PSCI: fix limit of 256 CPUs caused by cast to unsigned char

In psci_setup.c psci_init_pwr_domain_node() takes an unsigned char as node_idx which limits it to initialising only the first 256 CPUs. As the calling function does not check for a limit of 256 I think this is a bug so change the unsigned char to uint16_t and change the cast from the calling site in populate_power_domain_tree(). Also update the non_cpu_pwr_domain_node structure lock_index to uint16_t and update the function signature for psci_lock_init() appropriately. Finally add a define PSCI_MAX_CPUS_INDEX to psci_private.h and add a CASSERT to psci_setup.c to make sure PLATFORM_CORE_COUNT cannot exceed the index value. Signed-off-by: Graeme Gregory <graeme@nuviainc.com> Change-Id: I9e26842277db7483fd698b46bbac62aa86e71b45
2020-12-02 16:24:32 +00:00 · 2020-12-02 16:24:32 +00:00 · a86865ac42
parent 669ee776cc
commit a86865ac42
2 changed files with 19 additions and 4 deletions
--- a/lib/psci/psci_private.h
+++ b/lib/psci/psci_private.h
@ -42,6 +42,11 @@
 			define_psci_cap(PSCI_SYSTEM_RESET2_AARCH64) |	\
 			define_psci_cap(PSCI_MEM_CHK_RANGE_AARCH64))

+/* Internally PSCI uses a uint16_t for various cpu indexes so
+ * define a limit to number of CPUs that can be initialised.
+ */
+#define PSCI_MAX_CPUS_INDEX	0xFFFFU
+
 /*
 * Helper functions to get/set the fields of PSCI per-cpu data.
 */
@ -134,7 +139,7 @@ typedef struct non_cpu_pwr_domain_node {
 	unsigned char level;

 	/* For indexing the psci_lock array*/
-	unsigned char lock_index;
+	uint16_t lock_index;
 } non_cpu_pd_node_t;

 typedef struct cpu_pwr_domain_node {
@ -239,7 +244,7 @@ static inline void psci_lock_release(non_cpu_pd_node_t *non_cpu_pd_node)
 #endif /* HW_ASSISTED_COHERENCY */

 static inline void psci_lock_init(non_cpu_pd_node_t *non_cpu_pd_node,
-				  unsigned char idx)
+				  uint16_t idx)
 {
 	non_cpu_pd_node[idx].lock_index = idx;
 }
--- a/lib/psci/psci_setup.c
+++ b/lib/psci/psci_setup.c
@ -17,6 +17,12 @@

 #include "psci_private.h"

+/*
+ * Check that PLATFORM_CORE_COUNT fits into the number of cores
+ * that can be represented by PSCI_MAX_CPUS_INDEX.
+ */
+CASSERT(PLATFORM_CORE_COUNT <= (PSCI_MAX_CPUS_INDEX + 1U), assert_psci_cores_overflow);
+
 /*******************************************************************************
 * Per cpu non-secure contexts used to program the architectural state prior
 * return to the normal world.
@ -34,11 +40,13 @@ unsigned int psci_caps;
 * Function which initializes the 'psci_non_cpu_pd_nodes' or the
 * 'psci_cpu_pd_nodes' corresponding to the power level.
 ******************************************************************************/
-static void __init psci_init_pwr_domain_node(unsigned char node_idx,
+static void __init psci_init_pwr_domain_node(uint16_t node_idx,
 					unsigned int parent_idx,
 					unsigned char level)
 {
 	if (level > PSCI_CPU_PWR_LVL) {
+		assert(node_idx < PSCI_NUM_NON_CPU_PWR_DOMAINS);
+
 		psci_non_cpu_pd_nodes[node_idx].level = level;
 		psci_lock_init(psci_non_cpu_pd_nodes, node_idx);
 		psci_non_cpu_pd_nodes[node_idx].parent_node = parent_idx;
@ -47,6 +55,8 @@ static void __init psci_init_pwr_domain_node(unsigned char node_idx,
 	} else {
 		psci_cpu_data_t *svc_cpu_data;

+		assert(node_idx < PLATFORM_CORE_COUNT);
+
 		psci_cpu_pd_nodes[node_idx].parent_node = parent_idx;

 		/* Initialize with an invalid mpidr */
@ -144,7 +154,7 @@ static unsigned int __init populate_power_domain_tree(const unsigned char

 			for (j = node_index;
 				j < (node_index + num_children); j++)
-				psci_init_pwr_domain_node((unsigned char)j,
+				psci_init_pwr_domain_node((uint16_t)j,
 						  parent_node_index - 1U,
 						  (unsigned char)level);