Andrew Cooper
2013-Sep-09 19:36 UTC
[PATCH] x86/ioapic: Avoid trying to access the -1th ioapic.
Discovered by Coverity, CID 1055743 Depending on the contents of the mp_irqs/mp_ioapics from the MP table, find_isa_irq_apic() might return -1, at which point calling ioapic_read_entry() with it is bad. In addition to bailing if pin is -1, bail if apic is -1. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Keir Fraser <keir@xen.org> CC: Jan Beulich <JBeulich@suse.com> --- xen/arch/x86/io_apic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 048c61c..5512cd5 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -1828,7 +1828,7 @@ static void __init unlock_ExtINT_logic(void) pin = find_isa_irq_pin(8, mp_INT); apic = find_isa_irq_apic(8, mp_INT); - if (pin == -1) + if ( pin == -1 || apic == -1 ) return; entry0 = ioapic_read_entry(apic, pin, 0); -- 1.7.10.4
Keir Fraser
2013-Sep-09 19:43 UTC
Re: [PATCH] x86/ioapic: Avoid trying to access the -1th ioapic.
On 09/09/2013 12:36, "Andrew Cooper" <andrew.cooper3@citrix.com> wrote:> Discovered by Coverity, CID 1055743 > > Depending on the contents of the mp_irqs/mp_ioapics from the MP table, > find_isa_irq_apic() might return -1, at which point calling > ioapic_read_entry() with it is bad. > > In addition to bailing if pin is -1, bail if apic is -1. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> > CC: Keir Fraser <keir@xen.org> > CC: Jan Beulich <JBeulich@suse.com>Acked-by: Keir Fraser <keir@xen.org>> --- > xen/arch/x86/io_apic.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c > index 048c61c..5512cd5 100644 > --- a/xen/arch/x86/io_apic.c > +++ b/xen/arch/x86/io_apic.c > @@ -1828,7 +1828,7 @@ static void __init unlock_ExtINT_logic(void) > > pin = find_isa_irq_pin(8, mp_INT); > apic = find_isa_irq_apic(8, mp_INT); > - if (pin == -1) > + if ( pin == -1 || apic == -1 ) > return; > > entry0 = ioapic_read_entry(apic, pin, 0);