| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250703200421.28012-1-tony.luck@intel.com>
Date: Thu, 3 Jul 2025 13:04:21 -0700
From: Tony Luck <tony.luck@...el.com>
To: zaidal@...amperecomputing.com
Cc: Jonathan.Cameron@...wei.com,
benjamin.cheatham@....com,
bp@...en8.de,
dan.carpenter@...aro.org,
dan.j.williams@...el.com,
dave.jiang@...el.com,
gregkh@...uxfoundation.org,
gustavoars@...nel.org,
ira.weiny@...el.com,
james.morse@....com,
jonathanh@...dia.com,
kees@...nel.org,
lenb@...nel.org,
linux-acpi@...r.kernel.org,
linux-hardening@...r.kernel.org,
linux-kernel@...r.kernel.org,
peterz@...radead.org,
rafael@...nel.org,
sthanneeru.opensrc@...ron.com,
sudeep.holla@....com,
tony.luck@...el.com,
viro@...iv.linux.org.uk,
Yi1 Lai <yi1.lai@...el.com>
Subject: [PATCH] ACPI: APEI: EINJ: Fix trigger actions
The trigger events are in BIOS memory immediately following the
acpi_einj_trigger structure. These were not copied to regular
kernel memory for use by apei_exec_ctx_init() so injections in
"notrigger=0" mode failed with a message like this:
APEI: Invalid action table, unknown instruction type: 123
Fix by allocating a "table_size" block of memory and copying the whole
table for use in the rest of the trigger flow.
Fixes: 1a35c88302a3 ("ACPI: APEI: EINJ: Fix kernel test sparse warnings")
Reported-by: Yi1 Lai <yi1.lai@...el.com>
Signed-off-by: Tony Luck <tony.luck@...el.com>
---
drivers/acpi/apei/einj-core.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/acpi/apei/einj-core.c b/drivers/acpi/apei/einj-core.c
index 3d37978418e8..bf8dc92a373a 100644
--- a/drivers/acpi/apei/einj-core.c
+++ b/drivers/acpi/apei/einj-core.c
@@ -394,6 +394,7 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
u64 param1, u64 param2)
{
struct acpi_einj_trigger trigger_tab;
+ struct acpi_einj_trigger *full_trigger_tab;
struct apei_exec_context trigger_ctx;
struct apei_resources trigger_resources;
struct acpi_whea_header *trigger_entry;
@@ -430,6 +431,9 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
rc = -EIO;
table_size = trigger_tab.table_size;
+ full_trigger_tab = kmalloc(table_size, GFP_KERNEL);
+ if (!full_trigger_tab)
+ goto out_rel_header;
r = request_mem_region(trigger_paddr + sizeof(trigger_tab),
table_size - sizeof(trigger_tab),
"APEI EINJ Trigger Table");
@@ -437,7 +441,7 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
pr_err("Can not request [mem %#010llx-%#010llx] for Trigger Table Entry\n",
(unsigned long long)trigger_paddr + sizeof(trigger_tab),
(unsigned long long)trigger_paddr + table_size - 1);
- goto out_rel_header;
+ goto out_free_trigger_tab;
}
iounmap(p);
p = ioremap_cache(trigger_paddr, table_size);
@@ -445,9 +449,9 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
pr_err("Failed to map trigger table!\n");
goto out_rel_entry;
}
- memcpy_fromio(&trigger_tab, p, sizeof(trigger_tab));
+ memcpy_fromio(full_trigger_tab, p, table_size);
trigger_entry = (struct acpi_whea_header *)
- ((char *)&trigger_tab + sizeof(struct acpi_einj_trigger));
+ ((char *)full_trigger_tab + sizeof(struct acpi_einj_trigger));
apei_resources_init(&trigger_resources);
apei_exec_ctx_init(&trigger_ctx, einj_ins_type,
ARRAY_SIZE(einj_ins_type),
@@ -469,7 +473,7 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
apei_resources_init(&addr_resources);
trigger_param_region = einj_get_trigger_parameter_region(
- &trigger_tab, param1, param2);
+ full_trigger_tab, param1, param2);
if (trigger_param_region) {
rc = apei_resources_add(&addr_resources,
trigger_param_region->address,
@@ -500,6 +504,8 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
out_rel_entry:
release_mem_region(trigger_paddr + sizeof(trigger_tab),
table_size - sizeof(trigger_tab));
+out_free_trigger_tab:
+ kfree(full_trigger_tab);
out_rel_header:
release_mem_region(trigger_paddr, sizeof(trigger_tab));
out:
--
2.50.0
Powered by blists - more mailing lists