Arnd Bergmann f3217d6f2f firmware: xilinx: fix out-of-bounds access ... The zynqmp_pm_set_suspend_mode() and zynqmp_pm_get_trustzone_version() functions pass values as api_id into zynqmp_pm_invoke_fn that are beyond PM_API_MAX, resulting in an out-of-bounds access: drivers/firmware/xilinx/zynqmp.c: In function 'zynqmp_pm_set_suspend_mode': drivers/firmware/xilinx/zynqmp.c:150:24: warning: array subscript 2562 is above array bounds of 'u32[64]' {aka 'unsigned int[64]'} [-Warray-bounds] 150 | if (zynqmp_pm_features[api_id] != PM_FEATURE_UNCHECKED) | ~~~~~~~~~~~~~~~~~~^~~~~~~~ drivers/firmware/xilinx/zynqmp.c:28:12: note: while referencing 'zynqmp_pm_features' 28 | static u32 zynqmp_pm_features[PM_API_MAX]; | ^~~~~~~~~~~~~~~~~~ Replace the resulting undefined behavior with an error return. This may break some things that happen to work at the moment but seems better than randomly overwriting kernel data. I assume we need additional fixes for the two functions that now return an error. Fixes: 76582671eb ("firmware: xilinx: Add Zynqmp firmware driver") Fixes: e178df31cf ("firmware: xilinx: Implement ZynqMP power management APIs") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20201026155449.3703142-1-arnd@kernel.org Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-11-09 18:35:35 +01:00
..
Kconfig	arm64: zynqmp: Make zynqmp_firmware driver optional	2020-03-09 14:58:24 +01:00
Makefile	firmware: xilinx: Add debugfs interface	2018-09-26 08:47:35 +02:00
zynqmp-debug.c	firmware: xilinx: Remove eemi ops for query_data	2020-04-28 15:45:06 +02:00
zynqmp-debug.h	firmware: xilinx: Add debugfs interface	2018-09-26 08:47:35 +02:00
zynqmp.c	firmware: xilinx: fix out-of-bounds access	2020-11-09 18:35:35 +01:00