From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Tue, 10 Sep 2013 14:40:34 +0000 (+0200)
Subject: x86/ioapic: avoid trying to access the -1th ioapic
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~6385
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ef0ea8c2bbb3718df1dee8f15ff3206bf592b253;p=xen.git

x86/ioapic: avoid trying to access the -1th ioapic

Discovered by Coverity, CID 1055743

Depending on the contents of the mp_irqs/mp_ioapics from the MP table,
find_isa_irq_apic() might return -1, at which point calling
ioapic_read_entry() with it is bad.

In addition to bailing if pin is -1, bail if apic is -1.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
---

diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c
index 048c61cc9b..5512cd591f 100644
--- a/xen/arch/x86/io_apic.c
+++ b/xen/arch/x86/io_apic.c
@@ -1828,7 +1828,7 @@ static void __init unlock_ExtINT_logic(void)
 
     pin = find_isa_irq_pin(8, mp_INT);
     apic = find_isa_irq_apic(8, mp_INT);
-    if (pin == -1)
+    if ( pin == -1 || apic == -1 )
         return;
 
     entry0 = ioapic_read_entry(apic, pin, 0);