On Thu, Feb 11, 2016 at 12:00:51PM +0000, Javi Merino wrote:
> In __cpufreq_cooling_register() we allocate the arrays for time_in_idle
> and time_in_idle_timestamp to be as big as the number of cpus in this
> cpufreq device. However, in get_load() we access this array using the
> cpu number as index, which can result in an out of bound access.
>
> Index time_in_idle{,_timestamp} using the index in the cpufreq_device's
> allowed_cpus mask, as we do for the load_cpu array in
> cpufreq_get_requested_power()
>
> Reported-by: Nicolas Boichat <[email protected]>
> Cc: Amit Daniel Kachhap <[email protected]>
> Cc: Zhang Rui <[email protected]>
> Cc: Eduardo Valentin <[email protected]>
> Tested-by: Nicolas Boichat <[email protected]>
> Acked-by: Viresh Kumar <[email protected]>
> Signed-off-by: Javi Merino <[email protected]>
> ---
> Hi Andrew,
>
> This patch fixes an out of bounds access found by Nicolas Boichat
> using KASAN. It is acked by Viresh, comaintainer of the cpu cooling
> device and tested by the reporter. It's been in the list[0] for more
> than a month, I've pinged the thermal maintainers three times but they
> haven't replied.
>
> Can you merge it via your tree? Thanks,
> Javi
Somehow this patch was marked as accepted in patchwork and I missed it,
apologize for this. I am adding it to thermal-soc.
BR,
Eduardo
