github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-08-13 13:56:19 +00:00
Code Issues Projects Releases Wiki Activity

hv: fix some potential array overflow risk

Browse Source 
'pcpu_id' should be less than CONFIG_MAX_PCPU_NUM,
else 'per_cpu_data' will overflow. This commit fixes
this potential overflow issue.

Tracked-On: #3407
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Tianhua Sun 2019-07-05 09:51:40 +08:00 committed by ACRN System Integration
parent de125e6c6f
commit 877ce914a2
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hypervisor/arch/x86/lapic.c
View File

@ -254,7 +254,7 @@ void send_dest_ipi_mask(uint32_t dest_mask, uint32_t vector)
pcpu_id = ffs64(mask);
while (pcpu_id != INVALID_BIT_INDEX) {
while (pcpu_id < CONFIG_MAX_PCPU_NUM) {
bitmap32_clear_nolock(pcpu_id, &mask);
if (bitmap_test(pcpu_id, &pcpu_active_bitmap)) {
icr.value_32.hi_32 = per_cpu(lapic_id, pcpu_id);

2
hypervisor/arch/x86/notify.c
View File

@ -37,7 +37,7 @@ void smp_call_function(uint64_t mask, smp_call_func_t func, void *data)
/* wait for previous smp call complete, which may run on other cpus */
while (atomic_cmpxchg64(&smp_call_mask, 0UL, mask & INVALID_BIT_INDEX) != 0UL);
pcpu_id = ffs64(mask);
while (pcpu_id != INVALID_BIT_INDEX) {
while (pcpu_id < CONFIG_MAX_PCPU_NUM) {
bitmap_clear_nolock(pcpu_id, &mask);
if (bitmap_test(pcpu_id, &pcpu_active_bitmap)) {
smp_call = &per_cpu(smp_call_info, pcpu_id);