upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-06 07:12:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

gic_acpi: Limit the number of CPUs to GIC_MAXCPU

Browse source 
madt_table_data contains an array of pointers for each CPU and was
allocated on the stack.  If MAXCPU is raised to a sufficiently large
value this can overflow the kernel stack.  Cap the stack growth by
using GIC_MAXCPU instead as for other parts of the gicv1/v2 driver in
commit a0e20c0ded.

Suggested by:	andrew
Reviewed by:	andrew, emaste
Obtained from:	CheriBSD
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D41800
This commit is contained in:
John Baldwin 2023-09-09 12:13:57 -07:00
parent 98b98ec1bc
commit d0af08c4ba
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sys/arm/arm/gic_acpi.c
View file

@ -84,7 +84,7 @@ EARLY_DRIVER_MODULE(gic, acpi, gic_acpi_driver, 0, 0,
struct madt_table_data {
device_t parent;
ACPI_MADT_GENERIC_DISTRIBUTOR *dist;
ACPI_MADT_GENERIC_INTERRUPT *intr[MAXCPU];
ACPI_MADT_GENERIC_INTERRUPT *intr[GIC_MAXCPU];
};
static void
@ -107,7 +107,7 @@ madt_handler(ACPI_SUBTABLE_HEADER *entry, void *arg)
break;
case ACPI_MADT_TYPE_GENERIC_INTERRUPT:
intr = (ACPI_MADT_GENERIC_INTERRUPT *)entry;
if (intr->CpuInterfaceNumber < MAXCPU)
if (intr->CpuInterfaceNumber < GIC_MAXCPU)
madt_data->intr[intr->CpuInterfaceNumber] = intr;
break;
}
@ -151,7 +151,7 @@ gic_acpi_identify(driver_t *driver, device_t parent)
}
intr = NULL;
for (i = 0; i < MAXCPU; i++) {
for (i = 0; i < GIC_MAXCPU; i++) {
if (madt_data.intr[i] != NULL) {
if (intr == NULL) {
intr = madt_data.intr[i];