github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-09-08 12:19:06 +00:00
Code Issues Projects Releases Wiki Activity

HV:fix potential buffer overflow issues

Browse Source 
- use sizeof(struct lapic_regs),instead of arbitrary size
   to lear 'apic_page' memory region in vlapic.c
 - fix potential buffer overflow issues in vpic.c & ioapic.c

Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Yonghua Huang
2018-09-18 17:44:09 +08:00
committed by lijinxia
parent b501ce4388
commit 994a375103
4 changed files with 42 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hypervisor/arch/x86/guest/vlapic.c
View File

@@ -1562,7 +1562,7 @@ vlapic_reset(struct acrn_vlapic *vlapic)
struct lapic_regs *lapic;
lapic = &(vlapic->apic_page);
(void)memset((void *)lapic, 0U, CPU_PAGE_SIZE);
(void)memset((void *)lapic, 0U, sizeof(struct lapic_regs));
(void)memset((void *)&(vlapic->pir_desc), 0U, sizeof(vlapic->pir_desc));
lapic->id.v = vlapic_build_id(vlapic);

7
hypervisor/arch/x86/ioapic.c
View File

@@ -289,14 +289,17 @@ uint32_t pin_to_irq(uint8_t pin)
void
irq_gsi_mask_unmask(uint32_t irq, bool mask)
{
void *addr = gsi_table[irq].addr;
uint8_t pin = gsi_table[irq].pin;
void *addr;
uint8_t pin;
union ioapic_rte rte;
if (!irq_is_gsi(irq)) {
return;
}
addr = gsi_table[irq].addr;
pin = gsi_table[irq].pin;
ioapic_get_rte_entry(addr, pin, &rte);
if (mask) {
rte.full |= IOAPIC_RTE_INTMSET;