hv:irq: avoid out-of-range access to irq_alloc_bitmap[]

Logically, out-of-range access won't happen at these places. However, it depends on the behaviour of other codes. This commit makes changes to explicitly eliminate the possibility in these functions. Tracked-On: #1235 Signed-off-by: Yan, Like <like.yan@intel.com>
2025-06-18 19:57:31 +00:00 · 2018-09-13 15:17:39 +08:00 · 2018-09-13 15:17:39 +08:00 · ccf562402e
commit ccf562402e
parent 4a038d18b1
1 changed files with 11 additions and 4 deletions
--- a/hypervisor/arch/x86/irq.c
+++ b/hypervisor/arch/x86/irq.c
@ -41,12 +41,13 @@ uint32_t alloc_irq_num(uint32_t req_irq)
 	if (irq == IRQ_INVALID) {
 		/* if no valid irq num given, find a free one */
 		irq = ffz64_ex(irq_alloc_bitmap, NR_IRQS);
-		irq = (irq == NR_IRQS) ? IRQ_INVALID : irq;
 	}

-	if (irq != IRQ_INVALID) {
+	if (irq >= NR_IRQS) {
+		irq = IRQ_INVALID;
+	} else {
 		bitmap_set_nolock((uint16_t)(irq & 0x3FU),
-			      irq_alloc_bitmap + (irq >> 6U));
+				irq_alloc_bitmap + (irq >> 6U));
 	}
 	spinlock_irqrestore_release(&irq_alloc_spinlock, rflags);
 	return irq;
@ -323,7 +324,13 @@ void dispatch_interrupt(struct intr_excp_ctx *ctx)
 	uint32_t irq = vector_to_irq[vr];
 	struct irq_desc *desc;

-	if (irq == IRQ_INVALID) {
+	/* The value from vector_to_irq[] must be:
+	 * IRQ_INVALID, which means the vector is not allocated;
+	 * or
+	 * < NR_IRQS, which is the irq number it bound with;
+	 * Any other value means there is something wrong.
+	 */
+	if (irq == IRQ_INVALID || irq >= NR_IRQS) {
 		goto ERR;
 	}