powerpc/cell/OProfile: Fix on-stack array size in activate spu profiling function

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The size of the pm_signal_local array should be equal to the
number of SPUs being configured in the array. Currently, the
array is of size 4 (NR_PHYS_CTRS) but being indexed by a for
loop from 0 to 7 (NUM_SPUS_PER_NODE). This could potentially
cause an oops or random memory corruption since the pm_signal_local
array is on the stack. This fixes it.

Signed-off-by: Carl Love <carll@us.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

authored by

Carl Love and committed by

Paul Mackerras 17 years ago 210434d7 3c10c9c4

+10 -3

1 changed file

expand all

arch

powerpc

oprofile

op_model_cell.c

+10 -3

arch/powerpc/oprofile/op_model_cell.c

··· 582 582 583 583 num_counters = num_ctrs; 584 584 585 + if (unlikely(num_ctrs > NR_PHYS_CTRS)) { 586 + printk(KERN_ERR 587 + "%s: Oprofile, number of specified events " \ 588 + "exceeds number of physical counters\n", 589 + __func__); 590 + return -EIO; 591 + } 585 592 pm_regs.group_control = 0; 586 593 pm_regs.debug_bus_control = 0; 587 594 ··· 837 830 static int pm_rtas_activate_spu_profiling(u32 node) 838 831 { 839 832 int ret, i; 840 - struct pm_signal pm_signal_local[NR_PHYS_CTRS]; 833 + struct pm_signal pm_signal_local[NUM_SPUS_PER_NODE]; 841 834 842 835 /* 843 836 * Set up the rtas call to configure the debug bus to 844 837 * route the SPU PCs. Setup the pm_signal for each SPU 845 838 */ 846 - for (i = 0; i < NUM_SPUS_PER_NODE; i++) { 839 + for (i = 0; i < ARRAY_SIZE(pm_signal_local); i++) { 847 840 pm_signal_local[i].cpu = node; 848 841 pm_signal_local[i].signal_group = 41; 849 842 /* spu i on word (i/2) */ ··· 855 848 856 849 ret = rtas_ibm_cbe_perftools(SUBFUNC_ACTIVATE, 857 850 PASSTHRU_ENABLE, pm_signal_local, 858 - (NUM_SPUS_PER_NODE 851 + (ARRAY_SIZE(pm_signal_local) 859 852 * sizeof(struct pm_signal))); 860 853 861 854 if (unlikely(ret)) {