drivers/gicv3: fix potential GICD context override with ESPI enabled

RESTORE/SAVE_GICD_EREGS uses (int_id - (MIN_ESPI_ID - MIN_SPI_ID)) to get the context array index for ESPI, which will override the space of standard SPI starting from (MIN_SPI_ID + MIN_SPI_ID). However, using TOTAL_SPI_INTR_NUM to replace the above MIN_SPI_ID cannot totally fix the issue, for TOTAL_SPI_INTR_NUM is not well aligned and the array index will be rounded down by the shifting operation if being shifted more than 2 bits. It will cause buffer override again when the existing maximum SPI reaches 1019. So round up TOTAL_SPI_INTR_NUM with (1 << REG##R_SHIFT) for GICD context arrays. Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com> Change-Id: I5be2837c42f381a62f8d46a4ecd778009b1fe059
2021-01-14 22:16:18 +08:00 · 2021-01-14 22:16:18 +08:00 · deb18901d1
parent 60cd8030bf
commit deb18901d1
1 changed files with 4 additions and 2 deletions
--- a/drivers/arm/gic/v3/gicv3_main.c
+++ b/drivers/arm/gic/v3/gicv3_main.c
@ -70,7 +70,8 @@ static bool is_sgi_ppi(unsigned int id);
 		for (unsigned int int_id = MIN_ESPI_ID; int_id < (intr_num);\
 				int_id += (1U << REG##R_SHIFT)) {	\
 			gicd_write_##reg((base), int_id,		\
-			(ctx)->gicd_##reg[(int_id - (MIN_ESPI_ID - MIN_SPI_ID))\
+			(ctx)->gicd_##reg[(int_id - (MIN_ESPI_ID -	\
+			round_up(TOTAL_SPI_INTR_NUM, 1U << REG##R_SHIFT)))\
 						>> REG##R_SHIFT]);	\
 		}							\
 	} while (false)
@ -79,7 +80,8 @@ static bool is_sgi_ppi(unsigned int id);
 	do {								\
 		for (unsigned int int_id = MIN_ESPI_ID; int_id < (intr_num);\
 				int_id += (1U << REG##R_SHIFT)) {	\
-			(ctx)->gicd_##reg[(int_id - (MIN_ESPI_ID - MIN_SPI_ID))\
+			(ctx)->gicd_##reg[(int_id - (MIN_ESPI_ID -	\
+			round_up(TOTAL_SPI_INTR_NUM, 1U << REG##R_SHIFT)))\
 			>> REG##R_SHIFT] = gicd_read_##reg((base), int_id);\
 		}							\
 	} while (false)