[coreboot-gerrit] Patch set updated for coreboot: a7f039b cpu/intel: Propagate out-of-bounds array partial fix from Haswell

Edward O'Callaghan (eocallaghan@alterapraxis.com) gerrit at coreboot.org
Sun Aug 3 12:38:19 CEST 2014


Edward O'Callaghan (eocallaghan at alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6478

-gerrit

commit a7f039bd8f944bd1362c537c03b06dc1629fdaf6
Author: Edward O'Callaghan <eocallaghan at alterapraxis.com>
Date:   Sun Aug 3 20:00:47 2014 +1000

    cpu/intel: Propagate out-of-bounds array partial fix from Haswell
    
    If power_limit_1_time > 129 is false then power_limit_1_time can have a
    value of up to 129 leading to an out-of-bounds illegal read indexing the
    power_limit_time_sec_to_msr[] array. Thankfully all call sites have been
    doing the right thing up until now so the issue has not been visible.
    
    Change-Id: Ic029d1af7fe43ca7da271043c2b08fe3088714af
    Found-by: Coverity Scan
    Signed-off-by: Edward O'Callaghan <eocallaghan at alterapraxis.com>
---
 src/cpu/intel/fsp_model_206ax/model_206ax_init.c | 4 ++--
 src/cpu/intel/haswell/haswell_init.c             | 2 +-
 src/cpu/intel/model_206ax/model_206ax_init.c     | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/cpu/intel/fsp_model_206ax/model_206ax_init.c b/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
index c2f9f19..8e67143 100644
--- a/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
+++ b/src/cpu/intel/fsp_model_206ax/model_206ax_init.c
@@ -156,8 +156,8 @@ void set_power_limits(u8 power_limit_1_time)
 	unsigned tdp, min_power, max_power, max_time;
 	u8 power_limit_1_val;
 
-	if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
-		return;
+	if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
+		power_limit_1_time = 28;
 
 	if (!(msr.lo & PLATFORM_INFO_SET_TDP))
 		return;
diff --git a/src/cpu/intel/haswell/haswell_init.c b/src/cpu/intel/haswell/haswell_init.c
index 043ba3a..5b01258 100644
--- a/src/cpu/intel/haswell/haswell_init.c
+++ b/src/cpu/intel/haswell/haswell_init.c
@@ -463,7 +463,7 @@ void set_power_limits(u8 power_limit_1_time)
 	unsigned tdp, min_power, max_power, max_time;
 	u8 power_limit_1_val;
 
-	if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
+	if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
 		power_limit_1_time = 28;
 
 	if (!(msr.lo & PLATFORM_INFO_SET_TDP))
diff --git a/src/cpu/intel/model_206ax/model_206ax_init.c b/src/cpu/intel/model_206ax/model_206ax_init.c
index 4e56414..eb5ab64 100644
--- a/src/cpu/intel/model_206ax/model_206ax_init.c
+++ b/src/cpu/intel/model_206ax/model_206ax_init.c
@@ -247,8 +247,8 @@ void set_power_limits(u8 power_limit_1_time)
 	unsigned tdp, min_power, max_power, max_time;
 	u8 power_limit_1_val;
 
-	if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
-		return;
+	if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
+		power_limit_1_time = 28;
 
 	if (!(msr.lo & PLATFORM_INFO_SET_TDP))
 		return;



More information about the coreboot-gerrit mailing list