From 5fb83a5dbdfc0650fb81e0536d086f91eaa5f279 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Thu, 3 Apr 2008 11:19:50 +0100 Subject: [PATCH] VT-d: Make ACPI DMAR parsing more robust Parsing ACPI related VT-d tables may cause infinite loop due to u8 value wraparound. Also add sanity check on table length entry. Signed-off-by: Espen Skoglund --- xen/drivers/passthrough/vtd/dmar.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index 915e1d04ef..19d5675a1b 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -211,7 +211,7 @@ struct acpi_atsr_unit * acpi_find_matched_atsr_unit(struct pci_dev *dev) static int scope_device_count(void *start, void *end) { struct acpi_dev_scope *scope; - u8 bus, sub_bus, sec_bus; + u16 bus, sub_bus, sec_bus; struct acpi_pci_path *path; int depth, count = 0; u8 dev, func; @@ -231,7 +231,7 @@ static int scope_device_count(void *start, void *end) bus = scope->start_bus; depth = (scope->length - sizeof(struct acpi_dev_scope)) / sizeof(struct acpi_pci_path); - while ( --depth ) + while ( --depth >= 0 ) { bus = read_pci_config_byte( bus, path->dev, path->fn, PCI_SECONDARY_BUS); @@ -301,7 +301,7 @@ static int __init acpi_parse_dev_scope( void *start, void *end, void *acpi_entry, int type) { struct acpi_dev_scope *scope; - u8 bus, sub_bus, sec_bus; + u16 bus, sub_bus, sec_bus; struct acpi_pci_path *path; struct acpi_ioapic_unit *acpi_ioapic_unit = NULL; int depth; @@ -353,7 +353,7 @@ static int __init acpi_parse_dev_scope( / sizeof(struct acpi_pci_path); bus = scope->start_bus; - while ( --depth ) + while ( --depth >= 0 ) { bus = read_pci_config_byte( bus, path->dev, path->fn, PCI_SECONDARY_BUS); -- 2.30.2