[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 24/45] hw/intc: sifive_plic: fix out-of-bound access of source_pri
From: |
Alistair Francis |
Subject: |
[PULL 24/45] hw/intc: sifive_plic: fix out-of-bound access of source_priority array |
Date: |
Mon, 19 Dec 2022 12:16:42 +1000 |
From: Jim Shu <jim.shu@sifive.com>
If the number of interrupt is not multiple of 32, PLIC will have
out-of-bound access to source_priority array. Compute the number of
interrupt in the last word to avoid this out-of-bound access of array.
Signed-off-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Bin Meng <bmeng@tinylab.org>
Message-Id: <20221127165753.30533-1-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
hw/intc/sifive_plic.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index b4949bef97..0c7696520d 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -78,6 +78,7 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic,
uint32_t addrid)
uint32_t max_irq = 0;
uint32_t max_prio = plic->target_priority[addrid];
int i, j;
+ int num_irq_in_word = 32;
for (i = 0; i < plic->bitfield_words; i++) {
uint32_t pending_enabled_not_claimed =
@@ -88,7 +89,16 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic,
uint32_t addrid)
continue;
}
- for (j = 0; j < 32; j++) {
+ if (i == (plic->bitfield_words - 1)) {
+ /*
+ * If plic->num_sources is not multiple of 32, num-of-irq in last
+ * word is not 32. Compute the num-of-irq of last word to avoid
+ * out-of-bound access of source_priority array.
+ */
+ num_irq_in_word = plic->num_sources - ((plic->bitfield_words - 1)
<< 5);
+ }
+
+ for (j = 0; j < num_irq_in_word; j++) {
int irq = (i << 5) + j;
uint32_t prio = plic->source_priority[irq];
int enabled = pending_enabled_not_claimed & (1 << j);
--
2.38.1
- [PULL 19/45] target/riscv: support cache-related PMU events in virtual mode, (continued)
- [PULL 19/45] target/riscv: support cache-related PMU events in virtual mode, Alistair Francis, 2022/12/18
- [PULL 28/45] target/riscv: Clear mstatus.MPRV when leaving M-mode for priv spec 1.12+, Alistair Francis, 2022/12/18
- [PULL 30/45] hw/riscv: Select MSI_NONBROKEN in SIFIVE_PLIC, Alistair Francis, 2022/12/18
- [PULL 21/45] hw/misc: pfsoc: add fabric clocks to ioscb, Alistair Francis, 2022/12/18
- [PULL 31/45] hw/intc: Select MSI_NONBROKEN in RISC-V AIA interrupt controllers, Alistair Francis, 2022/12/18
- [PULL 32/45] hw/riscv: Fix opentitan dependency to SIFIVE_PLIC, Alistair Francis, 2022/12/18
- [PULL 22/45] hw/riscv: pfsoc: add missing FICs as unimplemented, Alistair Francis, 2022/12/18
- [PULL 33/45] hw/riscv: Sort machines Kconfig options in alphabetical order, Alistair Francis, 2022/12/18
- [PULL 23/45] hw/{misc, riscv}: pfsoc: add system controller as unimplemented, Alistair Francis, 2022/12/18
- [PULL 34/45] hw/riscv: spike: Remove misleading comments, Alistair Francis, 2022/12/18
- [PULL 24/45] hw/intc: sifive_plic: fix out-of-bound access of source_priority array,
Alistair Francis <=
- [PULL 35/45] hw/intc: sifive_plic: Drop PLICMode_H, Alistair Francis, 2022/12/18
- [PULL 36/45] hw/intc: sifive_plic: Improve robustness of the PLIC config parser, Alistair Francis, 2022/12/18
- [PULL 37/45] hw/intc: sifive_plic: Use error_setg() to propagate the error up via errp in sifive_plic_realize(), Alistair Francis, 2022/12/18
- [PULL 25/45] target/riscv: Fix mret exception cause when no pmp rule is configured, Alistair Francis, 2022/12/18
- [PULL 26/45] target/riscv: Set pc_succ_insn for !rvc illegal insn, Alistair Francis, 2022/12/18
- [PULL 38/45] hw/intc: sifive_plic: Update "num-sources" property default value, Alistair Francis, 2022/12/18
- [PULL 39/45] hw/riscv: microchip_pfsoc: Fix the number of interrupt sources of PLIC, Alistair Francis, 2022/12/18
- [PULL 40/45] hw/riscv: sifive_e: Fix the number of interrupt sources of PLIC, Alistair Francis, 2022/12/18
- [PULL 41/45] hw/riscv: sifive_u: Avoid using magic number for "riscv, ndev", Alistair Francis, 2022/12/18
- [PULL 42/45] hw/riscv: virt: Fix the value of "riscv, ndev" in the dtb, Alistair Francis, 2022/12/18