From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH] ACPI: Prevent acpi_table_entries from falling into a infinite loop Date: Tue, 3 Jun 2014 15:54:57 +0100 Message-ID: <538DE1C1.7090503@citrix.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Malcolm Crossley Cc: JBeulich@suse.com, xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 03/06/14 15:51, Malcolm Crossley wrote: > If a buggy BIOS programs an ACPI table with entry length 0 then > acpi_table_entries gets stuck in an infinite loop. > > To aid debugging, report the error and exit the loop. > > Signed-off-by: Malcolm Crossley Could you put a reference to the Linux commit in the message? Reviewed-by: Andrew Cooper > > diff -r 4708591d8aa8 -r af3b2493951c xen/drivers/acpi/tables.c > --- a/xen/drivers/acpi/tables.c > +++ b/xen/drivers/acpi/tables.c > @@ -238,6 +238,12 @@ acpi_table_parse_entries(char *id, > if (handler(entry, table_end)) > return -EINVAL; > > + if (entry->length == 0) { > + printk(KERN_ERR PREFIX "[%4.4s:0x%02x] Invalid zero length\n", > + id, entry_id); > + return -EINVAL; > + } > + > entry = (struct acpi_subtable_header *) > ((unsigned long)entry + entry->length); > } > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel