[src/trunk]: src/sys/dev/acpi Avoid doing zero sized allocations if we get ba...

[ad <ad%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/0800b4c805ee
branches:  trunk
changeset: 847432:0800b4c805ee
user:      ad <ad%NetBSD.org@localhost>
date:      Sun Dec 22 22:18:04 2019 +0000

description:
Avoid doing zero sized allocations if we get bad data.

diffstat:

 sys/dev/acpi/acpi_srat.c |  26 +++++++++++++++++++-------
 1 files changed, 19 insertions(+), 7 deletions(-)

diffs (78 lines):

diff -r aa298782d56e -r 0800b4c805ee sys/dev/acpi/acpi_srat.c
--- a/sys/dev/acpi/acpi_srat.c  Sun Dec 22 20:59:42 2019 +0000
+++ b/sys/dev/acpi/acpi_srat.c  Sun Dec 22 22:18:04 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: acpi_srat.c,v 1.6 2019/10/01 18:00:08 chs Exp $ */
+/* $NetBSD: acpi_srat.c,v 1.7 2019/12/22 22:18:04 ad Exp $ */
 
 /*
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: acpi_srat.c,v 1.6 2019/10/01 18:00:08 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: acpi_srat.c,v 1.7 2019/12/22 22:18:04 ad Exp $");
 
 #include <sys/param.h>
 #include <sys/kmem.h>
@@ -334,6 +334,11 @@
 
        nnodes = MAX(cnodes, mnodes) + 1;
 
+       if (nnodes == 0 || nmems == 0 || ncpus == 0) {
+               rc = ENOENT;
+               goto fail;
+       }
+
        node_array = kmem_zalloc(nnodes * sizeof(struct acpisrat_node),
            KM_SLEEP);
        cpu_array = kmem_zalloc(ncpus * sizeof(struct acpisrat_cpu),
@@ -358,15 +363,20 @@
        for (i = 0; i < nnodes; i++) {
                node_array[i].nodeid = i;
 
-               node_array[i].cpu = kmem_zalloc(node_array[i].ncpus *
-                   sizeof(struct acpisrat_cpu *), KM_SLEEP);
-               node_array[i].mem = kmem_zalloc(node_array[i].nmems *
-                   sizeof(struct acpisrat_mem *), KM_SLEEP);
+               if (node_array[i].ncpus != 0) {
+                       node_array[i].cpu = kmem_zalloc(node_array[i].ncpus *
+                           sizeof(struct acpisrat_cpu *), KM_SLEEP);
+               }
+               if (node_array[i].nmems != 0) {
+                       node_array[i].mem = kmem_zalloc(node_array[i].nmems *
+                           sizeof(struct acpisrat_mem *), KM_SLEEP);
+               }
 
                k = 0;
                for (j = 0; j < ncpus; j++) {
                        if (cpu_array[j].nodeid != i)
                                continue;
+                       KASSERT(node_array[i].cpu != NULL);
                        node_array[i].cpu[k] = &cpu_array[j];
                        k++;
                }
@@ -375,11 +385,13 @@
                for (j = 0; j < nmems; j++) {
                        if (mem_array[j].nodeid != i)
                                continue;
+                       KASSERT(node_array[i].mem != NULL);
                        node_array[i].mem[k] = &mem_array[j];
                        k++;
                }
        }
 
+ fail:
        while ((citer = CPU_FIRST()) != NULL) {
                CPU_REM(citer);
                cpu_free(citer);
@@ -390,7 +402,7 @@
                mem_free(miter);
        }
 
-       return 0;
+       return rc;
 }
 
 /*