On 07/12/10 05:05 AM, Rob McMahon wrote:
That can't be good. If state is not CPUPM_P_STATES or CPUPM_T_STATES don't bother setting state_domain and then immediately dereference some garbage from the stack. Surely there should be at least an cmn_err and return there, if not an assert ... I'm sure the function is always called with state being one of the two, but still.
Agreed, this should be hardened. However, cpupm_state_change() is only called from two places: http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/i86pc/os/cpupm/cpupm_throttle.c#360 http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/i86pc/os/cpupm/cpupm_mach.c#735 with the state set to CPUPM_T_STATES or CPUPM_P_STATES. There should not be a path where the uninitialized stack pointer state_domain is dereferenced. Can we agree the hardening should be filed as a P3/P4 and not P1/P2? _______________________________________________ pm-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pm-discuss
