Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp333803pxb; Mon, 16 Aug 2021 06:32:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzp9ls4rg1699NDAKQo2HYRZ0xu8j40d69kc5M93DSXCRdiuBWHrG9az5hEuEMI+OGQPF4r X-Received: by 2002:a17:906:a894:: with SMTP id ha20mr16271138ejb.229.1629120773964; Mon, 16 Aug 2021 06:32:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629120773; cv=none; d=google.com; s=arc-20160816; b=0SJ26Gn+sU8Hub+OQocd9NzOIHzNjk87Ie/6vy3cynqZ2Jqt3kPfEpyFWEWwau+a1r I77/FT4HcFjCypzW3J29XOvRiqu6bhlqOdfT1ZA36uR810i/7Q1p/k2elQGyBjMaIqs5 tfk5kbikfIDt6+MiwpSrzjysA6pgmXmaS/JAszzK1buyIDk1FbgKkB2nvZTcfgk7g738 RjJLVwOdOIHdqLdOqOwLTufK97yTZKb+TPwRIVs7rq1wDcXWucbY1d5NirE5cN1OFInH owNzyqii2ZcAf5yr8cX8o0swhVnRCnMc2k9Nh8imcJBSNirE9hafcevMf/mPBniut+85 BpIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AukbGoK0kU2cCG7v6D5U+VQaOjhSpxDyCeEUHTW1v84=; b=0h7Hx6LxE5fOYwOlTqpZzra9zKw4ZdPx8BkVtnIQHcu21weOxxg99ijlkHPVByzyLA 4sDPfWURZ/qRP4TCxowBl6SDbzgWNEjl0r5S/LDD1Qi0RGvc0ZQVHXA9EJb4fnDgZimj nSOJqUvIL66V+p/RKSk0oSS0m0LLLvaKVmFTxAbBMntD2bLxb+kS0zO/W31Bvef3oKMU vfDRufAp3J9R9ZQSEgb3BtBzKr6MQx/CGaZsH2+K4to8Zw0ArUh0nzyvWSPPBTaDcUCv qGDuhm1dMPR8o+igOA7JveD+T098orXyz7X3osCCUPIZ6k18HWQCLY9qXf/Hr8+x1z4w hyLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="B/jbYQ2y"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u10si9950980ejc.522.2021.08.16.06.32.30; Mon, 16 Aug 2021 06:32:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="B/jbYQ2y"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239196AbhHPNaa (ORCPT + 99 others); Mon, 16 Aug 2021 09:30:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:44512 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240606AbhHPNTz (ORCPT ); Mon, 16 Aug 2021 09:19:55 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 31477632C2; Mon, 16 Aug 2021 13:14:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1629119698; bh=UDGrsDOzRgCA/grhzvmXw437X+dpszg1H4mzPRnPOHM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=B/jbYQ2y3wE+UkLne2sD+eI80E4DmPA3w4kpi8QbTxnanZ0yEE1+80A0TsOp8myhA dI5hIeCRymfuo2fmeqjRo1gce1zbHwRJWoZ72mIOIweUPWrX+sqhwAaRkk/EYJRPAi SyLmX3VMu7GxVOCYSV+aZmBTZc+Y/e3tgVGcRsOs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ben Dai , Thomas Gleixner Subject: [PATCH 5.13 126/151] genirq/timings: Prevent potential array overflow in __irq_timings_store() Date: Mon, 16 Aug 2021 15:02:36 +0200 Message-Id: <20210816125448.207697776@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210816125444.082226187@linuxfoundation.org> References: <20210816125444.082226187@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ben Dai commit b9cc7d8a4656a6e815852c27ab50365009cb69c1 upstream. When the interrupt interval is greater than 2 ^ PREDICTION_BUFFER_SIZE * PREDICTION_FACTOR us and less than 1s, the calculated index will be greater than the length of irqs->ema_time[]. Check the calculated index before using it to prevent array overflow. Fixes: 23aa3b9a6b7d ("genirq/timings: Encapsulate storing function") Signed-off-by: Ben Dai Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20210425150903.25456-1-ben.dai9703@gmail.com Signed-off-by: Greg Kroah-Hartman --- kernel/irq/timings.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/kernel/irq/timings.c +++ b/kernel/irq/timings.c @@ -453,6 +453,11 @@ static __always_inline void __irq_timing */ index = irq_timings_interval_index(interval); + if (index > PREDICTION_BUFFER_SIZE - 1) { + irqs->count = 0; + return; + } + /* * Store the index as an element of the pattern in another * circular array.