[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs
On 30/10/2013 14:28, "Jan Beulich" <JBeulich@xxxxxxxx> wrote: > Other than for the legacy APIC, the x2APIC MADT entries have valid > ranges possibly extending beyond what our internal arrays can handle, > and hence we need to guard ourselves against corrupting memory here. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Keir Fraser <keir@xxxxxxx> > --- a/xen/arch/x86/acpi/boot.c > +++ b/xen/arch/x86/acpi/boot.c > @@ -97,7 +97,20 @@ acpi_parse_x2apic(struct acpi_subtable_h > > acpi_table_print_madt_entry(header); > > - /* Record local apic id only when enabled */ > + /* Record local apic id only when enabled and fitting. */ > + if (processor->local_apic_id >= MAX_APICS || > + processor->uid >= MAX_MADT_ENTRIES) { > + printk("%sAPIC ID %#x and/or ACPI ID %#x beyond limit" > + " - processor ignored\n", > + processor->lapic_flags & ACPI_MADT_ENABLED ? > + KERN_WARNING "WARNING: " : KERN_INFO, > + processor->local_apic_id, processor->uid); > + /* > + * Must not return an error here, to prevent > + * acpi_table_parse_entries() from terminating early. > + */ > + return 0 /* -ENOSPC */; > + } > if (processor->lapic_flags & ACPI_MADT_ENABLED) { > x86_acpiid_to_apicid[processor->uid] = > processor->local_apic_id; > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |