lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 31 Jan 2020 19:10:28 -0000
From:   "tip-bot2 for Steven Clarkson" <tip-bot2@...utronix.de>
To:     linux-tip-commits@...r.kernel.org
Cc:     Steven Clarkson <sc@...bdal.com>, Borislav Petkov <bp@...e.de>,
        linux-acpi@...r.kernel.org, x86 <x86@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: [tip: x86/urgent] x86/boot: Handle malformed SRAT tables during early
 ACPI parsing

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     2b73ea3796242608b4ccf019ff217156c92e92fe
Gitweb:        https://git.kernel.org/tip/2b73ea3796242608b4ccf019ff217156c92e92fe
Author:        Steven Clarkson <sc@...bdal.com>
AuthorDate:    Thu, 30 Jan 2020 16:48:16 -08:00
Committer:     Borislav Petkov <bp@...e.de>
CommitterDate: Fri, 31 Jan 2020 20:03:23 +01:00

x86/boot: Handle malformed SRAT tables during early ACPI parsing

Break an infinite loop when early parsing of the SRAT table is caused
by a subtable with zero length. Known to affect the ASUS WS X299 SAGE
motherboard with firmware version 1201 which has a large block of
zeros in its SRAT table. The kernel could boot successfully on this
board/firmware prior to the introduction of early parsing this table or
after a BIOS update.

 [ bp: Fixup whitespace damage and commit message. Make it return 0 to
   denote that there are no immovable regions because who knows what
   else is broken in this BIOS. ]

Fixes: 02a3e3cdb7f1 ("x86/boot: Parse SRAT table and count immovable memory regions")
Signed-off-by: Steven Clarkson <sc@...bdal.com>
Signed-off-by: Borislav Petkov <bp@...e.de>
Cc: linux-acpi@...r.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206343
Link: https://lkml.kernel.org/r/CAHKq8taGzj0u1E_i=poHUam60Bko5BpiJ9jn0fAupFUYexvdUQ@mail.gmail.com
---
 arch/x86/boot/compressed/acpi.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/x86/boot/compressed/acpi.c b/arch/x86/boot/compressed/acpi.c
index 25019d4..ef2ad72 100644
--- a/arch/x86/boot/compressed/acpi.c
+++ b/arch/x86/boot/compressed/acpi.c
@@ -393,7 +393,13 @@ int count_immovable_mem_regions(void)
 	table = table_addr + sizeof(struct acpi_table_srat);
 
 	while (table + sizeof(struct acpi_subtable_header) < table_end) {
+
 		sub_table = (struct acpi_subtable_header *)table;
+		if (!sub_table->length) {
+			debug_putstr("Invalid zero length SRAT subtable.\n");
+			return 0;
+		}
+
 		if (sub_table->type == ACPI_SRAT_TYPE_MEMORY_AFFINITY) {
 			struct acpi_srat_mem_affinity *ma;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ