[PATCH 1/1] lib: sbi_pmu: Avoid out of bounds access

Andrew Jones ajones at ventanamicro.com
Mon Jul 3 07:50:20 PDT 2023


On Mon, Jul 03, 2023 at 03:43:18PM +0200, Heinrich Schuchardt wrote:
> On a misconfigured system we could access phs->active_events[] out of
> bounds. Check that num_hw_ctrs is less or equal SBI_PMU_HW_CTR_MAX.
> 
> Addresses-Coverity-ID: 1566113 ("Out-of-bounds read")
> Addresses-Coverity-ID: 1566114 ("Out-of-bounds write")
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
>  lib/sbi/sbi_pmu.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/lib/sbi/sbi_pmu.c b/lib/sbi/sbi_pmu.c
> index c73e6ef..7213a53 100644
> --- a/lib/sbi/sbi_pmu.c
> +++ b/lib/sbi/sbi_pmu.c
> @@ -933,6 +933,8 @@ int sbi_pmu_init(struct sbi_scratch *scratch, bool cold_boot)
>  
>  		/* mcycle & minstret is available always */
>  		num_hw_ctrs = sbi_hart_mhpm_count(scratch) + 3;
> +		if (num_hw_ctrs > SBI_PMU_HW_CTR_MAX)
> +			return SBI_EINVAL;
>  		total_ctrs = num_hw_ctrs + SBI_PMU_FW_CTR_MAX;
>  	}
>  
> -- 
> 2.40.1
>

Should we instead cap and warn in hart_detect_features()?

Thanks,
drew



More information about the opensbi mailing list