[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] AMD IOMMU: add missing checks

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Sun, 08 Sep 2013 15:25:59 +0000
Delivery-date: Sun, 08 Sep 2013 15:26:04 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 3785d30efe8264b899499e0883b10cc434bd0959
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Aug 29 09:31:37 2013 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Aug 29 09:31:37 2013 +0200

    AMD IOMMU: add missing checks
    
    For one we shouldn't accept IVHD tables specifying IO-APIC IDs beyond
    the limit we support (MAX_IO_APICS, currently 128).
    
    And then we shouldn't memset() a pointer allocation of which failed.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Suravee Suthikulpanit <suravee.suthikulapanit@xxxxxxx>
---
 xen/drivers/passthrough/amd/iommu_acpi.c |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c 
b/xen/drivers/passthrough/amd/iommu_acpi.c
index 6f270b8..c903f93 100644
--- a/xen/drivers/passthrough/amd/iommu_acpi.c
+++ b/xen/drivers/passthrough/amd/iommu_acpi.c
@@ -674,6 +674,13 @@ static u16 __init parse_ivhd_device_special(
             if ( IO_APIC_ID(apic) != special->handle )
                 continue;
 
+            if ( special->handle >= ARRAY_SIZE(ioapic_sbdf) )
+            {
+                printk(XENLOG_ERR "IVHD Error: IO-APIC %#x entry beyond 
bounds\n",
+                       special->handle);
+                return 0;
+            }
+
             if ( ioapic_sbdf[special->handle].pin_2_idx )
             {
                 if ( ioapic_sbdf[special->handle].bdf == bdf &&
@@ -943,13 +950,14 @@ static int __init parse_ivrs_table(struct 
acpi_table_header *table)
         {
             ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx = xmalloc_array(
                 u16, nr_ioapic_entries[apic]);
-            if ( !ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx )
+            if ( ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx )
+                memset(ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx, -1,
+                       nr_ioapic_entries[apic] * 
sizeof(*ioapic_sbdf->pin_2_idx));
+            else
             {
                 printk(XENLOG_ERR "IVHD Error: Out of memory\n");
                 error = -ENOMEM;
             }
-            memset(ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx, -1,
-                   nr_ioapic_entries[apic] * sizeof(*ioapic_sbdf->pin_2_idx));
         }
     }
 
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen master] x86: AVX instruction emulation fixes
Next by Date: [Xen-changelog] [xen master] AMD IOMMU: allow command line overrides for broken IVRS tables
Previous by thread: [Xen-changelog] [xen master] x86: AVX instruction emulation fixes
Next by thread: [Xen-changelog] [xen master] AMD IOMMU: allow command line overrides for broken IVRS tables
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.