On 28/03/18 13:47, Dan Carpenter wrote:
> If acpi_id is == nr_acpi_bits, then we access one element beyond the end
> of the acpi_psd[] array or we set one bit beyond the end of the bit map
> when we do __set_bit(acpi_id, acpi_id_cst_present);
>
> Fixes: 59a568029181 ("xen/acpi-processor: C and P-state driver that uploads said data to hypervisor.")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> diff --git a/drivers/xen/xen-acpi-processor.c b/drivers/xen/xen-acpi-processor.c
> index c80195e8fbd1..d23c9c150199 100644
> --- a/drivers/xen/xen-acpi-processor.c
> +++ b/drivers/xen/xen-acpi-processor.c
> @@ -364,7 +364,7 @@ read_acpi_id(acpi_handle handle, u32 lvl, void *context, void **rv)
> }
> /* There are more ACPI Processor objects than in x2APIC or MADT.
> * This can happen with incorrect ACPI SSDT declerations. */
> - if (acpi_id > nr_acpi_bits) {
> + if (acpi_id >= nr_acpi_bits) {
> pr_debug("We only have %u, trying to set %u\n",
> nr_acpi_bits, acpi_id);
Can you please modify this message, too? E.g. something like:
pr_debug("max acpi id %u, trying to set %u\n",
nr_acpi_bits - 1, acpi_id);
With that:
Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
Juergen
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
