summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMark Kettenis <kettenis@cvs.openbsd.org>2011-10-21 18:16:14 +0000
committerMark Kettenis <kettenis@cvs.openbsd.org>2011-10-21 18:16:14 +0000
commita869f06457eb2f5eb2dffa0e294d6b41ce048acd (patch)
tree7f2899bab02f7d34e22754d6999b900cf831ed7c /sys
parent51310ef2491b487d1b4fe8607b23c124e809ec2c (diff)
Add bounds checks for access to mp_busses. Also make sure that we don't
accidentally use ISA or EISA interrupt mappings on PCI busses. ok jsg@
Diffstat (limited to 'sys')
-rw-r--r--sys/arch/i386/i386/mpbios.c12
-rw-r--r--sys/arch/i386/include/mpbiosvar.h3
-rw-r--r--sys/arch/i386/pci/pci_machdep.c16
3 files changed, 19 insertions, 12 deletions
diff --git a/sys/arch/i386/i386/mpbios.c b/sys/arch/i386/i386/mpbios.c
index b1e3d10d5a8..aebb80401dc 100644
--- a/sys/arch/i386/i386/mpbios.c
+++ b/sys/arch/i386/i386/mpbios.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mpbios.c,v 1.33 2009/08/13 13:24:48 kettenis Exp $ */
+/* $OpenBSD: mpbios.c,v 1.34 2011/10/21 18:16:13 kettenis Exp $ */
/* $NetBSD: mpbios.c,v 1.2 2002/10/01 12:56:57 fvdl Exp $ */
/*-
@@ -480,7 +480,7 @@ static struct mpbios_baseentry mp_conf[] =
};
struct mp_bus *mp_busses;
-int mp_nbus;
+int mp_nbusses;
struct mp_intr_map *mp_intrs;
int mp_nintrs;
@@ -614,8 +614,8 @@ mpbios_scan(struct device *self)
if (type == MPS_MCT_BUS) {
const struct mpbios_bus *bp =
(const struct mpbios_bus *)position;
- if (bp->bus_id >= mp_nbus)
- mp_nbus = bp->bus_id + 1;
+ if (bp->bus_id >= mp_nbusses)
+ mp_nbusses = bp->bus_id + 1;
}
/*
@@ -637,7 +637,7 @@ mpbios_scan(struct device *self)
}
}
- mp_busses = malloc(sizeof(struct mp_bus) * mp_nbus,
+ mp_busses = malloc(sizeof(struct mp_bus) * mp_nbusses,
M_DEVBUF, M_NOWAIT|M_ZERO);
mp_intrs = malloc(sizeof(struct mp_intr_map) * intr_cnt,
M_DEVBUF, M_NOWAIT);
@@ -992,7 +992,7 @@ mpbios_bus(const u_int8_t *ent, struct device *self)
* This "should not happen" unless the table changes out
* from underneath us
*/
- if (bus_id >= mp_nbus) {
+ if (bus_id >= mp_nbusses) {
panic("%s: bus number %d out of range?? (type %6.6s)",
self->dv_xname, bus_id, entry->bus_type);
}
diff --git a/sys/arch/i386/include/mpbiosvar.h b/sys/arch/i386/include/mpbiosvar.h
index 86525ffae1c..35ec69974a5 100644
--- a/sys/arch/i386/include/mpbiosvar.h
+++ b/sys/arch/i386/include/mpbiosvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: mpbiosvar.h,v 1.9 2011/03/23 16:54:35 pirofti Exp $ */
+/* $OpenBSD: mpbiosvar.h,v 1.10 2011/10/21 18:16:13 kettenis Exp $ */
/* $NetBSD: mpbiosvar.h,v 1.1.2.3 2000/02/29 13:17:20 sommerfeld Exp $ */
/*-
@@ -69,6 +69,7 @@ struct mp_intr_map
#if defined(_KERNEL)
extern int mp_verbose;
extern struct mp_bus *mp_busses;
+extern int mp_nbusses;
extern struct mp_intr_map *mp_intrs;
extern int mp_nintrs;
extern struct mp_bus *mp_isa_bus;
diff --git a/sys/arch/i386/pci/pci_machdep.c b/sys/arch/i386/pci/pci_machdep.c
index 0cbf206f5d7..55394bafcf9 100644
--- a/sys/arch/i386/pci/pci_machdep.c
+++ b/sys/arch/i386/pci/pci_machdep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pci_machdep.c,v 1.64 2011/10/13 18:09:33 kettenis Exp $ */
+/* $OpenBSD: pci_machdep.c,v 1.65 2011/10/21 18:16:13 kettenis Exp $ */
/* $NetBSD: pci_machdep.c,v 1.28 1997/06/06 23:29:17 thorpej Exp $ */
/*-
@@ -639,10 +639,16 @@ pci_intr_map(struct pci_attach_args *pa, pci_intr_handle_t *ihp)
*/
int mpspec_pin = (dev<<2)|(pin-1);
- for (mip = mp_busses[bus].mb_intrs; mip != NULL; mip=mip->next) {
- if (mip->bus_pin == mpspec_pin) {
- ihp->line = mip->ioapic_ih | line;
- return 0;
+ if (bus < mp_nbusses) {
+ for (mip = mp_busses[bus].mb_intrs;
+ mip != NULL; mip = mip->next) {
+ if (&mp_busses[bus] == mp_isa_bus ||
+ &mp_busses[bus] == mp_eisa_bus)
+ continue;
+ if (mip->bus_pin == mpspec_pin) {
+ ihp->line = mip->ioapic_ih | line;
+ return 0;
+ }
}
}