[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL v2 24/45] hw/intc: sifive_plic: fix out-of-bound access of source_
From: |
Alistair Francis |
Subject: |
[PULL v2 24/45] hw/intc: sifive_plic: fix out-of-bound access of source_priority array |
Date: |
Thu, 22 Dec 2022 08:40:01 +1000 |
From: Jim Shu <jim.shu@sifive.com>
If the number of interrupt is not multiple of 32, PLIC will have
out-of-bound access to source_priority array. Compute the number of
interrupt in the last word to avoid this out-of-bound access of array.
Signed-off-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Bin Meng <bmeng@tinylab.org>
Message-Id: <20221127165753.30533-1-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
hw/intc/sifive_plic.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index b4949bef97..0c7696520d 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -78,6 +78,7 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic,
uint32_t addrid)
uint32_t max_irq = 0;
uint32_t max_prio = plic->target_priority[addrid];
int i, j;
+ int num_irq_in_word = 32;
for (i = 0; i < plic->bitfield_words; i++) {
uint32_t pending_enabled_not_claimed =
@@ -88,7 +89,16 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic,
uint32_t addrid)
continue;
}
- for (j = 0; j < 32; j++) {
+ if (i == (plic->bitfield_words - 1)) {
+ /*
+ * If plic->num_sources is not multiple of 32, num-of-irq in last
+ * word is not 32. Compute the num-of-irq of last word to avoid
+ * out-of-bound access of source_priority array.
+ */
+ num_irq_in_word = plic->num_sources - ((plic->bitfield_words - 1)
<< 5);
+ }
+
+ for (j = 0; j < num_irq_in_word; j++) {
int irq = (i << 5) + j;
uint32_t prio = plic->source_priority[irq];
int enabled = pending_enabled_not_claimed & (1 << j);
--
2.38.1
- [PULL v2 14/45] target/riscv: Enable native debug itrigger, (continued)
- [PULL v2 14/45] target/riscv: Enable native debug itrigger, Alistair Francis, 2022/12/21
- [PULL v2 15/45] target/riscv: Add itrigger_enabled field to CPURISCVState, Alistair Francis, 2022/12/21
- [PULL v2 16/45] hw/intc: sifive_plic: Renumber the S irqs for numa support, Alistair Francis, 2022/12/21
- [PULL v2 17/45] target/riscv: Typo fix in sstc() predicate, Alistair Francis, 2022/12/21
- [PULL v2 18/45] hw/riscv: virt: Remove the redundant ipi-id property, Alistair Francis, 2022/12/21
- [PULL v2 19/45] target/riscv: support cache-related PMU events in virtual mode, Alistair Francis, 2022/12/21
- [PULL v2 20/45] target/riscv: Add some comments for sstatus CSR in riscv_cpu_dump_state(), Alistair Francis, 2022/12/21
- [PULL v2 22/45] hw/riscv: pfsoc: add missing FICs as unimplemented, Alistair Francis, 2022/12/21
- [PULL v2 21/45] hw/misc: pfsoc: add fabric clocks to ioscb, Alistair Francis, 2022/12/21
- [PULL v2 23/45] hw/{misc, riscv}: pfsoc: add system controller as unimplemented, Alistair Francis, 2022/12/21
- [PULL v2 24/45] hw/intc: sifive_plic: fix out-of-bound access of source_priority array,
Alistair Francis <=
- [PULL v2 25/45] target/riscv: Fix mret exception cause when no pmp rule is configured, Alistair Francis, 2022/12/21
- [PULL v2 26/45] target/riscv: Set pc_succ_insn for !rvc illegal insn, Alistair Francis, 2022/12/21
- [PULL v2 27/45] target/riscv: Simplify helper_sret() a little bit, Alistair Francis, 2022/12/21
- [PULL v2 28/45] target/riscv: Clear mstatus.MPRV when leaving M-mode for priv spec 1.12+, Alistair Francis, 2022/12/21
- [PULL v2 30/45] hw/riscv: Select MSI_NONBROKEN in SIFIVE_PLIC, Alistair Francis, 2022/12/21
- [PULL v2 29/45] RISC-V: Add Zawrs ISA extension support, Alistair Francis, 2022/12/21
- [PULL v2 31/45] hw/intc: Select MSI_NONBROKEN in RISC-V AIA interrupt controllers, Alistair Francis, 2022/12/21
- [PULL v2 32/45] hw/riscv: Fix opentitan dependency to SIFIVE_PLIC, Alistair Francis, 2022/12/21
- [PULL v2 33/45] hw/riscv: Sort machines Kconfig options in alphabetical order, Alistair Francis, 2022/12/21
- [PULL v2 35/45] hw/intc: sifive_plic: Drop PLICMode_H, Alistair Francis, 2022/12/21