[Skiboot] [PATCH v6 28/29] slw: slw_reinit fix array overrun

Nicholas Piggin npiggin at gmail.com
Wed Nov 6 23:10:46 AEDT 2019


The slw patch saving array is too small, which results in slw_reinit
overwriting 32 bytes beyond the end of it. The size is increased to
0x100, which is the architecture interrupt vector size.

Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
---
 hw/slw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/slw.c b/hw/slw.c
index e058232ff..5a7e24e58 100644
--- a/hw/slw.c
+++ b/hw/slw.c
@@ -28,7 +28,7 @@
 #include <p8_pore_table_gen_api.H>
 #include <sbe_xip_image.h>
 
-#define MAX_RESET_PATCH_SIZE	64
+#define MAX_RESET_PATCH_SIZE	0x100
 
 static uint32_t slw_saved_reset[MAX_RESET_PATCH_SIZE];
 
-- 
2.23.0



More information about the Skiboot mailing list