[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] ACPI: Prevent acpi_table_entries from falling into a infinite loop

If a buggy BIOS programs an ACPI table with entry length 0 then
acpi_table_entries gets stuck in an infinite loop.

To aid debugging, report the error and exit the loop.

Signed-off-by: Malcolm Crossley <malcolm.crossley@xxxxxxxxxx>

diff -r 4708591d8aa8 -r af3b2493951c xen/drivers/acpi/tables.c
--- a/xen/drivers/acpi/tables.c
+++ b/xen/drivers/acpi/tables.c
@@ -238,6 +238,12 @@ acpi_table_parse_entries(char *id,
                        if (handler(entry, table_end))
                                return -EINVAL;
 
+               if (entry->length == 0) {
+                       printk(KERN_ERR PREFIX "[%4.4s:0x%02x] Invalid zero 
length\n",
+                              id, entry_id);
+                       return -EINVAL;
+               }
+
                entry = (struct acpi_subtable_header *)
                    ((unsigned long)entry + entry->length);
        }

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.