riscv: module: Fix out-of-bounds relocation access

[ Upstream commit 0b4cce68efb93e31a8e51795d696df6e379cb41c ] The current code allows rel[j] to access one element past the end of the relocation section. Simplify to num_relocations which is equivalent to the existing size expression. Fixes: 080c4324fa5e ("riscv: optimize ELF relocation function in riscv") Signed-off-by: Samuel Holland <samuel.holland@sifive.com> Reviewed-by: Maxim Kochetkov <fido_max@inbox.ru> Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com> Link: https://lore.kernel.org/r/20250409171526.862481-1-samuel.holland@sifive.com Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Samuel Holland <samuel.holland@sifive.com> 2025-04-09 10:14:49 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-04-25 10:50:58 +0200
commit: 95e4e1c1cf614d125f159db9726b7abb32e18385 (patch)
tree: 9ef66948f4b6403441aa0c1b42bea7271164563b
parent: 78ffe2735e6c509a066621f6abba0b5d71cb06f9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
index 0ae34d79b87b..7f6147c18033 100644
--- a/arch/riscv/kernel/module.c
+++ b/arch/riscv/kernel/module.c
@@ -860,7 +860,7 @@ int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab,
 				}
 
 				j++;
-				if (j > sechdrs[relsec].sh_size / sizeof(*rel))
+				if (j == num_relocations)
 					j = 0;
 
 			} while (j_idx != j);
author	Samuel Holland <samuel.holland@sifive.com>	2025-04-09 10:14:49 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-04-25 10:50:58 +0200
commit	95e4e1c1cf614d125f159db9726b7abb32e18385 (patch)
tree	9ef66948f4b6403441aa0c1b42bea7271164563b
parent	78ffe2735e6c509a066621f6abba0b5d71cb06f9 (diff)