Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ef5102a0 authored by Russell King (Oracle)'s avatar Russell King (Oracle) Committed by Greg Kroah-Hartman
Browse files

ARM: findbit: fix overflowing offset 



[ Upstream commit ec85bd369fd2bfaed6f45dd678706429d4f75b48 ]

When offset is larger than the size of the bit array, we should not
attempt to access the array as we can perform an access beyond the
end of the array. Fix this by changing the pre-condition.

Using "cmp r2, r1; bhs ..." covers us for the size == 0 case, since
this will always take the branch when r1 is zero, irrespective of
the value of r2. This means we can fix this bug without adding any
additional code!

Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
Signed-off-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent c7835f93

arch/arm/lib/findbit.S

+8 −8
Original line number Original line Diff line number Diff line
@@ -40,8 +40,8 @@ ENDPROC(_find_first_zero_bit_le) 
 * Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset)

 * Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset)

 */

 */

ENTRY(_find_next_zero_bit_le)

ENTRY(_find_next_zero_bit_le)

		teq	r1, #0

		cmp	r2, r1

		beq	3b

		bhs	3b

		ands	ip, r2, #7

		ands	ip, r2, #7

		beq	1b			@ If new byte, goto old routine

		beq	1b			@ If new byte, goto old routine

 ARM(		ldrb	r3, [r0, r2, lsr #3]	)

 ARM(		ldrb	r3, [r0, r2, lsr #3]	)
@@ -81,8 +81,8 @@ ENDPROC(_find_first_bit_le) 
 * Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset)

 * Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset)

 */

 */

ENTRY(_find_next_bit_le)

ENTRY(_find_next_bit_le)

		teq	r1, #0

		cmp	r2, r1

		beq	3b

		bhs	3b

		ands	ip, r2, #7

		ands	ip, r2, #7

		beq	1b			@ If new byte, goto old routine

		beq	1b			@ If new byte, goto old routine

 ARM(		ldrb	r3, [r0, r2, lsr #3]	)

 ARM(		ldrb	r3, [r0, r2, lsr #3]	)
@@ -115,8 +115,8 @@ ENTRY(_find_first_zero_bit_be) 
ENDPROC(_find_first_zero_bit_be)

ENDPROC(_find_first_zero_bit_be)





ENTRY(_find_next_zero_bit_be)

ENTRY(_find_next_zero_bit_be)

		teq	r1, #0

		cmp	r2, r1

		beq	3b

		bhs	3b

		ands	ip, r2, #7

		ands	ip, r2, #7

		beq	1b			@ If new byte, goto old routine

		beq	1b			@ If new byte, goto old routine

		eor	r3, r2, #0x18		@ big endian byte ordering

		eor	r3, r2, #0x18		@ big endian byte ordering
@@ -149,8 +149,8 @@ ENTRY(_find_first_bit_be) 
ENDPROC(_find_first_bit_be)

ENDPROC(_find_first_bit_be)





ENTRY(_find_next_bit_be)

ENTRY(_find_next_bit_be)

		teq	r1, #0

		cmp	r2, r1

		beq	3b

		bhs	3b

		ands	ip, r2, #7

		ands	ip, r2, #7

		beq	1b			@ If new byte, goto old routine

		beq	1b			@ If new byte, goto old routine

		eor	r3, r2, #0x18		@ big endian byte ordering

		eor	r3, r2, #0x18		@ big endian byte ordering