On Mon, Jan 18, 2016 at 10:25:35AM +0800, Nicolas Boichat wrote:

On Fri, Jan 15, 2016 at 11:20 PM, Javi Merino [off-list ref] wrote:

quoted

Eduardo, Rui,

On Tue, Jan 05, 2016 at 07:19:25PM +0000, Javi Merino wrote:

quoted

On Mon, Dec 21, 2015 at 08:49:40AM +0530, Viresh Kumar wrote:

quoted

On 19-12-15, 12:54, Javi Merino wrote:

quoted

In __cpufreq_cooling_register() we allocate the arrays for time_in_idle
and time_in_idle_timestamp to be as big as the number of cpus in this
cpufreq device.  However, in get_load() we access this array using the
cpu number as index, which can result in an out of bound access.

Index time_in_idle{,_timestamp} using the index in the cpufreq_device's
allowed_cpus mask, as we do for the load_cpu array in
cpufreq_get_requested_power()

Reported-by: Nicolas Boichat <redacted>
Cc: Amit Daniel Kachhap <amit.kachhap@gmail.com>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Zhang Rui <rui.zhang@intel.com>
Cc: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Javi Merino <redacted>
---
 drivers/thermal/cpu_cooling.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

Acked-by: Viresh Kumar <viresh.kumar@linaro.org>

If there are no more objections, can you pick this up?

Another gentle ping, can this be merged?

Tested-by: Nicolas Boichat <redacted>

Eduardo, Rui,

This has been in the list for more than a month now.  It fixes an out
of bounds access.  It has been acked by Viresh (comaintainer of
cpu_cooling) and has been tested by Nicolas.  Can you guys merge it
please?

Cheers,
Javi