[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.3] ACPI: Prevent acpi_table_entries from falling into a infinite loop
commit 5074152a3b234696dce1e888ad7c08427f2f0775 Author: Malcolm Crossley <malcolm.crossley@xxxxxxxxxx> AuthorDate: Tue Jun 24 09:47:49 2014 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Jun 24 09:47:49 2014 +0200 ACPI: Prevent acpi_table_entries from falling into a infinite loop If a buggy BIOS programs an ACPI table with to small an entry length then acpi_table_entries gets stuck in an infinite loop. To aid debugging, report the error and exit the loop. Based on Linux kernel commit 369d913b242cae2205471b11b6e33ac368ed33ec Signed-off-by: Malcolm Crossley <malcolm.crossley@xxxxxxxxxx> Use < instead of <= (which I wrongly suggested), return -ENODATA instead of -EINVAL, and make description match code. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 9c1e8cae657bc13e8b1ddeede17603d77f3ad341 master date: 2014-06-04 11:26:15 +0200 --- xen/drivers/acpi/tables.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/xen/drivers/acpi/tables.c b/xen/drivers/acpi/tables.c index 08e8f3b..1beca79 100644 --- a/xen/drivers/acpi/tables.c +++ b/xen/drivers/acpi/tables.c @@ -233,6 +233,12 @@ acpi_table_parse_entries(char *id, while (((unsigned long)entry) + sizeof(struct acpi_subtable_header) < table_end) { + if (entry->length < sizeof(*entry)) { + printk(KERN_ERR PREFIX "[%4.4s:%#x] Invalid length\n", + id, entry_id); + return -ENODATA; + } + if (entry->type == entry_id && (!max_entries || count++ < max_entries)) if (handler(entry, table_end)) -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.3 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |