diff options
author | Jan Beulich <jbeulich@suse.com> | 2013-08-29 09:31:37 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-08-29 09:31:37 +0200 |
commit | 3785d30efe8264b899499e0883b10cc434bd0959 (patch) | |
tree | be35971569aae03845d5279e72fc8a2571344c8b /xen/drivers | |
parent | 062919448e2f4b127c9c3c085b1a8e1d56a33051 (diff) | |
download | xen-3785d30efe8264b899499e0883b10cc434bd0959.tar.gz xen-3785d30efe8264b899499e0883b10cc434bd0959.tar.bz2 xen-3785d30efe8264b899499e0883b10cc434bd0959.zip |
AMD IOMMU: add missing checks
For one we shouldn't accept IVHD tables specifying IO-APIC IDs beyond
the limit we support (MAX_IO_APICS, currently 128).
And then we shouldn't memset() a pointer allocation of which failed.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Suravee Suthikulpanit <suravee.suthikulapanit@amd.com>
Diffstat (limited to 'xen/drivers')
-rw-r--r-- | xen/drivers/passthrough/amd/iommu_acpi.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c index 6f270b8fd5..c903f9385c 100644 --- a/xen/drivers/passthrough/amd/iommu_acpi.c +++ b/xen/drivers/passthrough/amd/iommu_acpi.c @@ -674,6 +674,13 @@ static u16 __init parse_ivhd_device_special( if ( IO_APIC_ID(apic) != special->handle ) continue; + if ( special->handle >= ARRAY_SIZE(ioapic_sbdf) ) + { + printk(XENLOG_ERR "IVHD Error: IO-APIC %#x entry beyond bounds\n", + special->handle); + return 0; + } + if ( ioapic_sbdf[special->handle].pin_2_idx ) { if ( ioapic_sbdf[special->handle].bdf == bdf && @@ -943,13 +950,14 @@ static int __init parse_ivrs_table(struct acpi_table_header *table) { ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx = xmalloc_array( u16, nr_ioapic_entries[apic]); - if ( !ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx ) + if ( ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx ) + memset(ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx, -1, + nr_ioapic_entries[apic] * sizeof(*ioapic_sbdf->pin_2_idx)); + else { printk(XENLOG_ERR "IVHD Error: Out of memory\n"); error = -ENOMEM; } - memset(ioapic_sbdf[IO_APIC_ID(apic)].pin_2_idx, -1, - nr_ioapic_entries[apic] * sizeof(*ioapic_sbdf->pin_2_idx)); } } |