|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] ACPI: Prevent acpi_table_entries from falling into a infinite loop
>>> On 03.06.14 at 16:54, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 03/06/14 15:51, Malcolm Crossley wrote:
>> If a buggy BIOS programs an ACPI table with entry length 0 then
>> acpi_table_entries gets stuck in an infinite loop.
>>
>> To aid debugging, report the error and exit the loop.
>>
>> Signed-off-by: Malcolm Crossley <malcolm.crossley@xxxxxxxxxx>
>
> Could you put a reference to the Linux commit in the message?
I was about to ask the same.
> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>
>>
>> diff -r 4708591d8aa8 -r af3b2493951c xen/drivers/acpi/tables.c
>> --- a/xen/drivers/acpi/tables.c
>> +++ b/xen/drivers/acpi/tables.c
>> @@ -238,6 +238,12 @@ acpi_table_parse_entries(char *id,
>> if (handler(entry, table_end))
>> return -EINVAL;
>>
>> + if (entry->length == 0) {
Furthermore I think this should be done more robustly by
checking <= sizeof(*entry), and before actually doing anything
else with it.
Jan
>> + printk(KERN_ERR PREFIX "[%4.4s:0x%02x] Invalid zero
>> length\n",
>> + id, entry_id);
>> + return -EINVAL;
>> + }
>> +
>> entry = (struct acpi_subtable_header *)
>> ((unsigned long)entry + entry->length);
>> }
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxx
>> http://lists.xen.org/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |