From ce7b175656a1903605f0184bf33acebff70bfe7f Mon Sep 17 00:00:00 2001 From: Lorenzo Pieralisi Date: Thu, 22 Nov 2012 18:02:54 +0100 Subject: [PATCH] ARM: 7585/1: kernel: fix nr_cpu_ids check in DT logical map init If a kernel is configured with a DT containing more /cpu nodes than nr_cpu_ids, the number of cpus must be capped in the DT parsing code. Current code carries out the check, but fails to cap the value and the check is executed after the cpu logical index is used, which can lead to memory corruption due to index overflow. This patch refactors the check against nr_cpu_ids and move it before any computed index is used in the parsing code. Signed-off-by: Lorenzo Pieralisi Acked-by: Grant Likely Reported-by: Mark Rutland Signed-off-by: Russell King --- arch/arm/kernel/devtree.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/arm/kernel/devtree.c b/arch/arm/kernel/devtree.c index aaf9add497fe..70f1bdeb241b 100644 --- a/arch/arm/kernel/devtree.c +++ b/arch/arm/kernel/devtree.c @@ -139,10 +139,14 @@ void __init arm_dt_init_cpu_maps(void) i = cpuidx++; } - tmp_map[i] = hwid; - - if (cpuidx > nr_cpu_ids) + if (WARN(cpuidx > nr_cpu_ids, "DT /cpu %u nodes greater than " + "max cores %u, capping them\n", + cpuidx, nr_cpu_ids)) { + cpuidx = nr_cpu_ids; break; + } + + tmp_map[i] = hwid; } if (WARN(!bootcpu_valid, "DT missing boot CPU MPIDR[23:0], "