|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86/cpuidle: prevent out of bounds array access
On 22/05/15 13:48, Jan Beulich wrote:
> ... resulting from fbeef5570c ("x86/cpuidle: get accurate C0 value with
> xenpm tool").
>
> Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
This appears to fix the issue.
However, looking at the other cases which play the same games, 0 is used
in preference to -1, given a zero last_state. It would seem logical to
follow suit here (although it is just a debugkey so I am not overly fussed).
~Andrew
>
> --- a/xen/arch/x86/acpi/cpu_idle.c
> +++ b/xen/arch/x86/acpi/cpu_idle.c
> @@ -279,7 +279,7 @@ static void print_acpi_power(
> uint64_t usage[ACPI_PROCESSOR_MAX_POWER] = { 0 };
> uint64_t res_tick[ACPI_PROCESSOR_MAX_POWER] = { 0 };
> unsigned int i;
> - u8 last_state_idx;
> + signed int last_state_idx;
>
> printk("==cpu%d==\n", cpu);
> last_state_idx = power->last_state ? power->last_state->idx : -1;
> @@ -298,8 +298,12 @@ static void print_acpi_power(
> last_state_update_tick = power->last_state_update_tick;
> spin_unlock_irq(&power->stat_lock);
>
> - res_tick[last_state_idx] += ticks_elapsed(last_state_update_tick,
> current_tick);
> - usage[last_state_idx]++;
> + if ( last_state_idx >= 0 )
> + {
> + res_tick[last_state_idx] += ticks_elapsed(last_state_update_tick,
> + current_tick);
> + usage[last_state_idx]++;
> + }
>
> for ( i = 1; i < power->count; i++ )
> {
>
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |