From patchwork Sun Oct 7 02:43:18 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Len Brown X-Patchwork-Id: 1560411 Return-Path: X-Original-To: patchwork-linux-acpi@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 9E3393FD56 for ; Sun, 7 Oct 2012 02:45:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753008Ab2JGCoq (ORCPT ); Sat, 6 Oct 2012 22:44:46 -0400 Received: from mail-qc0-f174.google.com ([209.85.216.174]:35578 "EHLO mail-qc0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752536Ab2JGCoo (ORCPT ); Sat, 6 Oct 2012 22:44:44 -0400 Received: by mail-qc0-f174.google.com with SMTP id d3so2033114qch.19 for ; Sat, 06 Oct 2012 19:44:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:in-reply-to:references:reply-to:organization; bh=sI+uL76p4tCmPBT05oocOcLByKNM/VBPWuR8Demh1+w=; b=FZBUYzXxqFx/Xtl8WLzp2a2+iKEcnebGW119Zg7EHcOp+7H9RPF5BF3fupRKpurFPx xda0lh9tigV0K39qGaD7xElgH7hTNO/6/MWiLI/RQFPz8g9Rl8ZCY0V4YI4pOUc6BDcz E1sbtbYhsbjn90J8LtqrSyqnE35/92SQvZ6+0lGugGXukRfxSl0kwKwCbpa1CY77po// KZzE7dRi2td2kitk1oBFeAssTLI2uTxV8FEkDLeAp00qaofnzUCISeSxWJrj2mLLPE4k 3U4+0GOq1Rogof5Siy6uxbcnxVJFKL/RgsCuBbhoGGynRp321ewmUIMy7nBAGWwF5QDA Md8w== Received: by 10.49.3.227 with SMTP id f3mr34664544qef.60.1349577883350; Sat, 06 Oct 2012 19:44:43 -0700 (PDT) Received: from x980.localdomain6 (pool-74-104-146-186.bstnma.fios.verizon.net. [74.104.146.186]) by mx.google.com with ESMTPS id g18sm14309050qan.1.2012.10.06.19.44.27 (version=SSLv3 cipher=OTHER); Sat, 06 Oct 2012 19:44:35 -0700 (PDT) From: Len Brown To: linux-acpi@vger.kernel.org, linux-pm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Fenghua Yu , Len Brown Subject: [PATCH 48/49] ACPI: Harden acpi_table_parse_entries() against BIOS bug Date: Sat, 6 Oct 2012 22:43:18 -0400 Message-Id: <369d913b242cae2205471b11b6e33ac368ed33ec.1349554106.git.len.brown@intel.com> X-Mailer: git-send-email 1.8.0.rc0.18.gf84667d In-Reply-To: <1349577799-566-1-git-send-email-lenb@kernel.org> References: <1349577799-566-1-git-send-email-lenb@kernel.org> In-Reply-To: References: Reply-To: Len Brown Organization: Intel Open Source Technology Center Sender: linux-acpi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-acpi@vger.kernel.org From: Fenghua Yu Parsing acpi table entries may fall into an infinite loop on a buggy BIOS which has entry length=0 in acpi table. Instead of kernel hang with few failure clue which leads to heavy lifting debug effort, this patch hardens kernel boot by booting into non NUMA mode. The debug info left in log buffer helps people identify the issue. Signed-off-by: Fenghua Yu Signed-off-by: Len Brown --- drivers/acpi/tables.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c index f336bca7..2572d97 100644 --- a/drivers/acpi/tables.c +++ b/drivers/acpi/tables.c @@ -240,10 +240,17 @@ acpi_table_parse_entries(char *id, table_end) { if (entry->type == entry_id && (!max_entries || count++ < max_entries)) - if (handler(entry, table_end)) { - early_acpi_os_unmap_memory((char *)table_header, tbl_size); - return -EINVAL; - } + if (handler(entry, table_end)) + goto err; + + /* + * If entry->length is 0, break from this loop to avoid + * infinite loop. + */ + if (entry->length == 0) { + pr_err(PREFIX "[%4.4s:0x%02x] Invalid zero length\n", id, entry_id); + goto err; + } entry = (struct acpi_subtable_header *) ((unsigned long)entry + entry->length); @@ -255,6 +262,9 @@ acpi_table_parse_entries(char *id, early_acpi_os_unmap_memory((char *)table_header, tbl_size); return count; +err: + early_acpi_os_unmap_memory((char *)table_header, tbl_size); + return -EINVAL; } int __init