[PATCH] acpi/nfit: Fix endless loop on broken NFIT tables

Prarit Bhargava prarit at redhat.com
Wed Aug 10 12:14:52 UTC 2016 

When running 'fwts nfit' on a system with an incorrect subtable length of
zero, the nfit test will loop endlessly.

This results.log contains many entries of

NFIT NVDIMM Firmware Interface Table:
  Reserved:                 0x00000000

  NFIT Subtable:
    Type:                                   0x0000
    Length:                                 0x0000
    SPA Range Structure Index:              0x0000
    Flags:                                  0x0000
    Reserved:                               0x00000000
    Proximity Domain:                       0x00000000
    Address Range Type GUID:                00000000-0000-0000-0000-000000000000
    System Physical Address Range Base:     0x0000000000000000
    System Physical Address Range Length:   0x0000000000000000
    Address Range Memory Mapping Attribute: 0x0000000000000000
FAILED [HIGH] NFITBadRangeIndexZero: Test 1, NFIT SPA Range Structure Index must
not be zero

This occurs because the test assumes a valid table length.  While the ACPI
specification is not explicit in indicating that a zero length is invalid,
it certainly is implied that it cannot be zero.

This patch adds a check and aborts the NFIT test on a zero subtable length.

As a result the output of the test is now

NFIT NVDIMM Firmware Interface Table:
  Reserved:                 0x00000000

  NFIT Subtable:
    Type:                                   0x0000
    Length:                                 0x0000
FAILED [HIGH] NFITLengthZero: Test 1, NFIT Subtable (offset 0x28) length cannot
be 0

Signed-off-by: Prarit Bhargava <prarit at redhat.com>
Cc: Alex Hung <alex.hung at canonical.com>
---
 src/acpi/nfit/nfit.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/acpi/nfit/nfit.c b/src/acpi/nfit/nfit.c
index 3738a5037f82..253070eb8bbd 100644
--- a/src/acpi/nfit/nfit.c
+++ b/src/acpi/nfit/nfit.c
@@ -76,6 +76,14 @@ static int nfit_test1(fwts_framework *fw)
 		fwts_log_info_verbatim(fw, "    Type:                                   0x%4.4" PRIx16, entry->type);
 		fwts_log_info_verbatim(fw, "    Length:                                 0x%4.4" PRIx16, entry->length);
 
+		if (entry->length == 0) {
+			passed = false;
+			fwts_failed(fw, LOG_LEVEL_HIGH, "NFITLengthZero",
+				    "NFIT Subtable (offset 0x%x) length "
+				    "cannot be 0", (int)offset);
+			break;
+		}
+
 		if (entry->type == FWTS_ACPI_NFIT_TYPE_SYSTEM_ADDRESS) {
 			fwts_acpi_table_nfit_system_memory *nfit_struct = (fwts_acpi_table_nfit_system_memory *) entry;
 			char guid_str[37];
-- 
1.7.9.3

More information about the fwts-devel mailing list