| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Jan 2020 16:48:16 -0800
From: Steven Clarkson <sc@...bdal.com>
To: linux-kernel@...r.kernel.org, Borislav Petkov <bp@...e.de>
Cc: Steven Clarkson <sc@...bdal.com>
Subject: [PATCH] x86/boot: Handle malformed SRAT tables during early ACPI parsing
Break an infinite loop when early parsing SRAT caused by a subtable with
zero length. Known to affect the ASUS WS X299 SAGE motherboard with
firmware version 1201, which has a large block of zeros in its SRAT table.
The kernel could boot successfully on this board/firmware prior to the
introduction of early parsing this table.
Fixes: 02a3e3cdb7f1 ("x86/boot: Parse SRAT table and count immovable
memory regions")
Signed-off-by: Steven Clarkson <sc@...bdal.com>
---
arch/x86/boot/compressed/acpi.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c
index 25019d42ae93..1a4479c5edfc 100644
--- a/arch/x86/boot/compressed/acpi.c
+++ b/arch/x86/boot/compressed/acpi.c
@@ -394,6 +394,12 @@ int count_immovable_mem_regions(void)
while (table + sizeof(struct acpi_subtable_header) < table_end) {
sub_table = (struct acpi_subtable_header *)table;
+
+ if (!sub_table->length) {
+ debug_putstr("Invalid zero length SRAT subtable.\n");
+ break;
+ }
+
if (sub_table->type == ACPI_SRAT_TYPE_MEMORY_AFFINITY) {
struct acpi_srat_mem_affinity *ma;
--
2.17.1
Powered by blists - more mailing lists