From 1da3d80b5bc074fce077adc47c97f3179c0addd9 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Sat, 5 Jun 2021 14:22:43 +0200
Subject: lib: sbi_scratch: zero out scratch memory on all harts

In sbi_scratch_init() we determine the last hart. The index of the last
hart cannot exceed SBI_HARTMASK_MAX_BITS - 1. We should not initialize
last_hartid_having_scratch to a higher number to avoid buffer overflows
when using this value before calling sbi_scratch_init().

When allocating scratch memory in sbi_scratch_alloc_offset() we zero out
the allocated memory for all harts except for the last one. We should not
skip the last hart.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Anup Patel <anup.patel@wdc.com>
---
 lib/sbi/sbi_scratch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/sbi/sbi_scratch.c b/lib/sbi/sbi_scratch.c
index 7cf5b43..87b34c6 100644
--- a/lib/sbi/sbi_scratch.c
+++ b/lib/sbi/sbi_scratch.c
@@ -14,7 +14,7 @@
 #include <sbi/sbi_scratch.h>
 #include <sbi/sbi_string.h>
 
-u32 last_hartid_having_scratch = SBI_HARTMASK_MAX_BITS;
+u32 last_hartid_having_scratch = SBI_HARTMASK_MAX_BITS - 1;
 struct sbi_scratch *hartid_to_scratch_table[SBI_HARTMASK_MAX_BITS] = { 0 };
 
 static spinlock_t extra_lock = SPIN_LOCK_INITIALIZER;
@@ -74,7 +74,7 @@ done:
 	spin_unlock(&extra_lock);
 
 	if (ret) {
-		for (i = 0; i < sbi_scratch_last_hartid(); i++) {
+		for (i = 0; i <= sbi_scratch_last_hartid(); i++) {
 			rscratch = sbi_hartid_to_scratch(i);
 			if (!rscratch)
 				continue;
-- 
cgit v1.2.3