If a kernel is configured with a DT containing more /cpu nodes than
nr_cpu_ids, the number of cpus must be capped in the DT parsing
code. Current code carries out the check, but fails to cap the
value and the check is executed after the cpu logical index is used,
which can lead to memory corruption due to index overflow.
This patch refactors the check against nr_cpu_ids and move it before
any computed index is used in the parsing code.
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Acked-by: Grant Likely <grant.likely@secretlab.ca>
Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
i = cpuidx++;
}
- tmp_map[i] = hwid;
-
- if (cpuidx > nr_cpu_ids)
+ if (WARN(cpuidx > nr_cpu_ids, "DT /cpu %u nodes greater than "
+ "max cores %u, capping them\n",
+ cpuidx, nr_cpu_ids)) {
+ cpuidx = nr_cpu_ids;
break;
+ }
+
+ tmp_map[i] = hwid;
}
if (WARN(!bootcpu_valid, "DT missing boot CPU MPIDR[23:0], "