a11c33863f
5281fad4-numa-sched-leave-node-affinity-alone-if-not-in-auto-mode.patch 52820823-nested-SVM-adjust-guest-handling-of-structure-mappings.patch 52820863-VMX-don-t-crash-processing-d-debug-key.patch 5282492f-x86-eliminate-has_arch_mmios.patch 52864df2-credit-Update-other-parameters-when-setting-tslice_ms.patch 52864f30-fix-leaking-of-v-cpu_affinity_saved-on-domain-destruction.patch 5289d225-nested-VMX-don-t-ignore-mapping-errors.patch 528a0eb0-x86-consider-modules-when-cutting-off-memory.patch 528f606c-x86-hvm-reset-TSC-to-0-after-domain-resume-from-S3.patch 528f609c-x86-crash-disable-the-watchdog-NMIs-on-the-crashing-cpu.patch 52932418-x86-xsave-fix-nonlazy-state-handling.patch - Add missing requires to pciutils package for xend-tools - bnc#851749 - Xen service file does not call xend properly xend.service - bnc#851386 - VUL-0: xen: XSA-78: Insufficient TLB flushing in VT-d (iommu) code 528a0e5b-TLB-flushing-in-dma_pte_clear_one.patch - bnc#849667 - VUL-0: xen: XSA-74: Lock order reversal between page_alloc_lock and mm_rwlock CVE-2013-4553-xsa74.patch - bnc#849665 - VUL-0: CVE-2013-4551: xen: XSA-75: Host crash due to guest VMX instruction execution 52809208-nested-VMX-VMLANUCH-VMRESUME-emulation-must-check-permission-1st.patch - bnc#849668 - VUL-0: xen: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=279
40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
References: bnc#848014
|
|
|
|
# Commit 2c24cdcce3269f3286790c63821951a1de93c66a
|
|
# Date 2013-11-04 10:10:04 +0100
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
x86/ACPI/x2APIC: guard against out of range ACPI or APIC IDs
|
|
|
|
Other than for the legacy APIC, the x2APIC MADT entries have valid
|
|
ranges possibly extending beyond what our internal arrays can handle,
|
|
and hence we need to guard ourselves against corrupting memory here.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: Keir Fraser <keir@xen.org>
|
|
|
|
--- a/xen/arch/x86/acpi/boot.c
|
|
+++ b/xen/arch/x86/acpi/boot.c
|
|
@@ -97,7 +97,20 @@ acpi_parse_x2apic(struct acpi_subtable_h
|
|
|
|
acpi_table_print_madt_entry(header);
|
|
|
|
- /* Record local apic id only when enabled */
|
|
+ /* Record local apic id only when enabled and fitting. */
|
|
+ if (processor->local_apic_id >= MAX_APICS ||
|
|
+ processor->uid >= MAX_MADT_ENTRIES) {
|
|
+ printk("%sAPIC ID %#x and/or ACPI ID %#x beyond limit"
|
|
+ " - processor ignored\n",
|
|
+ processor->lapic_flags & ACPI_MADT_ENABLED ?
|
|
+ KERN_WARNING "WARNING: " : KERN_INFO,
|
|
+ processor->local_apic_id, processor->uid);
|
|
+ /*
|
|
+ * Must not return an error here, to prevent
|
|
+ * acpi_table_parse_entries() from terminating early.
|
|
+ */
|
|
+ return 0 /* -ENOSPC */;
|
|
+ }
|
|
if (processor->lapic_flags & ACPI_MADT_ENABLED) {
|
|
x86_acpiid_to_apicid[processor->uid] =
|
|
processor->local_apic_id;
|