Re: [PATCH] ACPI / CPPC: FIX KASAN global out of bounds warning

[Bjorn Helgaas]

On Mon, Dec 04, 2017 at 02:06:54PM +0000, George Cherian wrote:
> Default value of pcc_subspace_idx is -1.
> Make sure to check pcc_subspace_idx before using the same as array index.
> This will avoid following KASAN warnings too.

> @@ -1172,11 +1174,12 @@ int cppc_set_perf(int cpu, struct cppc_perf_ctrls *perf_ctrls)
>  	struct cppc_pcc_data *pcc_ss_data = pcc_data[pcc_ss_id];

I think you forgot to remove this initialization.  Coverity reported this:

  *** CID 1426090:  Memory - illegal accesses  (REVERSE_NEGATIVE)
  /drivers/acpi/cppc_acpi.c: 1177 in cppc_set_perf()
  1171            struct cpc_desc *cpc_desc = per_cpu(cpc_desc_ptr, cpu);
  1172            struct cpc_register_resource *desired_reg;
  1173            int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu);
  1174            struct cppc_pcc_data *pcc_ss_data = pcc_data[pcc_ss_id];
  1175            int ret = 0;
  1176
  >>>     CID 1426090:  Memory - illegal accesses  (REVERSE_NEGATIVE)
  >>>     You might be using variable "pcc_ss_id" before verifying that it is >= 0.
  1177            if (!cpc_desc || pcc_ss_id < 0) {
  1178                    pr_debug("No CPC descriptor for CPU:%d\n", cpu);
  1179                    return -ENODEV;
  1180            }
  1181
  1182            pcc_ss_data = pcc_data[pcc_ss_id];

>  	int ret = 0;
>  
> -	if (!cpc_desc) {
> +	if (!cpc_desc || pcc_ss_id < 0) {
>  		pr_debug("No CPC descriptor for CPU:%d\n", cpu);
>  		return -ENODEV;
>  	}
>  
> +	pcc_ss_data = pcc_data[pcc_ss_id];
>  	desired_reg = &cpc_desc->cpc_regs[DESIRED_PERF];
>  
>  	/*