In drivers/pci/dmar.c::dmar_get_fault_reason() we have 7 entries in the intr_remap_fault_reasons array and then this code: ... if (fault_reason >= 0x20 && (fault_reason <= 0x20 + ARRAY_SIZE(intr_remap_fault_reasons))) { *fault_type = INTR_REMAP; return intr_remap_fault_reasons[fault_reason - 0x20]; ... This ends up allowing array index values of 0-7 (both inclusive). A value of 7 indexes 1 past the end of the array, so I believe the code should be this instead: ... if (fault_reason >= 0x20 && (fault_reason <= 0x20 + ARRAY_SIZE(intr_remap_fault_reasons) - 1)) { *fault_type = INTR_REMAP; return intr_remap_fault_reasons[fault_reason - 0x20]; ... Which only allows the actually legal values 0-6. The patch below makes that change and also (while I was there) removes the completely unused #define MAX_FAULT_REASON_IDX . Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx> --- dmar.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/pci/dmar.c b/drivers/pci/dmar.c index 09933eb..10ff0a5 100644 --- a/drivers/pci/dmar.c +++ b/drivers/pci/dmar.c @@ -1207,12 +1207,10 @@ static const char *intr_remap_fault_reasons[] = "Blocked an interrupt request due to source-id verification failure", }; -#define MAX_FAULT_REASON_IDX (ARRAY_SIZE(fault_reason_strings) - 1) - const char *dmar_get_fault_reason(u8 fault_reason, int *fault_type) { if (fault_reason >= 0x20 && (fault_reason <= 0x20 + - ARRAY_SIZE(intr_remap_fault_reasons))) { + ARRAY_SIZE(intr_remap_fault_reasons) - 1)) { *fault_type = INTR_REMAP; return intr_remap_fault_reasons[fault_reason - 0x20]; } else if (fault_reason < ARRAY_SIZE(dma_remap_fault_reasons)) { -- Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/ Don't top-post http://www.catb.org/jargon/html/T/top-post.html Plain text mails only, please. -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html