CVS commit: src/sys/dev/acpi

Sun, 22 Dec 2019 14:18:58 -0800 

Module Name:    src
Committed By:   ad
Date:           Sun Dec 22 22:18:04 UTC 2019

Modified Files:
        src/sys/dev/acpi: acpi_srat.c

Log Message:
Avoid doing zero sized allocations if we get bad data.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/sys/dev/acpi/acpi_srat.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/acpi/acpi_srat.c
diff -u src/sys/dev/acpi/acpi_srat.c:1.6 src/sys/dev/acpi/acpi_srat.c:1.7
--- src/sys/dev/acpi/acpi_srat.c:1.6	Tue Oct  1 18:00:08 2019
+++ src/sys/dev/acpi/acpi_srat.c	Sun Dec 22 22:18:04 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: acpi_srat.c,v 1.6 2019/10/01 18:00:08 chs Exp $ */
+/* $NetBSD: acpi_srat.c,v 1.7 2019/12/22 22:18:04 ad Exp $ */
 
 /*
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: acpi_srat.c,v 1.6 2019/10/01 18:00:08 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: acpi_srat.c,v 1.7 2019/12/22 22:18:04 ad Exp $");
 
 #include <sys/param.h>
 #include <sys/kmem.h>
@@ -334,6 +334,11 @@ acpisrat_refresh(void)
 
 	nnodes = MAX(cnodes, mnodes) + 1;
 
+	if (nnodes == 0 || nmems == 0 || ncpus == 0) {
+		rc = ENOENT;
+		goto fail;
+	}
+
 	node_array = kmem_zalloc(nnodes * sizeof(struct acpisrat_node),
 	    KM_SLEEP);
 	cpu_array = kmem_zalloc(ncpus * sizeof(struct acpisrat_cpu),
@@ -358,15 +363,20 @@ acpisrat_refresh(void)
 	for (i = 0; i < nnodes; i++) {
 		node_array[i].nodeid = i;
 
-		node_array[i].cpu = kmem_zalloc(node_array[i].ncpus *
-		    sizeof(struct acpisrat_cpu *), KM_SLEEP);
-		node_array[i].mem = kmem_zalloc(node_array[i].nmems *
-		    sizeof(struct acpisrat_mem *), KM_SLEEP);
+		if (node_array[i].ncpus != 0) {
+			node_array[i].cpu = kmem_zalloc(node_array[i].ncpus *
+			    sizeof(struct acpisrat_cpu *), KM_SLEEP);
+		}
+		if (node_array[i].nmems != 0) {
+			node_array[i].mem = kmem_zalloc(node_array[i].nmems *
+			    sizeof(struct acpisrat_mem *), KM_SLEEP);
+		}
 
 		k = 0;
 		for (j = 0; j < ncpus; j++) {
 			if (cpu_array[j].nodeid != i)
 				continue;
+			KASSERT(node_array[i].cpu != NULL);
 			node_array[i].cpu[k] = &cpu_array[j];
 			k++;
 		}
@@ -375,11 +385,13 @@ acpisrat_refresh(void)
 		for (j = 0; j < nmems; j++) {
 			if (mem_array[j].nodeid != i)
 				continue;
+			KASSERT(node_array[i].mem != NULL);
 			node_array[i].mem[k] = &mem_array[j];
 			k++;
 		}
 	}
 
+ fail:
 	while ((citer = CPU_FIRST()) != NULL) {
 		CPU_REM(citer);
 		cpu_free(citer);
@@ -390,7 +402,7 @@ acpisrat_refresh(void)
 		mem_free(miter);
 	}
 
-	return 0;
+	return rc;
 }
 
 /*

Reply via email to