[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] XENPF_set_processor_pminfo XEN_PM_CX overflows states array

To: <xen-devel@xxxxxxxxxxxxx>
From: eric <eric.chanudet@xxxxxxxxxx>
Date: Wed, 7 Mar 2012 14:07:21 +0000
Cc: julian.pidancet@xxxxxxxxxxxxx
Delivery-date: Wed, 07 Mar 2012 14:07:57 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Calling XENPF_set_processor_pminfo with XEN_PM_CX could cause states 
array in "struct acpi_processor_power" to exceed its limit.

The array used to be reset (by function cpuidle_init_cpu()) for each 
hypercall. The patch puts it back that way and adds an assertion to make 
it clear in case that happens again.

Signed-off-by: Eric Chanudet <eric.chanudet@xxxxxxxxxxxxx>

diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c
--- a/xen/arch/x86/acpi/cpu_idle.c
+++ b/xen/arch/x86/acpi/cpu_idle.c
@@ -622,19 +622,19 @@ static int cpuidle_init_cpu(int cpu)

         for ( i = 0; i < ACPI_PROCESSOR_MAX_POWER; i++ )
             acpi_power->states[i].idx = i;
-
-        acpi_power->states[ACPI_STATE_C1].type = ACPI_STATE_C1;
-        acpi_power->states[ACPI_STATE_C1].entry_method = ACPI_CSTATE_EM_HALT;
-
-        acpi_power->states[ACPI_STATE_C0].valid = 1;
-        acpi_power->states[ACPI_STATE_C1].valid = 1;
-
-        acpi_power->count = 2;
-        acpi_power->safe_state = &acpi_power->states[ACPI_STATE_C1];
-        acpi_power->cpu = cpu;
         processor_powers[cpu] = acpi_power;
     }

+    acpi_power->states[ACPI_STATE_C1].type = ACPI_STATE_C1;
+    acpi_power->states[ACPI_STATE_C1].entry_method = ACPI_CSTATE_EM_HALT;
+
+    acpi_power->states[ACPI_STATE_C0].valid = 1;
+    acpi_power->states[ACPI_STATE_C1].valid = 1;
+
+    acpi_power->count = 2;
+    acpi_power->safe_state = &acpi_power->states[ACPI_STATE_C1];
+    acpi_power->cpu = cpu;
+
     if ( cpu == 0 )
     {
         if ( boot_cpu_has(X86_FEATURE_NONSTOP_TSC) )
@@ -870,11 +870,10 @@ static void set_cx(

     if ( xen_cx->type == ACPI_STATE_C1 )
         cx = &acpi_power->states[1];
-    else
-        cx = &acpi_power->states[acpi_power->count];
-
-    if ( !cx->valid )
-        acpi_power->count++;
+    else {
+        ASSERT(acpi_power->count < ACPI_PROCESSOR_MAX_POWER);
+        cx = &acpi_power->states[acpi_power->count++];
+    }

     cx->valid    = 1;
     cx->type     = xen_cx->type;

-- 
Eric Chanudet

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] XENPF_set_processor_pminfo XEN_PM_CX overflows states array
  - From: Zhang, Yang Z
- Re: [Xen-devel] [PATCH] XENPF_set_processor_pminfo XEN_PM_CX overflows states array
  - From: Jan Beulich

Prev by Date: [Xen-devel] [PATCH 2 of 2] V2 vpmu: Add the BTS extension
Next by Date: [Xen-devel] [linux test] 12186: regressions - FAIL
Previous by thread: [Xen-devel] [PATCH 2 of 2] V2 vpmu: Add the BTS extension
Next by thread: Re: [Xen-devel] [PATCH] XENPF_set_processor_pminfo XEN_PM_CX overflows states array
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.