, 11 Dec 2022 06:54:52 +0000 X-QQ-mid: bizesmtp88t1670741668tm7e8ui4 Received: from ubuntu.. ( [111.196.135.79]) by bizesmtp.qq.com (ESMTP) with SMTP id 0 for ; Sun, 11 Dec 2022 14:54:27 +0800 (CST) X-QQ-SSF: 01200000002000B0B000B00A0000000 X-QQ-FEAT: lj50s4tNr7r8lvT5q6N/Im+UbsopxFm04kBcIBZ50ahaz9m8sLFa1dJpHRENX zuBRDoyCMc/8+p1vVaYvk6U1fwclVyQa3sJcnN3LZKM5gxwQhvQGP/Cej3jkqEuB5Lqh1ol Tlfth0i5nOs21dfI+dXT1wYtKQCzdDp5AwXshsb/hZSX1fv0BrMUuDfKGTslF0RzgEQFhQX /HJVJxR9pDqrvZeg5PhpeK+5O8iFWn7CClxfIfEKs20NaYf9V4YCzgudgjYITyl6JkCFCTB JlO9sNmXfj9SsKac2Y8GFo5gqOIW/HWL30OkidkgsKvqvNnGWYOeWdFpetN3FMvcK+hV32o PNN3bFMDs0/Zny+BdGJ9m2VJGIPONvwXkMzPKMk6Xz+PtxuXsA= X-QQ-GoodBg: 0 From: Bin Meng To: opensbi@lists.infradead.org Subject: [PATCH v3 2/5] lib: utils/irqchip: plic: Ensure no out-of-bound access in priority save/restore helpers Date: Sun, 11 Dec 2022 14:54:21 +0800 Message-Id: <20221211065424.806478-2-bmeng@tinylab.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221211065424.806478-1-bmeng@tinylab.org> References: <20221211065424.806478-1-bmeng@tinylab.org> MIME-Version: 1.0 X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtp:tinylab.org:qybglogicsvr:qybglogicsvr3 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221210_225447_293444_2E25F28E X-CRM114-Status: GOOD ( 13.48 ) X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Currently the priority save/restore helpers writes/reads the provided array using an index whose maximum value is determined by PLIC, which potentially may disagree with the caller to these helpers. Add a parameter to ask the caller to provide the size limit of the array to ensure no out-of-bound access happens. Content analysis details: (-0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [43.154.221.58 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Currently the priority save/restore helpers writes/reads the provided array using an index whose maximum value is determined by PLIC, which potentially may disagree with the caller to these helpers. Add a parameter to ask the caller to provide the size limit of the array to ensure no out-of-bound access happens. Signed-off-by: Bin Meng Reviewed-by: Anup Patel --- Changes in v3: - fix the size limit check - move the size limit check to plic_priority_save/restore - add parameter description to fdt_plic_priority_save/restore Changes in v2: - new patch: libs: utils/irqchip: plic: Ensure no out-of-bound access in priority save/restore helpers include/sbi_utils/irqchip/fdt_irqchip_plic.h | 14 ++++++++++++-- include/sbi_utils/irqchip/plic.h | 5 +++-- lib/utils/irqchip/fdt_irqchip_plic.c | 8 ++++---- lib/utils/irqchip/plic.c | 15 +++++++++++---- platform/generic/allwinner/sun20i-d1.c | 4 ++-- 5 files changed, 32 insertions(+), 14 deletions(-) diff --git a/include/sbi_utils/irqchip/fdt_irqchip_plic.h b/include/sbi_utils/irqchip/fdt_irqchip_plic.h index 98d4de5..d5b1c60 100644 --- a/include/sbi_utils/irqchip/fdt_irqchip_plic.h +++ b/include/sbi_utils/irqchip/fdt_irqchip_plic.h @@ -9,9 +9,19 @@ #include -void fdt_plic_priority_save(u8 *priority); +/** + * Save the PLIC priority state + * @param priority pointer to the memory region for the saved priority + * @param num size of the memory region including interrupt source 0 + */ +void fdt_plic_priority_save(u8 *priority, u32 num); -void fdt_plic_priority_restore(const u8 *priority); +/** + * Restore the PLIC priority state + * @param priority pointer to the memory region for the saved priority + * @param num size of the memory region including interrupt source 0 + */ +void fdt_plic_priority_restore(const u8 *priority, u32 num); void fdt_plic_context_save(bool smode, u32 *enable, u32 *threshold); diff --git a/include/sbi_utils/irqchip/plic.h b/include/sbi_utils/irqchip/plic.h index 48c24f0..38704a1 100644 --- a/include/sbi_utils/irqchip/plic.h +++ b/include/sbi_utils/irqchip/plic.h @@ -18,9 +18,10 @@ struct plic_data { }; /* So far, priorities on all consumers of these functions fit in 8 bits. */ -void plic_priority_save(const struct plic_data *plic, u8 *priority); +void plic_priority_save(const struct plic_data *plic, u8 *priority, u32 num); -void plic_priority_restore(const struct plic_data *plic, const u8 *priority); +void plic_priority_restore(const struct plic_data *plic, const u8 *priority, + u32 num); void plic_context_save(const struct plic_data *plic, int context_id, u32 *enable, u32 *threshold); diff --git a/lib/utils/irqchip/fdt_irqchip_plic.c b/lib/utils/irqchip/fdt_irqchip_plic.c index fe08836..7d76c5b 100644 --- a/lib/utils/irqchip/fdt_irqchip_plic.c +++ b/lib/utils/irqchip/fdt_irqchip_plic.c @@ -24,18 +24,18 @@ static struct plic_data plic[PLIC_MAX_NR]; static struct plic_data *plic_hartid2data[SBI_HARTMASK_MAX_BITS]; static int plic_hartid2context[SBI_HARTMASK_MAX_BITS][2]; -void fdt_plic_priority_save(u8 *priority) +void fdt_plic_priority_save(u8 *priority, u32 num) { struct plic_data *plic = plic_hartid2data[current_hartid()]; - plic_priority_save(plic, priority); + plic_priority_save(plic, priority, num); } -void fdt_plic_priority_restore(const u8 *priority) +void fdt_plic_priority_restore(const u8 *priority, u32 num) { struct plic_data *plic = plic_hartid2data[current_hartid()]; - plic_priority_restore(plic, priority); + plic_priority_restore(plic, priority, num); } void fdt_plic_context_save(bool smode, u32 *enable, u32 *threshold) diff --git a/lib/utils/irqchip/plic.c b/lib/utils/irqchip/plic.c index 4df9020..dca5678 100644 --- a/lib/utils/irqchip/plic.c +++ b/lib/utils/irqchip/plic.c @@ -36,15 +36,22 @@ static void plic_set_priority(const struct plic_data *plic, u32 source, u32 val) writel(val, plic_priority); } -void plic_priority_save(const struct plic_data *plic, u8 *priority) +void plic_priority_save(const struct plic_data *plic, u8 *priority, u32 num) { - for (u32 i = 1; i <= plic->num_src; i++) + if (num > plic->num_src) + num = plic->num_src; + + for (u32 i = 1; i <= num; i++) priority[i] = plic_get_priority(plic, i); } -void plic_priority_restore(const struct plic_data *plic, const u8 *priority) +void plic_priority_restore(const struct plic_data *plic, const u8 *priority, + u32 num) { - for (u32 i = 1; i <= plic->num_src; i++) + if (num > plic->num_src) + num = plic->num_src; + + for (u32 i = 1; i <= num; i++) plic_set_priority(plic, i, priority[i]); } diff --git a/platform/generic/allwinner/sun20i-d1.c b/platform/generic/allwinner/sun20i-d1.c index 18d330d..1f27575 100644 --- a/platform/generic/allwinner/sun20i-d1.c +++ b/platform/generic/allwinner/sun20i-d1.c @@ -79,13 +79,13 @@ static u32 plic_threshold; static void sun20i_d1_plic_save(void) { fdt_plic_context_save(true, plic_sie, &plic_threshold); - fdt_plic_priority_save(plic_priority); + fdt_plic_priority_save(plic_priority, PLIC_SOURCES); } static void sun20i_d1_plic_restore(void) { thead_plic_restore(); - fdt_plic_priority_restore(plic_priority); + fdt_plic_priority_restore(plic_priority, PLIC_SOURCES); fdt_plic_context_restore(true, plic_sie, plic_threshold); }