From 1da3d80b5bc074fce077adc47c97f3179c0addd9 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 5 Jun 2021 14:22:43 +0200 Subject: [PATCH] lib: sbi_scratch: zero out scratch memory on all harts In sbi_scratch_init() we determine the last hart. The index of the last hart cannot exceed SBI_HARTMASK_MAX_BITS - 1. We should not initialize last_hartid_having_scratch to a higher number to avoid buffer overflows when using this value before calling sbi_scratch_init(). When allocating scratch memory in sbi_scratch_alloc_offset() we zero out the allocated memory for all harts except for the last one. We should not skip the last hart. Signed-off-by: Heinrich Schuchardt Reviewed-by: Anup Patel --- lib/sbi/sbi_scratch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/sbi/sbi_scratch.c b/lib/sbi/sbi_scratch.c index 7cf5b43..87b34c6 100644 --- a/lib/sbi/sbi_scratch.c +++ b/lib/sbi/sbi_scratch.c @@ -14,7 +14,7 @@ #include #include -u32 last_hartid_having_scratch = SBI_HARTMASK_MAX_BITS; +u32 last_hartid_having_scratch = SBI_HARTMASK_MAX_BITS - 1; struct sbi_scratch *hartid_to_scratch_table[SBI_HARTMASK_MAX_BITS] = { 0 }; static spinlock_t extra_lock = SPIN_LOCK_INITIALIZER; @@ -74,7 +74,7 @@ done: spin_unlock(&extra_lock); if (ret) { - for (i = 0; i < sbi_scratch_last_hartid(); i++) { + for (i = 0; i <= sbi_scratch_last_hartid(); i++) { rscratch = sbi_hartid_to_scratch(i); if (!rscratch) continue; -- 2.7.4