[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Tue, 05 Nov 2013 10:33:14 +0000
Delivery-date: Tue, 05 Nov 2013 10:33:36 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 2c24cdcce3269f3286790c63821951a1de93c66a
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Mon Nov 4 10:10:04 2013 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Nov 4 10:10:04 2013 +0100

    x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs
    
    Other than for the legacy APIC, the x2APIC MADT entries have valid
    ranges possibly extending beyond what our internal arrays can handle,
    and hence we need to guard ourselves against corrupting memory here.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Keir Fraser <keir@xxxxxxx>
---
 xen/arch/x86/acpi/boot.c |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c
index 0e1d570..df26423 100644
--- a/xen/arch/x86/acpi/boot.c
+++ b/xen/arch/x86/acpi/boot.c
@@ -97,7 +97,20 @@ acpi_parse_x2apic(struct acpi_subtable_header *header, const 
unsigned long end)
 
        acpi_table_print_madt_entry(header);
 
-       /* Record local apic id only when enabled */
+       /* Record local apic id only when enabled and fitting. */
+       if (processor->local_apic_id >= MAX_APICS ||
+           processor->uid >= MAX_MADT_ENTRIES) {
+               printk("%sAPIC ID %#x and/or ACPI ID %#x beyond limit"
+                      " - processor ignored\n",
+                      processor->lapic_flags & ACPI_MADT_ENABLED ?
+                               KERN_WARNING "WARNING: " : KERN_INFO,
+                      processor->local_apic_id, processor->uid);
+               /*
+                * Must not return an error here, to prevent
+                * acpi_table_parse_entries() from terminating early.
+                */
+               return 0 /* -ENOSPC */;
+       }
        if (processor->lapic_flags & ACPI_MADT_ENABLED) {
                x86_acpiid_to_apicid[processor->uid] =
                        processor->local_apic_id;
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen master] gnttab: correct locking order reversal
Next by Date: [Xen-changelog] [xen master] x86/ats: Fix parsing of 'ats' command line option
Previous by thread: [Xen-changelog] [xen master] gnttab: correct locking order reversal
Next by thread: [Xen-changelog] [xen master] x86/ats: Fix parsing of 'ats' command line option
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.