ACK: [PATCH] acpi/nfit: Fix endless loop on broken NFIT tables
Colin Ian King
colin.king at canonical.com
Thu Aug 11 11:12:41 UTC 2016
On 10/08/16 13:14, Prarit Bhargava wrote:
> When running 'fwts nfit' on a system with an incorrect subtable length of
> zero, the nfit test will loop endlessly.
>
> This results.log contains many entries of
>
> NFIT NVDIMM Firmware Interface Table:
> Reserved: 0x00000000
>
> NFIT Subtable:
> Type: 0x0000
> Length: 0x0000
> SPA Range Structure Index: 0x0000
> Flags: 0x0000
> Reserved: 0x00000000
> Proximity Domain: 0x00000000
> Address Range Type GUID: 00000000-0000-0000-0000-000000000000
> System Physical Address Range Base: 0x0000000000000000
> System Physical Address Range Length: 0x0000000000000000
> Address Range Memory Mapping Attribute: 0x0000000000000000
> FAILED [HIGH] NFITBadRangeIndexZero: Test 1, NFIT SPA Range Structure Index must
> not be zero
>
> This occurs because the test assumes a valid table length. While the ACPI
> specification is not explicit in indicating that a zero length is invalid,
> it certainly is implied that it cannot be zero.
>
> This patch adds a check and aborts the NFIT test on a zero subtable length.
>
> As a result the output of the test is now
>
> NFIT NVDIMM Firmware Interface Table:
> Reserved: 0x00000000
>
> NFIT Subtable:
> Type: 0x0000
> Length: 0x0000
> FAILED [HIGH] NFITLengthZero: Test 1, NFIT Subtable (offset 0x28) length cannot
> be 0
>
> Signed-off-by: Prarit Bhargava <prarit at redhat.com>
> Cc: Alex Hung <alex.hung at canonical.com>
> ---
> src/acpi/nfit/nfit.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/src/acpi/nfit/nfit.c b/src/acpi/nfit/nfit.c
> index 3738a5037f82..253070eb8bbd 100644
> --- a/src/acpi/nfit/nfit.c
> +++ b/src/acpi/nfit/nfit.c
> @@ -76,6 +76,14 @@ static int nfit_test1(fwts_framework *fw)
> fwts_log_info_verbatim(fw, " Type: 0x%4.4" PRIx16, entry->type);
> fwts_log_info_verbatim(fw, " Length: 0x%4.4" PRIx16, entry->length);
>
> + if (entry->length == 0) {
> + passed = false;
> + fwts_failed(fw, LOG_LEVEL_HIGH, "NFITLengthZero",
> + "NFIT Subtable (offset 0x%x) length "
> + "cannot be 0", (int)offset);
> + break;
> + }
> +
> if (entry->type == FWTS_ACPI_NFIT_TYPE_SYSTEM_ADDRESS) {
> fwts_acpi_table_nfit_system_memory *nfit_struct = (fwts_acpi_table_nfit_system_memory *) entry;
> char guid_str[37];
>
Thanks Prarit, nice catch!
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the fwts-devel
mailing list