MIPS: GIC: Prevent array overrun

A GIC interrupt which is declared as having a GIC_MAP_TO_NMI_MSK
mapping causes the cpu parameter to gic_setup_intr() to be increased
to 32, causing memory corruption when pcpu_masks[] is written to again
later in the function.

Signed-off-by: Jeffrey Deans <jeffrey.deans@imgtec.com>
Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: stable@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/7375/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

diff --git a/arch/mips/kernel/irq-gic.c b/arch/mips/kernel/irq-gic.c
index 88e4c323382c14fadd228db1fc5c6f7476d5c55c..d5e59b8f4863a90ff8a45913b4175934265a5c98 100644 (file)
--- a/arch/mips/kernel/irq-gic.c
+++ b/arch/mips/kernel/irq-gic.c
@@ -269,11 +269,13 @@ static void __init gic_setup_intr(unsigned int intr, unsigned int cpu,
 
        /* Setup Intr to Pin mapping */
        if (pin & GIC_MAP_TO_NMI_MSK) {
+               int i;
+
                GICWRITE(GIC_REG_ADDR(SHARED, GIC_SH_MAP_TO_PIN(intr)), pin);
                /* FIXME: hack to route NMI to all cpu's */
-               for (cpu = 0; cpu < NR_CPUS; cpu += 32) {
+               for (i = 0; i < NR_CPUS; i += 32) {
                        GICWRITE(GIC_REG_ADDR(SHARED,
-                                         GIC_SH_MAP_TO_VPE_REG_OFF(intr, cpu)),
+                                         GIC_SH_MAP_TO_VPE_REG_OFF(intr, i)),
                                 0xffffffff);
                }
        } else {