[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.2] x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Fri, 15 Nov 2013 22:23:05 +0000
Delivery-date: Fri, 15 Nov 2013 22:23:09 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 478a05ca4ebd3c22aa538dd17bea3d52090b8eba
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Fri Nov 15 11:37:39 2013 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Nov 15 11:37:39 2013 +0100

    x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs
    
    Other than for the legacy APIC, the x2APIC MADT entries have valid
    ranges possibly extending beyond what our internal arrays can handle,
    and hence we need to guard ourselves against corrupting memory here.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Keir Fraser <keir@xxxxxxx>
    master commit: 2c24cdcce3269f3286790c63821951a1de93c66a
    master date: 2013-11-04 10:10:04 +0100
---
 xen/arch/x86/acpi/boot.c |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/xen/arch/x86/acpi/boot.c b/xen/arch/x86/acpi/boot.c
index 57f2baf..02b983f 100644
--- a/xen/arch/x86/acpi/boot.c
+++ b/xen/arch/x86/acpi/boot.c
@@ -96,7 +96,20 @@ acpi_parse_x2apic(struct acpi_subtable_header *header, const 
unsigned long end)
 
        acpi_table_print_madt_entry(header);
 
-       /* Record local apic id only when enabled */
+       /* Record local apic id only when enabled and fitting. */
+       if (processor->local_apic_id >= MAX_APICS ||
+           processor->uid >= MAX_MADT_ENTRIES) {
+               printk("%sAPIC ID %#x and/or ACPI ID %#x beyond limit"
+                      " - processor ignored\n",
+                      processor->lapic_flags & ACPI_MADT_ENABLED ?
+                               KERN_WARNING "WARNING: " : KERN_INFO,
+                      processor->local_apic_id, processor->uid);
+               /*
+                * Must not return an error here, to prevent
+                * acpi_table_parse_entries() from terminating early.
+                */
+               return 0 /* -ENOSPC */;
+       }
        if (processor->lapic_flags & ACPI_MADT_ENABLED) {
                x86_acpiid_to_apicid[processor->uid] =
                        processor->local_apic_id;
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.2

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen stable-4.2] x86: refine address validity checks before accessing page tables
Next by Date: [Xen-changelog] [xen stable-4.2] x86/HVM: 32-bit IN result must be zero-extended to 64 bits
Previous by thread: [Xen-changelog] [xen stable-4.2] x86: refine address validity checks before accessing page tables
Next by thread: [Xen-changelog] [xen stable-4.2] x86/HVM: 32-bit IN result must be zero-extended to 64 bits
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.