powerpc: Add array bounds checking to crash_shutdown_handlers

Michael Ellerman mpe at ellerman.id.au
Tue Jun 21 10:40:54 AEST 2016


On Wed, 2016-11-05 at 00:57:32 UTC, Suraj Jitindar Singh wrote:
> The array crash_shutdown_handles is an array of size CRASH_HANDLER_MAX+1
> containing up to CRASH_HANDLER_MAX shutdown_handlers. It is assumed to
> be NULL terminated, which it is under normal circumstances. Array
> accesses in the functions crash_shutdown_unregister() and
> default_machine_crash_shutdown() rely on this NULL termination property
> when traversing this list and don't protect again out of bounds accesses.
> If the NULL terminator were somehow overwritten these functions could
> potentially access out of the bounds of the array.
> 
> Shrink the array to size CRASH_HANDLER_MAX and implement explicit array
> bounds checking when accessing the elements of the
> crash_shutdown_handles[] array in crash_shutdown_unregister() and
> default_machine_crash_shutdown().
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh at gmail.com>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/1d1451655bad9a6a5fd7a42de6

cheers


More information about the Linuxppc-dev mailing list