Jan Beulich
2013-Oct-30 14:28 UTC
[PATCH] x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs
Other than for the legacy APIC, the x2APIC MADT entries have valid ranges possibly extending beyond what our internal arrays can handle, and hence we need to guard ourselves against corrupting memory here. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/acpi/boot.c +++ b/xen/arch/x86/acpi/boot.c @@ -97,7 +97,20 @@ acpi_parse_x2apic(struct acpi_subtable_h acpi_table_print_madt_entry(header); - /* Record local apic id only when enabled */ + /* Record local apic id only when enabled and fitting. */ + if (processor->local_apic_id >= MAX_APICS || + processor->uid >= MAX_MADT_ENTRIES) { + printk("%sAPIC ID %#x and/or ACPI ID %#x beyond limit" + " - processor ignored\n", + processor->lapic_flags & ACPI_MADT_ENABLED ? + KERN_WARNING "WARNING: " : KERN_INFO, + processor->local_apic_id, processor->uid); + /* + * Must not return an error here, to prevent + * acpi_table_parse_entries() from terminating early. + */ + return 0 /* -ENOSPC */; + } if (processor->lapic_flags & ACPI_MADT_ENABLED) { x86_acpiid_to_apicid[processor->uid] processor->local_apic_id; _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Keir Fraser
2013-Oct-30 20:38 UTC
Re: [PATCH] x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs
On 30/10/2013 14:28, "Jan Beulich" <JBeulich@suse.com> wrote:> Other than for the legacy APIC, the x2APIC MADT entries have valid > ranges possibly extending beyond what our internal arrays can handle, > and hence we need to guard ourselves against corrupting memory here. > > Signed-off-by: Jan Beulich <jbeulich@suse.com>Reviewed-by: Keir Fraser <keir@xen.org>> --- a/xen/arch/x86/acpi/boot.c > +++ b/xen/arch/x86/acpi/boot.c > @@ -97,7 +97,20 @@ acpi_parse_x2apic(struct acpi_subtable_h > > acpi_table_print_madt_entry(header); > > - /* Record local apic id only when enabled */ > + /* Record local apic id only when enabled and fitting. */ > + if (processor->local_apic_id >= MAX_APICS || > + processor->uid >= MAX_MADT_ENTRIES) { > + printk("%sAPIC ID %#x and/or ACPI ID %#x beyond limit" > + " - processor ignored\n", > + processor->lapic_flags & ACPI_MADT_ENABLED ? > + KERN_WARNING "WARNING: " : KERN_INFO, > + processor->local_apic_id, processor->uid); > + /* > + * Must not return an error here, to prevent > + * acpi_table_parse_entries() from terminating early. > + */ > + return 0 /* -ENOSPC */; > + } > if (processor->lapic_flags & ACPI_MADT_ENABLED) { > x86_acpiid_to_apicid[processor->uid] > processor->local_apic_id; > > >
Apparently Analagous Threads
- [PATCH 1/4] ACPI: eliminate duplicate MADT parsing and unused SBF definitions
- [PATCH 04/11] x86: cleanup mpparse.c
- [PATCH 3/3] x2APIC: improve enabling logic
- [PATCH] Enable the x2APIC enhancement to Xen
- [PATCH] x86, Allow x2apic without IR on VMware platform.