From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 685BCC432BE for ; Sat, 28 Aug 2021 10:37:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3093D60FC3 for ; Sat, 28 Aug 2021 10:37:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233837AbhH1Kig (ORCPT ); Sat, 28 Aug 2021 06:38:36 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:42814 "EHLO galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233807AbhH1Kif (ORCPT ); Sat, 28 Aug 2021 06:38:35 -0400 Date: Sat, 28 Aug 2021 10:37:42 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1630147064; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GUBreEWSeJdI+xIgn8oqqOgSWLasoexxUz4WbzqcM6w=; b=2e1sQM7gZrHU8CcrVIwOWyDTxiRizUg7zwPXcl7ebXe/qnjSmdE4jpzjlz58xivYO1aobK nWvC4oQ8ORkY/W4FixWd8nIQvbrKMtErxBLNQHV8MGWvg+wDcWUvGApAM7qFWozfQmhRvX 0lIXYTDnxoDMiswo45pIoQ0UsnHOoaQ5NW2fCvtlQg+ygl/xzM7xfldF2UBpARZNWmfKtI qi/vr2ua3xxFh3ABOCzgz0vPqIqrYjaoe8uRiITiavEPNFLcLtv6R5AL31aMF1pp5gBLAo lng+4Ska2o/ydR+k4qGi2bZ8sYPpg7cugqqGuKNHWt/j+TjxAQwtR3TNPHv5/Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1630147064; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GUBreEWSeJdI+xIgn8oqqOgSWLasoexxUz4WbzqcM6w=; b=gYNVnionqJ7sFTpLkET7aHnWfSh4TfSIWZ0EAvRisvefM4CkKMdt1EgzOoPnQOAovRj2ij VSQyiofcBG5JHOAw== From: "tip-bot2 for Shuai Xue" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: efi/core] efi: cper: check section header more appropriately Cc: Shuai Xue , Ard Biesheuvel , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <163014706251.25758.11166991934016346418.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the efi/core branch of tip: Commit-ID: 1be72c8e0786727df375f11c8178ce7e65eea20e Gitweb: https://git.kernel.org/tip/1be72c8e0786727df375f11c8178ce7e65eea20e Author: Shuai Xue AuthorDate: Mon, 23 Aug 2021 19:56:54 +08:00 Committer: Ard Biesheuvel CommitterDate: Fri, 27 Aug 2021 16:03:01 +02:00 efi: cper: check section header more appropriately When checking a generic status block, we iterate over all the generic data blocks. The loop condition checks that the generic data block is valid. Because the size of data blocks (excluding error data) may vary depending on the revision and the revision is contained within the data block, we should ensure that enough of the current data block is valid appropriately for different revision. Signed-off-by: Shuai Xue Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/cper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c index 1cb7097..73bdbd2 100644 --- a/drivers/firmware/efi/cper.c +++ b/drivers/firmware/efi/cper.c @@ -632,7 +632,7 @@ int cper_estatus_check(const struct acpi_hest_generic_status *estatus) data_len = estatus->data_length; apei_estatus_for_each_section(estatus, gdata) { - if (sizeof(struct acpi_hest_generic_data) > data_len) + if (acpi_hest_get_size(gdata) > data_len) return -EINVAL; record_size = acpi_hest_get_record_size(gdata);