From 3b5ca240edb5300fedc0a29c1b839984bdbbc89c Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Fri, 6 Sep 2013 14:49:38 +0200
Subject: AMD IOMMU: add missing check

We shouldn't accept IVHD tables specifying IO-APIC IDs beyond the limit
we support (MAX_IO_APICS, currently 128).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Suravee Suthikulpanit <suravee.suthikulapanit@amd.com>
master commit: 3785d30efe8264b899499e0883b10cc434bd0959
master date: 2013-08-29 09:31:37 +0200
---
 xen/drivers/passthrough/amd/iommu_acpi.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c
index 2b52ea91b4..2c23646647 100644
--- a/xen/drivers/passthrough/amd/iommu_acpi.c
+++ b/xen/drivers/passthrough/amd/iommu_acpi.c
@@ -677,6 +677,13 @@ static u16 __init parse_ivhd_device_special(
         if ( IO_APIC_ID(apic) != special->handle )
             continue;
 
+        if ( special->handle >= ARRAY_SIZE(ioapic_sbdf) )
+        {
+            printk(XENLOG_ERR "IVHD Error: IO-APIC %#x entry beyond bounds\n",
+                   special->handle);
+            return 0;
+        }
+
         if ( ioapic_sbdf[special->handle].pin_setup )
         {
             if ( ioapic_sbdf[special->handle].bdf == bdf &&
-- 
cgit v1.2.3