From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B18E5C433F5 for ; Fri, 5 Nov 2021 12:09:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 93CCF6124F for ; Fri, 5 Nov 2021 12:09:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232944AbhKEMMH (ORCPT ); Fri, 5 Nov 2021 08:12:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:49696 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231428AbhKEMMF (ORCPT ); Fri, 5 Nov 2021 08:12:05 -0400 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 18BCF61215; Fri, 5 Nov 2021 12:09:25 +0000 (UTC) Received: from sofa.misterjones.org ([185.219.108.64] helo=why.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1miy26-003eKb-Sf; Fri, 05 Nov 2021 12:09:23 +0000 Date: Fri, 05 Nov 2021 12:09:22 +0000 Message-ID: <87y262953h.wl-maz@kernel.org> From: Marc Zyngier To: Ben Dooks Cc: linux-kernel@vger.kernel.org, Thomas Gleixner Subject: Re: [PATCH] irqdomain: check irq mapping against domain size In-Reply-To: <20211105090601.243416-1-ben.dooks@codethink.co.uk> References: <20211105090601.243416-1-ben.dooks@codethink.co.uk> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: ben.dooks@codethink.co.uk, linux-kernel@vger.kernel.org, tglx@linutronix.de X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Ben, On Fri, 05 Nov 2021 09:06:01 +0000, Ben Dooks wrote: > > The irq translate code does not check the irq number against > the maximum a domain can handle. This can cause an OOPS if > the firmware data has been damaged in any way. Check the intspec > or fwdata against the irqdomain and return -EINVAL if over. > > This is the result of bug somewhere in the boot of a SiFive Unmatched > board where the 5th argument of the pcie node is being damaged which > causes an OOPS in the startup code. > > Signed-off-by: Ben Dooks > --- > kernel/irq/irqdomain.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c > index 6284443b87ec..e61397420723 100644 > --- a/kernel/irq/irqdomain.c > +++ b/kernel/irq/irqdomain.c > @@ -906,6 +906,8 @@ int irq_domain_xlate_onecell(struct irq_domain *d, struct device_node *ctrlr, > { > if (WARN_ON(intsize < 1)) > return -EINVAL; > + if (WARN_ON(intspec[0] > d->hwirq_max)) > + return -EINVAL; This doesn't seem right. For a start, d->hwirq_max is 0 when the domain is backed by a radix tree. Also, nothing says that what you read from the DT is something that should be directly meaningful to the irqdomain. A driver could well call into this and perform some extra processing on the data before it lands into the irqdomain. In general, this looks like DT validation code, and I'm not keen on that in the core code. Thanks, M. -- Without deviation from the norm, progress is not possible.