[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs



Other than for the legacy APIC, the x2APIC MADT entries have valid
ranges possibly extending beyond what our internal arrays can handle,
and hence we need to guard ourselves against corrupting memory here.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/arch/x86/acpi/boot.c
+++ b/xen/arch/x86/acpi/boot.c
@@ -97,7 +97,20 @@ acpi_parse_x2apic(struct acpi_subtable_h
 
        acpi_table_print_madt_entry(header);
 
-       /* Record local apic id only when enabled */
+       /* Record local apic id only when enabled and fitting. */
+       if (processor->local_apic_id >= MAX_APICS ||
+           processor->uid >= MAX_MADT_ENTRIES) {
+               printk("%sAPIC ID %#x and/or ACPI ID %#x beyond limit"
+                      " - processor ignored\n",
+                      processor->lapic_flags & ACPI_MADT_ENABLED ?
+                               KERN_WARNING "WARNING: " : KERN_INFO,
+                      processor->local_apic_id, processor->uid);
+               /*
+                * Must not return an error here, to prevent
+                * acpi_table_parse_entries() from terminating early.
+                */
+               return 0 /* -ENOSPC */;
+       }
        if (processor->lapic_flags & ACPI_MADT_ENABLED) {
                x86_acpiid_to_apicid[processor->uid] =
                        processor->local_apic_id;



Attachment: x86-too-large-ACPI-ID.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.