From mboxrd@z Thu Jan  1 00:00:00 1970
From: Keir Fraser <keir.xen@gmail.com>
Subject: Re: [PATCH] x86/ACPI/x2APIC: guard against out of range
 ACPI or APIC IDs
Date: Wed, 30 Oct 2013 20:38:33 +0000
Message-ID: <CE971EC9.62178%keir.xen@gmail.com>
References: <5271258402000078000FE219@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <keir.xen@gmail.com>) id 1VbcXM-0005Ix-EM
	for xen-devel@lists.xenproject.org; Wed, 30 Oct 2013 20:38:44 +0000
Received: by mail-wg0-f43.google.com with SMTP id b13so1870398wgh.10
	for <xen-devel@lists.xenproject.org>;
	Wed, 30 Oct 2013 13:38:41 -0700 (PDT)
In-Reply-To: <5271258402000078000FE219@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>, xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

On 30/10/2013 14:28, "Jan Beulich" <JBeulich@suse.com> wrote:

> Other than for the legacy APIC, the x2APIC MADT entries have valid
> ranges possibly extending beyond what our internal arrays can handle,
> and hence we need to guard ourselves against corrupting memory here.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Keir Fraser <keir@xen.org>

> --- a/xen/arch/x86/acpi/boot.c
> +++ b/xen/arch/x86/acpi/boot.c
> @@ -97,7 +97,20 @@ acpi_parse_x2apic(struct acpi_subtable_h
>  
> acpi_table_print_madt_entry(header);
>  
> - /* Record local apic id only when enabled */
> + /* Record local apic id only when enabled and fitting. */
> + if (processor->local_apic_id >= MAX_APICS ||
> +     processor->uid >= MAX_MADT_ENTRIES) {
> +  printk("%sAPIC ID %#x and/or ACPI ID %#x beyond limit"
> +         " - processor ignored\n",
> +         processor->lapic_flags & ACPI_MADT_ENABLED ?
> +    KERN_WARNING "WARNING: " : KERN_INFO,
> +         processor->local_apic_id, processor->uid);
> +  /*
> +   * Must not return an error here, to prevent
> +   * acpi_table_parse_entries() from terminating early.
> +   */
> +  return 0 /* -ENOSPC */;
> + }
> if (processor->lapic_flags & ACPI_MADT_ENABLED) {
> x86_acpiid_to_apicid[processor->uid] =
> processor->local_apic_id;
> 
> 
>