linux-stable/drivers/acpi
Robert Richter c6c3187d66 lib/firmware_table: Provide buffer length argument to cdat_table_parse()
There exist card implementations with a CDAT table using a fixed size
buffer, but with entries filled in that do not fill the whole table
length size. Then, the last entry in the CDAT table may not mark the
end of the CDAT table buffer specified by the length field in the CDAT
header. It can be shorter with trailing unused (zero'ed) data. The
actual table length is determined while reading all CDAT entries of
the table with DOE.

If the table is greater than expected (containing zero'ed trailing
data), the CDAT parser fails with:

 [   48.691717] Malformed DSMAS table length: (24:0)
 [   48.702084] [CDAT:0x00] Invalid zero length
 [   48.711460] cxl_port endpoint1: Failed to parse CDAT: -22

In addition, a check of the table buffer length is missing to prevent
an out-of-bound access then parsing the CDAT table.

Hardening code against device returning borked table. Fix that by
providing an optional buffer length argument to
acpi_parse_entries_array() that can be used by cdat_table_parse() to
propagate the buffer size down to its users to check the buffer
length. This also prevents a possible out-of-bound access mentioned.

Add a check to warn about a malformed CDAT table length.

Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Len Brown <lenb@kernel.org>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Robert Richter <rrichter@amd.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/ZdEnopFO0Tl3t2O1@rric.localdomain
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2024-03-13 00:03:21 -07:00
..
acpica
apei acpi/ghes: Remove CXL CPER notifications 2024-02-20 22:50:52 -08:00
arm64
dptf
nfit
numa cxl for v6.8 2024-01-18 16:22:43 -08:00
pmic
riscv
x86
Kconfig Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
Makefile
ac.c
acpi_adxl.c
acpi_apd.c
acpi_cmos_rtc.c
acpi_configfs.c
acpi_dbg.c
acpi_extlog.c
acpi_ffh.c
acpi_fpdt.c
acpi_ipmi.c
acpi_lpat.c
acpi_lpit.c
acpi_lpss.c
acpi_memhotplug.c
acpi_pad.c
acpi_pcc.c
acpi_platform.c
acpi_pnp.c
acpi_processor.c
acpi_tad.c
acpi_video.c
acpi_watchdog.c
battery.c
bgrt.c
blacklist.c
bus.c
button.c
container.c
cppc_acpi.c
custom_method.c
debugfs.c
device_pm.c
device_sysfs.c
dock.c
ec.c
ec_sys.c
event.c
evged.c
fan.h
fan_attr.c
fan_core.c
glue.c
hed.c
internal.h
ioapic.c
irq.c
mipi-disco-img.c
nvs.c
osi.c
osl.c
pci_irq.c
pci_link.c
pci_mcfg.c
pci_root.c
pci_slot.c
pfr_telemetry.c
pfr_update.c
platform_profile.c
power.c
pptt.c
prmt.c
proc.c
processor_core.c
processor_driver.c
processor_idle.c
processor_pdc.c
processor_perflib.c
processor_thermal.c
processor_throttling.c
property.c Driver core changes for 6.8-rc1 2024-01-18 09:48:40 -08:00
reboot.c
resource.c ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CGA 2024-01-09 15:20:48 +01:00
sbs.c
sbshc.c
sbshc.h
scan.c IOMMU Updates for Linux v6.8 2024-01-18 15:16:57 -08:00
sleep.c
sleep.h
spcr.c
sysfs.c
tables.c lib/firmware_table: Provide buffer length argument to cdat_table_parse() 2024-03-13 00:03:21 -07:00
thermal.c Thermal control updates for 6.8-rc1 2024-01-09 16:20:17 -08:00
thermal_lib.c
tiny-power-button.c
utils.c
video_detect.c
viot.c
wakeup.c