[PATCH 3/3] powerpc/xive: Extra sanity checks on cpu numbers

[Benjamin Herrenschmidt]

When targetting interrupts we do various manipulations of cpu numbers
and CPU masks. This adds some sanity checking to ensure we don't
break assumptions and manpulate cpu numbers that are out of bounds
of the various cpumasks.

Signed-off-by: Benjamin Herrenschmidt <benh at kernel.crashing.org>
---
 arch/powerpc/sysdev/xive/common.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/sysdev/xive/common.c b/arch/powerpc/sysdev/xive/common.c
index abda9b2..496036c 100644
--- a/arch/powerpc/sysdev/xive/common.c
+++ b/arch/powerpc/sysdev/xive/common.c
@@ -452,8 +452,14 @@ static int xive_find_target_in_mask(const struct cpumask *mask,
 
 	/* Locate it */
 	cpu = cpumask_first(mask);
-	for (i = 0; i < first; i++)
+	for (i = 0; i < first && cpu < nr_cpu_ids; i++)
 		cpu = cpumask_next(cpu, mask);
+
+	/* Sanity check */
+	if (WARN_ON(cpu >= nr_cpu_ids))
+		cpu = cpumask_first(cpu_online_mask);
+
+	/* Remember first one to handle wrap-around */
 	first = cpu;
 
 	/*
@@ -545,6 +551,12 @@ static unsigned int xive_irq_startup(struct irq_data *d)
 			return -ENXIO;
 		pr_warn("irq %d started with broken affinity\n", d->irq);
 	}
+
+	/* Sanity check */
+	if (WARN_ON(target == XIVE_INVALID_TARGET ||
+		    target >= nr_cpu_ids))
+		target = smp_processor_id();
+
 	xd->target = target;
 
 	/*
@@ -676,6 +688,10 @@ static int xive_irq_set_affinity(struct irq_data *d,
 	if (target == XIVE_INVALID_TARGET)
 		return -ENXIO;
 
+	/* Sanity check */
+	if (WARN_ON(target >= nr_cpu_ids))
+		target = smp_processor_id();
+
 	old_target = xd->target;
 
 	/*
-- 
2.9.3