Message ID | 86e3a059-504d-4795-a5ea-4a653f3b41f8@stanley.mountain (mailing list archive) |
---|---|
State | Mainlined, archived |
Headers | show |
Series | powercap: intel_rapl: Fix off by one in get_rpi() | expand |
On Tue, Aug 20, 2024 at 10:41 AM Dan Carpenter <dan.carpenter@linaro.org> wrote: > > The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have > NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= > to prevent an off by one access. > > Fixes: 98ff639a7289 ("powercap: intel_rapl: Support per Interface primitive information") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > --- > drivers/powercap/intel_rapl_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c > index 8b7a5a31e8c1..67aec73511a7 100644 > --- a/drivers/powercap/intel_rapl_common.c > +++ b/drivers/powercap/intel_rapl_common.c > @@ -740,7 +740,7 @@ static struct rapl_primitive_info *get_rpi(struct rapl_package *rp, int prim) > { > struct rapl_primitive_info *rpi = rp->priv->rpi; > > - if (prim < 0 || prim > NR_RAPL_PRIMITIVES || !rpi) > + if (prim < 0 || prim >= NR_RAPL_PRIMITIVES || !rpi) > return NULL; > > return &rpi[prim]; > -- Applied as 6.12 material, thanks!
On Tue, 2024-08-20 at 11:41 +0300, Dan Carpenter wrote: > The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have > NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= > to prevent an off by one access. > > Fixes: 98ff639a7289 ("powercap: intel_rapl: Support per Interface > primitive information") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Acked-by: Zhang Rui <rui.zhang@intel.com> thanks, rui > --- > drivers/powercap/intel_rapl_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/powercap/intel_rapl_common.c > b/drivers/powercap/intel_rapl_common.c > index 8b7a5a31e8c1..67aec73511a7 100644 > --- a/drivers/powercap/intel_rapl_common.c > +++ b/drivers/powercap/intel_rapl_common.c > @@ -740,7 +740,7 @@ static struct rapl_primitive_info *get_rpi(struct > rapl_package *rp, int prim) > { > struct rapl_primitive_info *rpi = rp->priv->rpi; > > - if (prim < 0 || prim > NR_RAPL_PRIMITIVES || !rpi) > + if (prim < 0 || prim >= NR_RAPL_PRIMITIVES || !rpi) > return NULL; > > return &rpi[prim];
diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c index 8b7a5a31e8c1..67aec73511a7 100644 --- a/drivers/powercap/intel_rapl_common.c +++ b/drivers/powercap/intel_rapl_common.c @@ -740,7 +740,7 @@ static struct rapl_primitive_info *get_rpi(struct rapl_package *rp, int prim) { struct rapl_primitive_info *rpi = rp->priv->rpi; - if (prim < 0 || prim > NR_RAPL_PRIMITIVES || !rpi) + if (prim < 0 || prim >= NR_RAPL_PRIMITIVES || !rpi) return NULL; return &rpi[prim];
The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= to prevent an off by one access. Fixes: 98ff639a7289 ("powercap: intel_rapl: Support per Interface primitive information") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- drivers/powercap/intel_rapl_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)