[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/cpuidle: prevent out of bounds array access



On 22/05/15 13:48, Jan Beulich wrote:
> ... resulting from fbeef5570c ("x86/cpuidle: get accurate C0 value with
> xenpm tool").
>
> Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

This appears to fix the issue.

However, looking at the other cases which play the same games, 0 is used
in preference to -1, given a zero last_state.  It would seem logical to
follow suit here (although it is just a debugkey so I am not overly fussed).

~Andrew

>
> --- a/xen/arch/x86/acpi/cpu_idle.c
> +++ b/xen/arch/x86/acpi/cpu_idle.c
> @@ -279,7 +279,7 @@ static void print_acpi_power(
>      uint64_t usage[ACPI_PROCESSOR_MAX_POWER] = { 0 };
>      uint64_t res_tick[ACPI_PROCESSOR_MAX_POWER] = { 0 };
>      unsigned int i;
> -    u8 last_state_idx;
> +    signed int last_state_idx;
>  
>      printk("==cpu%d==\n", cpu);
>      last_state_idx = power->last_state ? power->last_state->idx : -1;
> @@ -298,8 +298,12 @@ static void print_acpi_power(
>      last_state_update_tick = power->last_state_update_tick;
>      spin_unlock_irq(&power->stat_lock);
>  
> -    res_tick[last_state_idx] += ticks_elapsed(last_state_update_tick, 
> current_tick);
> -    usage[last_state_idx]++;
> +    if ( last_state_idx >= 0 )
> +    {
> +        res_tick[last_state_idx] += ticks_elapsed(last_state_update_tick,
> +                                                  current_tick);
> +        usage[last_state_idx]++;
> +    }
>  
>      for ( i = 1; i < power->count; i++ )
>      {
>
>
>


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.