Change the iteration, to make sure the ACPI_MCFG_ALLOCATION structure we're
reading fits the table we allocated. Linux does the same. I have a laptop which, for some reason, reports a table size of 62 bytes. Clearly that's incorrect, it should be 60 (44 + 16). Because of the stray +2, here the kernel reads past the end of the allocated buffer, hits an unmapped VA, and panics at boot time. So the laptop can't boot. Now it boots fine.
This commit is contained in:
parent
40a6999954
commit
144c24be17
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: acpi_mcfg.c,v 1.5 2018/02/28 05:50:06 msaitoh Exp $ */
|
||||
/* $NetBSD: acpi_mcfg.c,v 1.6 2018/04/06 17:30:25 maxv Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (C) 2015 NONAKA Kimihiro <nonaka@NetBSD.org>
|
||||
|
@ -26,7 +26,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: acpi_mcfg.c,v 1.5 2018/02/28 05:50:06 msaitoh Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: acpi_mcfg.c,v 1.6 2018/04/06 17:30:25 maxv Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/device.h>
|
||||
|
@ -287,7 +287,8 @@ acpimcfg_probe(struct acpi_softc *sc)
|
|||
nsegs = 0;
|
||||
offset = sizeof(ACPI_TABLE_MCFG);
|
||||
ama = ACPI_ADD_PTR(ACPI_MCFG_ALLOCATION, mcfg, offset);
|
||||
for (i = 0; offset < mcfg->Header.Length; i++) {
|
||||
for (i = 0; offset + sizeof(ACPI_MCFG_ALLOCATION) <=
|
||||
mcfg->Header.Length; i++) {
|
||||
aprint_debug_dev(sc->sc_dev,
|
||||
"MCFG: segment %d, bus %d-%d, address 0x%016" PRIx64 "\n",
|
||||
ama->PciSegment, ama->StartBusNumber, ama->EndBusNumber,
|
||||
|
|
Loading…
Reference in New Issue