hv: fix some potential array overflow risk
'pcpu_id' should be less than CONFIG_MAX_PCPU_NUM, else 'per_cpu_data' will overflow. This commit fixes this potential overflow issue. Tracked-On: #3397 Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com> Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
parent
e749ced4a0
commit
2d4809e3b1
|
@ -66,7 +66,7 @@ static uint32_t calculate_logical_dest_mask(uint64_t pdmask)
|
|||
uint16_t pcpu_id;
|
||||
|
||||
pcpu_id = ffs64(pcpu_mask);
|
||||
while (pcpu_id != INVALID_BIT_INDEX) {
|
||||
while (pcpu_id < CONFIG_MAX_PCPU_NUM) {
|
||||
bitmap_clear_nolock(pcpu_id, &pcpu_mask);
|
||||
dest_mask |= per_cpu(lapic_ldr, pcpu_id);
|
||||
pcpu_id = ffs64(pcpu_mask);
|
||||
|
|
|
@ -240,7 +240,7 @@ void send_dest_ipi_mask(uint32_t dest_mask, uint32_t vector)
|
|||
|
||||
pcpu_id = ffs64(mask);
|
||||
|
||||
while (pcpu_id != INVALID_BIT_INDEX) {
|
||||
while (pcpu_id < CONFIG_MAX_PCPU_NUM) {
|
||||
bitmap32_clear_nolock(pcpu_id, &mask);
|
||||
if (is_pcpu_active(pcpu_id)) {
|
||||
icr.value_32.hi_32 = per_cpu(lapic_id, pcpu_id);
|
||||
|
|
|
@ -44,7 +44,7 @@ void smp_call_function(uint64_t mask, smp_call_func_t func, void *data)
|
|||
/* wait for previous smp call complete, which may run on other cpus */
|
||||
while (atomic_cmpxchg64(&smp_call_mask, 0UL, mask & INVALID_BIT_INDEX) != 0UL);
|
||||
pcpu_id = ffs64(mask);
|
||||
while (pcpu_id != INVALID_BIT_INDEX) {
|
||||
while (pcpu_id < CONFIG_MAX_PCPU_NUM) {
|
||||
bitmap_clear_nolock(pcpu_id, &mask);
|
||||
if (is_pcpu_active(pcpu_id)) {
|
||||
smp_call = &per_cpu(smp_call_info, pcpu_id);
|
||||
|
|
Loading…
Reference in New Issue