ia64/xen-unstable

changeset 17378:a7181b2f7d44

VT-d: Make ACPI DMAR parsing more robust

Parsing ACPI related VT-d tables may cause infinite loop due to u8
value wraparound. Also add sanity check on table length entry.

Signed-off-by: Espen Skoglund <espen.skoglund@netronome.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Apr 03 11:19:50 2008 +0100 (2008-04-03)
parents d48551c66377
children fedb66235136
files xen/drivers/passthrough/vtd/dmar.c
line diff
     1.1 --- a/xen/drivers/passthrough/vtd/dmar.c	Wed Apr 02 15:46:52 2008 +0100
     1.2 +++ b/xen/drivers/passthrough/vtd/dmar.c	Thu Apr 03 11:19:50 2008 +0100
     1.3 @@ -211,7 +211,7 @@ struct acpi_atsr_unit * acpi_find_matche
     1.4  static int scope_device_count(void *start, void *end)
     1.5  {
     1.6      struct acpi_dev_scope *scope;
     1.7 -    u8 bus, sub_bus, sec_bus;
     1.8 +    u16 bus, sub_bus, sec_bus;
     1.9      struct acpi_pci_path *path;
    1.10      int depth, count = 0;
    1.11      u8 dev, func;
    1.12 @@ -231,7 +231,7 @@ static int scope_device_count(void *star
    1.13          bus = scope->start_bus;
    1.14          depth = (scope->length - sizeof(struct acpi_dev_scope))
    1.15  		    / sizeof(struct acpi_pci_path);
    1.16 -        while ( --depth )
    1.17 +        while ( --depth >= 0 )
    1.18          {
    1.19              bus = read_pci_config_byte(
    1.20                  bus, path->dev, path->fn, PCI_SECONDARY_BUS);
    1.21 @@ -301,7 +301,7 @@ static int __init acpi_parse_dev_scope(
    1.22      void *start, void *end, void *acpi_entry, int type)
    1.23  {
    1.24      struct acpi_dev_scope *scope;
    1.25 -    u8 bus, sub_bus, sec_bus;
    1.26 +    u16 bus, sub_bus, sec_bus;
    1.27      struct acpi_pci_path *path;
    1.28      struct acpi_ioapic_unit *acpi_ioapic_unit = NULL;
    1.29      int depth;
    1.30 @@ -353,7 +353,7 @@ static int __init acpi_parse_dev_scope(
    1.31  		    / sizeof(struct acpi_pci_path);
    1.32          bus = scope->start_bus;
    1.33  
    1.34 -        while ( --depth )
    1.35 +        while ( --depth >= 0 )
    1.36          {
    1.37              bus = read_pci_config_byte(
    1.38                  bus, path->dev, path->fn, PCI_SECONDARY_BUS);