Linux-ACPI Archive on lore.kernel.org
 help / color / Atom feed
* [tip: x86/urgent] x86/boot: Handle malformed SRAT tables during early ACPI parsing
       [not found] <CAHKq8taGzj0u1E_i=poHUam60Bko5BpiJ9jn0fAupFUYexvdUQ@mail.gmail.com>
@ 2020-01-31 18:58 ` tip-bot2 for Steven Clarkson
  2020-01-31 19:10 ` tip-bot2 for Steven Clarkson
  1 sibling, 0 replies; 2+ messages in thread
From: tip-bot2 for Steven Clarkson @ 2020-01-31 18:58 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Steven Clarkson, Borislav Petkov, linux-acpi, x86, LKML

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     32ea5bc7ab8344600e87acf68cd6981c845d6edc
Gitweb:        https://git.kernel.org/tip/32ea5bc7ab8344600e87acf68cd6981c845d6edc
Author:        Steven Clarkson <sc@lambdal.com>
AuthorDate:    Thu, 30 Jan 2020 16:48:16 -08:00
Committer:     Borislav Petkov <bp@suse.de>
CommitterDate: Fri, 31 Jan 2020 19:54:35 +01:00

x86/boot: Handle malformed SRAT tables during early ACPI parsing

Break an infinite loop when early parsing of the SRAT table is caused
by a subtable with zero length. Known to affect the ASUS WS X299 SAGE
motherboard with firmware version 1201 which has a large block of
zeros in its SRAT table. The kernel could boot successfully on this
board/firmware prior to the introduction of early parsing this table or
after a BIOS update.

 [ bp: Fixup whitespace damage and commit message. ]

Fixes: 02a3e3cdb7f1 ("x86/boot: Parse SRAT table and count immovable memory regions")
Signed-off-by: Steven Clarkson <sc@lambdal.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: linux-acpi@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206343
Link: https://lkml.kernel.org/r/CAHKq8taGzj0u1E_i=poHUam60Bko5BpiJ9jn0fAupFUYexvdUQ@mail.gmail.com
---
 arch/x86/boot/compressed/acpi.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c
index 25019d4..ef2ad72 100644
--- a/arch/x86/boot/compressed/acpi.c
+++ b/arch/x86/boot/compressed/acpi.c
@@ -393,7 +393,13 @@ int count_immovable_mem_regions(void)
 	table = table_addr + sizeof(struct acpi_table_srat);
 
 	while (table + sizeof(struct acpi_subtable_header) < table_end) {
+
 		sub_table = (struct acpi_subtable_header *)table;
+		if (!sub_table->length) {
+			debug_putstr("Invalid zero length SRAT subtable.\n");
+			return 0;
+		}
+
 		if (sub_table->type == ACPI_SRAT_TYPE_MEMORY_AFFINITY) {
 			struct acpi_srat_mem_affinity *ma;
 

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [tip: x86/urgent] x86/boot: Handle malformed SRAT tables during early ACPI parsing
       [not found] <CAHKq8taGzj0u1E_i=poHUam60Bko5BpiJ9jn0fAupFUYexvdUQ@mail.gmail.com>
  2020-01-31 18:58 ` [tip: x86/urgent] x86/boot: Handle malformed SRAT tables during early ACPI parsing tip-bot2 for Steven Clarkson
@ 2020-01-31 19:10 ` tip-bot2 for Steven Clarkson
  1 sibling, 0 replies; 2+ messages in thread
From: tip-bot2 for Steven Clarkson @ 2020-01-31 19:10 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Steven Clarkson, Borislav Petkov, linux-acpi, x86, LKML

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     2b73ea3796242608b4ccf019ff217156c92e92fe
Gitweb:        https://git.kernel.org/tip/2b73ea3796242608b4ccf019ff217156c92e92fe
Author:        Steven Clarkson <sc@lambdal.com>
AuthorDate:    Thu, 30 Jan 2020 16:48:16 -08:00
Committer:     Borislav Petkov <bp@suse.de>
CommitterDate: Fri, 31 Jan 2020 20:03:23 +01:00

x86/boot: Handle malformed SRAT tables during early ACPI parsing

Break an infinite loop when early parsing of the SRAT table is caused
by a subtable with zero length. Known to affect the ASUS WS X299 SAGE
motherboard with firmware version 1201 which has a large block of
zeros in its SRAT table. The kernel could boot successfully on this
board/firmware prior to the introduction of early parsing this table or
after a BIOS update.

 [ bp: Fixup whitespace damage and commit message. Make it return 0 to
   denote that there are no immovable regions because who knows what
   else is broken in this BIOS. ]

Fixes: 02a3e3cdb7f1 ("x86/boot: Parse SRAT table and count immovable memory regions")
Signed-off-by: Steven Clarkson <sc@lambdal.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: linux-acpi@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206343
Link: https://lkml.kernel.org/r/CAHKq8taGzj0u1E_i=poHUam60Bko5BpiJ9jn0fAupFUYexvdUQ@mail.gmail.com
---
 arch/x86/boot/compressed/acpi.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c
index 25019d4..ef2ad72 100644
--- a/arch/x86/boot/compressed/acpi.c
+++ b/arch/x86/boot/compressed/acpi.c
@@ -393,7 +393,13 @@ int count_immovable_mem_regions(void)
 	table = table_addr + sizeof(struct acpi_table_srat);
 
 	while (table + sizeof(struct acpi_subtable_header) < table_end) {
+
 		sub_table = (struct acpi_subtable_header *)table;
+		if (!sub_table->length) {
+			debug_putstr("Invalid zero length SRAT subtable.\n");
+			return 0;
+		}
+
 		if (sub_table->type == ACPI_SRAT_TYPE_MEMORY_AFFINITY) {
 			struct acpi_srat_mem_affinity *ma;
 

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CAHKq8taGzj0u1E_i=poHUam60Bko5BpiJ9jn0fAupFUYexvdUQ@mail.gmail.com>
2020-01-31 18:58 ` [tip: x86/urgent] x86/boot: Handle malformed SRAT tables during early ACPI parsing tip-bot2 for Steven Clarkson
2020-01-31 19:10 ` tip-bot2 for Steven Clarkson

Linux-ACPI Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-acpi/0 linux-acpi/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-acpi linux-acpi/ https://lore.kernel.org/linux-acpi \
		linux-acpi@vger.kernel.org
	public-inbox-index linux-acpi

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-acpi


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git