On Thu, Feb 11, 2016 at 07:00:28AM -0800, Eduardo Valentin wrote:
> On Thu, Feb 11, 2016 at 12:00:51PM +0000, Javi Merino wrote:
> > In __cpufreq_cooling_register() we allocate the arrays for time_in_idle
> > and time_in_idle_timestamp to be as big as the number of cpus in this
> > cpufreq device. However, in get_load() we access this array using the
> > cpu number as index, which can result in an out of bound access.
> >
> > Index time_in_idle{,_timestamp} using the index in the cpufreq_device's
> > allowed_cpus mask, as we do for the load_cpu array in
> > cpufreq_get_requested_power()
> >
> > Reported-by: Nicolas Boichat <[email protected]>
> > Cc: Amit Daniel Kachhap <[email protected]>
> > Cc: Zhang Rui <[email protected]>
> > Cc: Eduardo Valentin <[email protected]>
> > Tested-by: Nicolas Boichat <[email protected]>
> > Acked-by: Viresh Kumar <[email protected]>
> > Signed-off-by: Javi Merino <[email protected]>
>
>
> > ---
> > Hi Andrew,
> >
> > This patch fixes an out of bounds access found by Nicolas Boichat
> > using KASAN. It is acked by Viresh, comaintainer of the cpu cooling
> > device and tested by the reporter. It's been in the list[0] for more
> > than a month, I've pinged the thermal maintainers three times but they
> > haven't replied.
> >
> > Can you merge it via your tree? Thanks,
> > Javi
>
> Somehow this patch was marked as accepted in patchwork and I missed it,
> apologize for this. I am adding it to thermal-soc.
Great, thanks!
Javi
