powerpc/crash: Rearrange loop condition to avoid out of bounds array access
authorSuraj Jitindar Singh <sjitindarsingh@gmail.com>
Mon, 11 Jul 2016 04:17:31 +0000 (14:17 +1000)
committerMichael Ellerman <mpe@ellerman.id.au>
Thu, 14 Jul 2016 10:26:22 +0000 (20:26 +1000)
The array crash_shutdown_handles[] has size CRASH_HANDLER_MAX, thus when
we loop over the elements of the list we check crash_shutdown_handles[i]
&& i < CRASH_HANDLER_MAX. However this means that when we increment i to
CRASH_HANDLER_MAX we will perform an out of bound array access checking
the first condition before exiting on the second condition.

To avoid the out of bounds access, simply reorder the loop conditions.

Fixes: 1d1451655bad ("powerpc: Add array bounds checking to crash_shutdown_handlers")
Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
arch/powerpc/kernel/crash.c

index 888bdf198c3e8a19dae75ef64b540ed6d37918a7..47b63de81f9bf6a1894c4268cc37351e6d275ca4 100644 (file)
@@ -351,7 +351,7 @@ void default_machine_crash_shutdown(struct pt_regs *regs)
        old_handler = __debugger_fault_handler;
        __debugger_fault_handler = handle_fault;
        crash_shutdown_cpu = smp_processor_id();
-       for (i = 0; crash_shutdown_handles[i] && i < CRASH_HANDLER_MAX; i++) {
+       for (i = 0; i < CRASH_HANDLER_MAX && crash_shutdown_handles[i]; i++) {
                if (setjmp(crash_shutdown_buf) == 0) {
                        /*
                         * Insert syncs and delay to ensure