lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 31 Jan 2020 19:55:31 +0100
From:   Borislav Petkov <bp@...e.de>
To:     Steven Clarkson <sc@...bdal.com>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/boot: Handle malformed SRAT tables during early ACPI
 parsing

On Thu, Jan 30, 2020 at 04:48:16PM -0800, Steven Clarkson wrote:
> Break an infinite loop when early parsing SRAT caused by a subtable with
> zero length. Known to affect the ASUS WS X299 SAGE motherboard with
> firmware version 1201, which has a large block of zeros in its SRAT table.
> The kernel could boot successfully on this board/firmware prior to the
> introduction of early parsing this table.
> 
> Fixes: 02a3e3cdb7f1 ("x86/boot: Parse SRAT table and count immovable
> memory regions")
> Signed-off-by: Steven Clarkson <sc@...bdal.com>
> ---
>  arch/x86/boot/compressed/acpi.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c
> index 25019d42ae93..1a4479c5edfc 100644
> --- a/arch/x86/boot/compressed/acpi.c
> +++ b/arch/x86/boot/compressed/acpi.c
> @@ -394,6 +394,12 @@ int count_immovable_mem_regions(void)
> 
>         while (table + sizeof(struct acpi_subtable_header) < table_end) {
>                 sub_table = (struct acpi_subtable_header *)table;
> +
> +               if (!sub_table->length) {
> +                       debug_putstr("Invalid zero length SRAT subtable.\n");
> +                       break;
> +               }
> +
>                 if (sub_table->type == ACPI_SRAT_TYPE_MEMORY_AFFINITY) {
>                         struct acpi_srat_mem_affinity *ma;
> 
> -- 

Only in case you want to send patches in the future, see below.
scripts/checkpatch.pl can do that checking for you before you send. I'll
fix it up now.

ERROR: code indent should use tabs where possible
#37: FILE: arch/x86/boot/compressed/acpi.c:398:
+               if (!sub_table->length) {$

WARNING: please, no spaces at the start of a line
#37: FILE: arch/x86/boot/compressed/acpi.c:398:
+               if (!sub_table->length) {$

WARNING: suspect code indent for conditional statements (15, 23)
#37: FILE: arch/x86/boot/compressed/acpi.c:398:
+               if (!sub_table->length) {
+                       debug_putstr("Invalid zero length SRAT subtable.\n");

ERROR: code indent should use tabs where possible
#38: FILE: arch/x86/boot/compressed/acpi.c:399:
+                       debug_putstr("Invalid zero length SRAT subtable.\n");$

WARNING: please, no spaces at the start of a line
#38: FILE: arch/x86/boot/compressed/acpi.c:399:
+                       debug_putstr("Invalid zero length SRAT subtable.\n");$

ERROR: code indent should use tabs where possible
#39: FILE: arch/x86/boot/compressed/acpi.c:400:
+                       break;$

WARNING: please, no spaces at the start of a line
#39: FILE: arch/x86/boot/compressed/acpi.c:400:
+                       break;$

ERROR: code indent should use tabs where possible
#40: FILE: arch/x86/boot/compressed/acpi.c:401:
+               }$

WARNING: please, no spaces at the start of a line
#40: FILE: arch/x86/boot/compressed/acpi.c:401:
+               }$

total: 4 errors, 5 warnings, 12 lines checked


-- 
Regards/Gruss,
    Boris.

SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 36809, AG Nürnberg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ