2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-23 04:34:11 +08:00
linux-next/drivers/acpi
Dan Williams efda1b5d87 acpi, nfit, libnvdimm: fix / harden ars_status output length handling
Given ambiguities in the ACPI 6.1 definition of the "Output (Size)"
field of the ARS (Address Range Scrub) Status command, a firmware
implementation may in practice return 0, 4, or 8 to indicate that there
is no output payload to process.

The specification states "Size of Output Buffer in bytes, including this
field.". However, 'Output Buffer' is also the name of the entire
payload, and earlier in the specification it states "Max Query ARS
Status Output Buffer Size: Maximum size of buffer (including the Status
and Extended Status fields)".

Without this fix if the BIOS happens to return 0 it causes memory
corruption as evidenced by this result from the acpi_nfit_ctl() unit
test.

 ars_status00000000: 00020000 00000000                    ........
 BUG: stack guard page was hit at ffffc90001750000 (stack is ffffc9000174c000..ffffc9000174ffff)
 kernel stack overflow (page fault): 0000 [#1] SMP DEBUG_PAGEALLOC
 task: ffff8803332d2ec0 task.stack: ffffc9000174c000
 RIP: 0010:[<ffffffff814cfe72>]  [<ffffffff814cfe72>] __memcpy+0x12/0x20
 RSP: 0018:ffffc9000174f9a8  EFLAGS: 00010246
 RAX: ffffc9000174fab8 RBX: 0000000000000000 RCX: 000000001fffff56
 RDX: 0000000000000000 RSI: ffff8803231f5a08 RDI: ffffc90001750000
 RBP: ffffc9000174fa88 R08: ffffc9000174fab0 R09: ffff8803231f54b8
 R10: 0000000000000008 R11: 0000000000000001 R12: 0000000000000000
 R13: 0000000000000000 R14: 0000000000000003 R15: ffff8803231f54a0
 FS:  00007f3a611af640(0000) GS:ffff88033ed00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: ffffc90001750000 CR3: 0000000325b20000 CR4: 00000000000406e0
 Stack:
  ffffffffa00bc60d 0000000000000008 ffffc90000000001 ffffc9000174faac
  0000000000000292 ffffffffa00c24e4 ffffffffa00c2914 0000000000000000
  0000000000000000 ffffffff00000003 ffff880331ae8ad0 0000000800000246
 Call Trace:
  [<ffffffffa00bc60d>] ? acpi_nfit_ctl+0x49d/0x750 [nfit]
  [<ffffffffa01f4fe0>] nfit_test_probe+0x670/0xb1b [nfit_test]

Cc: <stable@vger.kernel.org>
Fixes: 747ffe11b4 ("libnvdimm, tools/testing/nvdimm: fix 'ars_status' output buffer sizing")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2016-12-06 16:08:10 -08:00
..
acpica Revert "ACPICA: FADT support cleanup" 2016-11-14 20:56:17 +01:00
apei ACPI / APEI: Fix incorrect return value of ghes_proc() 2016-10-24 14:32:14 +02:00
arm64 ACPI: Add new IORT functions to support MSI domain handling 2016-09-12 20:32:40 +01:00
dptf ACPI / platform: Add support for build-in properties 2016-11-10 00:30:29 +01:00
nfit acpi, nfit, libnvdimm: fix / harden ars_status output length handling 2016-12-06 16:08:10 -08:00
pmic ACPI / PMIC: remove modular references from non-modular code 2016-07-16 03:03:14 +02:00
ac.c ACPI: Remove FSF mailing addresses 2015-07-08 02:27:32 +02:00
acpi_amba.c ACPI / amba: Remove CLK_IS_ROOT 2016-04-27 23:42:57 +02:00
acpi_apd.c Merge branch 'device-properties' 2016-11-11 23:23:02 +01:00
acpi_cmos_rtc.c char/genrtc: x86: remove remnants of asm/rtc.h 2016-06-04 00:20:07 +02:00
acpi_configfs.c ACPI: Rename configfs.c to acpi_configfs.c to prevent link error 2016-07-11 15:13:36 +02:00
acpi_dbg.c ACPI / debugger: Fix regression introduced by IS_ERR_VALUE() removal 2016-07-05 23:02:34 +02:00
acpi_extlog.c ACPI and power management updates for 3.17-rc1 2014-08-06 20:34:19 -07:00
acpi_ipmi.c ACPI: Remove FSF mailing addresses 2015-07-08 02:27:32 +02:00
acpi_lpat.c ACPI / lpat: make it explicitly non-modular 2016-07-16 03:08:10 +02:00
acpi_lpss.c ACPI / platform: Add support for build-in properties 2016-11-10 00:30:29 +01:00
acpi_memhotplug.c ACPI: Remove FSF mailing addresses 2015-07-08 02:27:32 +02:00
acpi_pad.c ACPI / PAD: don't register acpi_pad driver if running as Xen dom0 2016-10-12 21:44:04 +02:00
acpi_platform.c Merge branch 'device-properties' 2016-11-11 23:23:02 +01:00
acpi_pnp.c ACPI / PNP: constify device IDs 2016-01-04 22:10:30 +01:00
acpi_processor.c acpi: Validate processor id when mapping the processor 2016-09-21 21:18:40 +02:00
acpi_video.c ACPI / video: skip evaluating _DOD when it does not exist 2016-06-22 02:00:04 +02:00
acpi_watchdog.c ACPI / watchdog: Add support for WDAT hardware watchdog 2016-09-24 02:10:04 +02:00
battery.c ACPI / battery: Add sysfs representation after checking _BST 2016-08-31 00:35:16 +02:00
battery.h ACPI / battery: move some ACPI_BATTERY_* definitions to header 2014-03-19 01:57:46 +01:00
bgrt.c drivers/acpi: make bgrt driver explicitly non-modular 2016-03-09 23:46:07 +01:00
blacklist.c ACPI / osi: Collect _OSI handling into one single file 2016-05-05 00:13:53 +02:00
bus.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-10-03 19:10:15 -07:00
button.c ACPI / button: Fix an issue in button.lid_init_state=ignore mode 2016-08-31 01:06:20 +02:00
cm_sbs.c ACPI: Remove FSF mailing addresses 2015-07-08 02:27:32 +02:00
container.c ACPI: Remove FSF mailing addresses 2015-07-08 02:27:32 +02:00
cppc_acpi.c ACPI / CPPC: Support PCC with interrupt flag 2016-09-17 01:14:24 +02:00
custom_method.c ACPI: Clean up inclusions of ACPI header files 2013-12-07 01:03:14 +01:00
debugfs.c ACPI: fix acpi_debugfs_init prototype 2015-08-07 02:55:18 +02:00
device_pm.c ACPI / PM: Export acpi_device_fix_up_power() 2016-05-20 15:54:01 +02:00
device_sysfs.c ACPI / device_sysfs: Clean up checkpatch errors 2016-05-04 23:47:32 +02:00
dock.c ACPI / dock: make dock explicitly non-modular 2016-07-16 03:08:08 +02:00
ec_sys.c ACPI / EC: Deny write access unless requested by module param 2016-03-09 23:26:15 +01:00
ec.c ACPI / EC: Fix unused function warning when CONFIG_PM_SLEEP=n 2016-10-10 02:22:20 +02:00
event.c netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
evged.c ACPI / GED: make evged.c explicitly non-modular 2016-05-09 22:59:25 +02:00
fan.c ACPI / fan: Fix error reading cur_state 2016-10-10 02:20:43 +02:00
glue.c Merge branch 'acpi-pci' 2015-11-07 01:30:10 +01:00
gsi.c ACPI: Rename acpi_gsi_get_irq_type to acpi_dev_get_irq_type and export symbol 2016-01-01 03:20:25 +01:00
hed.c ACPI: Remove FSF mailing addresses 2015-07-08 02:27:32 +02:00
internal.h Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-10-03 15:36:06 -07:00
ioapic.c x86/ioapic: Fix IOAPIC failing to request resource 2016-08-18 11:45:19 +02:00
Kconfig TTY/Serial patches for 4.9-rc1 2016-10-03 20:11:49 -07:00
Makefile TTY/Serial patches for 4.9-rc1 2016-10-03 20:11:49 -07:00
numa.c ACPI / NUMA: Enable ACPI based NUMA on ARM64 2016-06-22 01:36:59 +02:00
nvs.c ACPI: Clean up acpi_os_map/unmap_memory() to eliminate __iomem. 2014-05-27 18:13:08 +02:00
osi.c ACPI / osi: Collect _OSI handling into one single file 2016-05-05 00:13:53 +02:00
osl.c acpi_os_vprintf: Use printk_get_level() to avoid unnecessary KERN_CONT 2016-10-12 21:46:37 +02:00
pci_irq.c ACPI / PCI: fix GIC irq model default PCI IRQ polarity 2016-09-10 02:50:50 +02:00
pci_link.c ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs 2016-10-24 14:18:14 +02:00
pci_mcfg.c PCI/ACPI: Add generic MCFG table handling 2016-06-10 18:27:59 -05:00
pci_root.c x86/ioapic: Support hot-removal of IOAPICs present during boot 2016-08-18 11:45:18 +02:00
pci_slot.c ACPI / PCI: make pci_slot explicitly non-modular 2016-07-16 03:05:29 +02:00
power.c Merge branch 'acpi-pm' 2015-09-01 03:38:43 +02:00
proc.c ACPI: change acpi_sleep_proc_init() to return void 2015-09-15 03:03:15 +02:00
processor_core.c acpi: Fix broken error check in map_processor() 2016-09-23 18:04:56 +02:00
processor_driver.c Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-10-03 19:43:08 -07:00
processor_idle.c nmi_backtrace: generate one-line reports for idle cpus 2016-10-07 18:46:30 -07:00
processor_pdc.c ACPI / processor: Introduce invalid_logical_cpuid() 2015-05-13 23:28:14 +02:00
processor_perflib.c Merge branch 'pm-cpufreq' 2015-09-01 15:52:35 +02:00
processor_thermal.c ACPI: Remove FSF mailing addresses 2015-07-08 02:27:32 +02:00
processor_throttling.c ACPI/processor: Convert to hotplug state machine 2016-09-19 21:44:29 +02:00
property.c ACPI / property: Allow holes in reference properties 2016-10-11 22:44:00 +02:00
reboot.c
resource.c PCI: ACPI: IA64: fix IO port generic range check 2016-03-22 23:07:49 +01:00
sbs.c ACPI / SBS: fix inconsistent indenting inside if statement 2016-01-04 22:14:27 +01:00
sbshc.c Revert "ACPI / SBS: Add 5 us delay to fix SBS hangs on MacBook" 2015-11-16 23:26:45 +01:00
sbshc.h
scan.c Merge branch 'device-properties' 2016-11-11 23:23:02 +01:00
sleep.c Merge branches 'acpi-sleep-fixes' and 'acpi-wdat-fixes' 2016-11-25 22:24:07 +01:00
sleep.h ACPICA: Drop Linux-specific waking vector functions 2016-01-04 22:05:20 +01:00
spcr.c ACPI: parse SPCR and enable matching console 2016-09-28 17:46:46 +02:00
sysfs.c ACPI / sysfs: Update sysfs signature handling code 2016-09-17 01:12:34 +02:00
tables.c ACPI / tables: Remove duplicated include from tables.c 2016-09-17 01:03:32 +02:00
thermal.c thermal: Enhance thermal_zone_device_update for events 2016-09-27 14:35:21 +08:00
utils.c nfit: make DIMM DSMs optional 2016-07-19 12:32:39 -07:00
video_detect.c ACPI / video: Thinkpad X201 Tablet needs video_detect_force_video 2016-06-22 01:59:03 +02:00
wakeup.c ACPI: Clean up inclusions of ACPI header files 2013-12-07 01:03:14 +01:00