From eb736a5118b8d271bd649d713b6a058882c8fb7b Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date: Mon, 3 Jul 2023 15:43:18 +0200
Subject: [PATCH] lib: sbi_pmu: Avoid out of bounds access

On a misconfigured system we could access phs->active_events[] out of
bounds. Check that num_hw_ctrs is less or equal SBI_PMU_HW_CTR_MAX.

Addresses-Coverity-ID: 1566113 ("Out-of-bounds read")
Addresses-Coverity-ID: 1566114 ("Out-of-bounds write")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Anup Patel <anup@brainfault.org>
---
 lib/sbi/sbi_pmu.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/sbi/sbi_pmu.c b/lib/sbi/sbi_pmu.c
index c73e6ef..7213a53 100644
--- a/lib/sbi/sbi_pmu.c
+++ b/lib/sbi/sbi_pmu.c
@@ -933,6 +933,8 @@ int sbi_pmu_init(struct sbi_scratch *scratch, bool cold_boot)
 
 		/* mcycle & minstret is available always */
 		num_hw_ctrs = sbi_hart_mhpm_count(scratch) + 3;
+		if (num_hw_ctrs > SBI_PMU_HW_CTR_MAX)
+			return SBI_EINVAL;
 		total_ctrs = num_hw_ctrs + SBI_PMU_FW_CTR_MAX;
 	}