[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL v3 22/43] hw/intc: sifive_plic: fix out-of-bound access of source_
From: |
Alistair Francis |
Subject: |
[PULL v3 22/43] hw/intc: sifive_plic: fix out-of-bound access of source_priority array |
Date: |
Fri, 6 Jan 2023 13:13:36 +1000 |
From: Jim Shu <jim.shu@sifive.com>
If the number of interrupt is not multiple of 32, PLIC will have
out-of-bound access to source_priority array. Compute the number of
interrupt in the last word to avoid this out-of-bound access of array.
Signed-off-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Bin Meng <bmeng@tinylab.org>
Message-Id: <20221127165753.30533-1-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
hw/intc/sifive_plic.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index b4949bef97..0c7696520d 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -78,6 +78,7 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic,
uint32_t addrid)
uint32_t max_irq = 0;
uint32_t max_prio = plic->target_priority[addrid];
int i, j;
+ int num_irq_in_word = 32;
for (i = 0; i < plic->bitfield_words; i++) {
uint32_t pending_enabled_not_claimed =
@@ -88,7 +89,16 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic,
uint32_t addrid)
continue;
}
- for (j = 0; j < 32; j++) {
+ if (i == (plic->bitfield_words - 1)) {
+ /*
+ * If plic->num_sources is not multiple of 32, num-of-irq in last
+ * word is not 32. Compute the num-of-irq of last word to avoid
+ * out-of-bound access of source_priority array.
+ */
+ num_irq_in_word = plic->num_sources - ((plic->bitfield_words - 1)
<< 5);
+ }
+
+ for (j = 0; j < num_irq_in_word; j++) {
int irq = (i << 5) + j;
uint32_t prio = plic->source_priority[irq];
int enabled = pending_enabled_not_claimed & (1 << j);
--
2.39.0
- [PULL v3 10/43] target/riscv: Add itrigger support when icount is not enabled, (continued)
- [PULL v3 10/43] target/riscv: Add itrigger support when icount is not enabled, Alistair Francis, 2023/01/05
- [PULL v3 08/43] target/riscv: smstateen check for h/s/envcfg, Alistair Francis, 2023/01/05
- [PULL v3 11/43] target/riscv: Add itrigger support when icount is enabled, Alistair Francis, 2023/01/05
- [PULL v3 12/43] target/riscv: Enable native debug itrigger, Alistair Francis, 2023/01/05
- [PULL v3 13/43] target/riscv: Add itrigger_enabled field to CPURISCVState, Alistair Francis, 2023/01/05
- [PULL v3 14/43] hw/intc: sifive_plic: Renumber the S irqs for numa support, Alistair Francis, 2023/01/05
- [PULL v3 15/43] target/riscv: Typo fix in sstc() predicate, Alistair Francis, 2023/01/05
- [PULL v3 16/43] hw/riscv: virt: Remove the redundant ipi-id property, Alistair Francis, 2023/01/05
- [PULL v3 18/43] target/riscv: Add some comments for sstatus CSR in riscv_cpu_dump_state(), Alistair Francis, 2023/01/05
- [PULL v3 17/43] target/riscv: support cache-related PMU events in virtual mode, Alistair Francis, 2023/01/05
- [PULL v3 22/43] hw/intc: sifive_plic: fix out-of-bound access of source_priority array,
Alistair Francis <=
- [PULL v3 19/43] hw/misc: pfsoc: add fabric clocks to ioscb, Alistair Francis, 2023/01/05
- [PULL v3 21/43] hw/{misc, riscv}: pfsoc: add system controller as unimplemented, Alistair Francis, 2023/01/05
- [PULL v3 20/43] hw/riscv: pfsoc: add missing FICs as unimplemented, Alistair Francis, 2023/01/05
- [PULL v3 23/43] target/riscv: Fix mret exception cause when no pmp rule is configured, Alistair Francis, 2023/01/05
- [PULL v3 24/43] target/riscv: Set pc_succ_insn for !rvc illegal insn, Alistair Francis, 2023/01/05
- [PULL v3 25/43] target/riscv: Simplify helper_sret() a little bit, Alistair Francis, 2023/01/05
- [PULL v3 26/43] target/riscv: Clear mstatus.MPRV when leaving M-mode for priv spec 1.12+, Alistair Francis, 2023/01/05
- [PULL v3 27/43] RISC-V: Add Zawrs ISA extension support, Alistair Francis, 2023/01/05
- [PULL v3 28/43] hw/riscv: Select MSI_NONBROKEN in SIFIVE_PLIC, Alistair Francis, 2023/01/05
- [PULL v3 29/43] hw/intc: Select MSI_NONBROKEN in RISC-V AIA interrupt controllers, Alistair Francis, 2023/01/05