lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 29 Jul 2016 17:49:25 +0200
From:	Benjamin Tissoires <benjamin.tissoires@...hat.com>
To:	Stephen Just <stephenjust@...il.com>,
	Robert Moore <robert.moore@...el.com>,
	Lv Zheng <lv.zheng@...el.com>,
	"Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
	Len Brown <lenb@...nel.org>,
	Sebastian Reichel <sre@...nel.org>,
	Dmitry Eremin-Solenikov <dbaryshkov@...il.com>,
	David Woodhouse <dwmw2@...radead.org>
Cc:	linux-acpi@...r.kernel.org, devel@...ica.org,
	linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 1/2] ACPICA: adapt buffer length for Field Attrib Raw Process in Ops Region

Detected on the Surface 3:
The MSHW0011 driver uses Field Attrib Raw Process to return information
for the ACPI Battery. The DSDT declares a parameter of 2 though
functions like _BST or _BIX require a much bigger out buffer.

It looks like the incoming buffer has the requested size and we can
work around the issue by using this input size as the output and
parameters size.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=106231

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@...hat.com>
---
 drivers/acpi/acpica/exfield.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/acpi/acpica/exfield.c b/drivers/acpi/acpica/exfield.c
index d7d3ee3..a1bd041 100644
--- a/drivers/acpi/acpica/exfield.c
+++ b/drivers/acpi/acpica/exfield.c
@@ -413,6 +413,17 @@ acpi_ex_write_data_to_field(union acpi_operand_object *source_desc,
 			 *     Data[x-1]: (Bytes 2-x of the arbitrary length data buffer)
 			 */
 			length += 2;
+
+			/*
+			 * When using Field Attrib Raw Process, it looks like
+			 * the parameter access_length can be wrong and the
+			 * required output buffer can be much bigger.
+			 * So just take the incoming buffer length as the
+			 * reference.
+			 */
+			if (accessor_type == AML_FIELD_ATTRIB_RAW_PROCESS)
+				length = source_desc->buffer.length;
+
 			function = ACPI_WRITE | (accessor_type << 16);
 		} else {	/* IPMI */
 
-- 
2.5.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ