github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-22 13:37:10 +00:00
Code Issues Projects Releases Wiki Activity

hv: fix potential buffer overflow in vioapic.c

Browse Source 
@vioapic_set_pinstate() & vioapic_need_intr(),
 add checking input value range for 'pin'.

Tracked-On: #1479
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Yonghua Huang 2018-10-17 19:15:05 +08:00 committed by wenlingz
parent eb328d78ea
commit 102f5a0141
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
hypervisor/dm/vioapic.c
View File

@ -85,8 +85,13 @@ static void
vioapic_set_pinstate(struct acrn_vioapic *vioapic, uint16_t pin, uint32_t level) vioapic_set_pinstate(struct acrn_vioapic *vioapic, uint16_t pin, uint32_t level)
{ {
uint32_t old_lvl; uint32_t old_lvl;
union ioapic_rte rte = vioapic->rtbl[pin]; union ioapic_rte rte;
if (pin >= REDIR_ENTRIES_HW) {
return;
}
rte = vioapic->rtbl[pin];
old_lvl = (uint32_t)bitmap_test(pin & 0x3FU, &vioapic->pin_state[pin >> 6U]); old_lvl = (uint32_t)bitmap_test(pin & 0x3FU, &vioapic->pin_state[pin >> 6U]);
if (level == 0U) { if (level == 0U) {
/* clear pin_state and deliver interrupt according to polarity */ /* clear pin_state and deliver interrupt according to polarity */
@ -245,9 +250,15 @@ vioapic_indirect_read(struct acrn_vioapic *vioapic, uint32_t addr)
static inline bool vioapic_need_intr(struct acrn_vioapic *vioapic, uint16_t pin) static inline bool vioapic_need_intr(struct acrn_vioapic *vioapic, uint16_t pin)
{ {
uint32_t lvl =(uint32_t)bitmap_test(pin & 0x3FU, uint32_t lvl;
&vioapic->pin_state[pin >> 6U]); union ioapic_rte rte;
union ioapic_rte rte = vioapic->rtbl[pin];
if (pin >= REDIR_ENTRIES_HW) {
return false;
}
rte = vioapic->rtbl[pin];
lvl = (uint32_t)bitmap_test(pin & 0x3FU, &vioapic->pin_state[pin >> 6U]);
return !!((((rte.full & IOAPIC_RTE_INTPOL) != 0UL) && lvl == 0U) || return !!((((rte.full & IOAPIC_RTE_INTPOL) != 0UL) && lvl == 0U) ||
(((rte.full & IOAPIC_RTE_INTPOL) == 0UL) && lvl != 0U)); (((rte.full & IOAPIC_RTE_INTPOL) == 0UL) && lvl != 0U));