forked from Mirrors/opensbi
df75e09956
The parameter checks in aclint_mswi_cold_init() don't guard against a
buffer overrun.
mswi_hartid2data is defined as an array of SBI_HARTMASK_MAX_BITS entries.
The current check allows
mswi->hart_count = ACLINT_MSWI_MAX_HARTS
mswi->first_hartid = SBI_HARTMASK_MAX_BITS - 1.
With these values mswi_hartid2data will be accessed at index
SBI_HARTMASK_MAX_BITS + SBI_HARTMASK_MAX_BITS - 2.
We have to check the sum of mswi->first_hartid and mswi->hart_count.
Furthermore mswi->hart_count = 0 would not make much sense.
Addresses-Coverity-ID: 1529705 ("Out-of-bounds write")
Fixes: 5a049fe1d6 ("lib: utils/ipi: Add ACLINT MSWI library")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
104 lines
2.4 KiB
C
104 lines
2.4 KiB
C
/*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*
|
|
* Copyright (c) 2021 Western Digital Corporation or its affiliates.
|
|
*
|
|
* Authors:
|
|
* Anup Patel <anup.patel@wdc.com>
|
|
*/
|
|
|
|
#include <sbi/riscv_asm.h>
|
|
#include <sbi/riscv_atomic.h>
|
|
#include <sbi/riscv_io.h>
|
|
#include <sbi/sbi_domain.h>
|
|
#include <sbi/sbi_error.h>
|
|
#include <sbi/sbi_hartmask.h>
|
|
#include <sbi/sbi_ipi.h>
|
|
#include <sbi/sbi_timer.h>
|
|
#include <sbi_utils/ipi/aclint_mswi.h>
|
|
|
|
static struct aclint_mswi_data *mswi_hartid2data[SBI_HARTMASK_MAX_BITS];
|
|
|
|
static void mswi_ipi_send(u32 target_hart)
|
|
{
|
|
u32 *msip;
|
|
struct aclint_mswi_data *mswi;
|
|
|
|
if (SBI_HARTMASK_MAX_BITS <= target_hart)
|
|
return;
|
|
mswi = mswi_hartid2data[target_hart];
|
|
if (!mswi)
|
|
return;
|
|
|
|
/* Set ACLINT IPI */
|
|
msip = (void *)mswi->addr;
|
|
writel(1, &msip[target_hart - mswi->first_hartid]);
|
|
}
|
|
|
|
static void mswi_ipi_clear(u32 target_hart)
|
|
{
|
|
u32 *msip;
|
|
struct aclint_mswi_data *mswi;
|
|
|
|
if (SBI_HARTMASK_MAX_BITS <= target_hart)
|
|
return;
|
|
mswi = mswi_hartid2data[target_hart];
|
|
if (!mswi)
|
|
return;
|
|
|
|
/* Clear ACLINT IPI */
|
|
msip = (void *)mswi->addr;
|
|
writel(0, &msip[target_hart - mswi->first_hartid]);
|
|
}
|
|
|
|
static struct sbi_ipi_device aclint_mswi = {
|
|
.name = "aclint-mswi",
|
|
.ipi_send = mswi_ipi_send,
|
|
.ipi_clear = mswi_ipi_clear
|
|
};
|
|
|
|
int aclint_mswi_warm_init(void)
|
|
{
|
|
/* Clear IPI for current HART */
|
|
mswi_ipi_clear(current_hartid());
|
|
|
|
return 0;
|
|
}
|
|
|
|
int aclint_mswi_cold_init(struct aclint_mswi_data *mswi)
|
|
{
|
|
u32 i;
|
|
int rc;
|
|
unsigned long pos, region_size;
|
|
struct sbi_domain_memregion reg;
|
|
|
|
/* Sanity checks */
|
|
if (!mswi || (mswi->addr & (ACLINT_MSWI_ALIGN - 1)) ||
|
|
(mswi->size < (mswi->hart_count * sizeof(u32))) ||
|
|
(mswi->first_hartid + mswi->hart_count > SBI_HARTMASK_MAX_BITS) ||
|
|
(!mswi->hart_count || mswi->hart_count > ACLINT_MSWI_MAX_HARTS))
|
|
return SBI_EINVAL;
|
|
|
|
/* Update MSWI hartid table */
|
|
for (i = 0; i < mswi->hart_count; i++)
|
|
mswi_hartid2data[mswi->first_hartid + i] = mswi;
|
|
|
|
/* Add MSWI regions to the root domain */
|
|
for (pos = 0; pos < mswi->size; pos += ACLINT_MSWI_ALIGN) {
|
|
region_size = ((mswi->size - pos) < ACLINT_MSWI_ALIGN) ?
|
|
(mswi->size - pos) : ACLINT_MSWI_ALIGN;
|
|
sbi_domain_memregion_init(mswi->addr + pos, region_size,
|
|
(SBI_DOMAIN_MEMREGION_MMIO |
|
|
SBI_DOMAIN_MEMREGION_M_READABLE |
|
|
SBI_DOMAIN_MEMREGION_M_WRITABLE),
|
|
®);
|
|
rc = sbi_domain_root_add_memregion(®);
|
|
if (rc)
|
|
return rc;
|
|
}
|
|
|
|
sbi_ipi_set_device(&aclint_mswi);
|
|
|
|
return 0;
|
|
}
|