IB/hfi1: Ensure dd->gi_mask can not be overflowed
authorDennis Dalessandro <dennis.dalessandro@intel.com>
Tue, 30 May 2017 00:18:14 +0000 (17:18 -0700)
committerDoug Ledford <dledford@redhat.com>
Mon, 17 Jul 2017 15:39:45 +0000 (11:39 -0400)
As the code stands today the array access in remap_intr() is OK. To
future proof the code though we should explicitly check to ensure the
index value is not outside of the valid range. This is not a straight
forward calculation so err on the side of caution.

Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/infiniband/hw/hfi1/chip.c

index 2ba00b8..94b5485 100644 (file)
@@ -12847,7 +12847,12 @@ static void remap_intr(struct hfi1_devdata *dd, int isrc, int msix_intr)
        /* clear from the handled mask of the general interrupt */
        m = isrc / 64;
        n = isrc % 64;
-       dd->gi_mask[m] &= ~((u64)1 << n);
+       if (likely(m < CCE_NUM_INT_CSRS)) {
+               dd->gi_mask[m] &= ~((u64)1 << n);
+       } else {
+               dd_dev_err(dd, "remap interrupt err\n");
+               return;
+       }
 
        /* direct the chip source to the given MSI-X interrupt */
        m = isrc / 8;