4.2.8-ckt5 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------ From: Colin Ian King <[email protected]> commit 9bf148cb0812595bfdf5100bd2c07e9bec9c6ef5 upstream. In the unlikely event that regno == nr_registers then we get an array overrun on regoff because the invalid register check is currently off-by-one. Fix this with a check that regno is >= nr_registers instead. Detected with static analysis using CoverityScan. Fixes: fcc7ffd67991 "x86, mpx: Decode MPX instruction to get bound violation information" Signed-off-by: Colin Ian King <[email protected]> Acked-by: Dave Hansen <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: "Kirill A . Shutemov" <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Thomas Gleixner <[email protected]> Signed-off-by: Kamal Mostafa <[email protected]> --- arch/x86/mm/mpx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c index 27f8393..b77009c 100644 --- a/arch/x86/mm/mpx.c +++ b/arch/x86/mm/mpx.c @@ -160,7 +160,7 @@ static int get_reg_offset(struct insn *insn, struct pt_regs *regs, break; } - if (regno > nr_registers) { + if (regno >= nr_registers) { WARN_ONCE(1, "decoded an instruction with an invalid register"); return -EINVAL; } -- 2.7.0
