[PATCH][V2][SRU][E,F] Fix oops on access of ACPI BERT table on ARM64

Colin King colin.king at canonical.com
Wed Mar 18 13:52:12 UTC 2020 

From: Colin Ian King <colin.king at canonical.com>

(V2: Use V2 of the upstream fix that now includes <linux/io.h>)

BugLink: https://bugs.launchpad.net/bugs/1866772

== SRU Request [ BIONIC, EOAN, FOCAL ] ==

Reading /sys/firmware/acpi/tables/data/BERT as root at at odd byte offset
will cause an oops. This is because the source address is I/O mapped and
this needs to be read with an I/O memcpy rather than an memcpy.

Issue found using the latest stress-ng

== Fix ==

The fix is upstream (linux-next) commit that will land in 5.7, the
backport to bionic, eoan and focal is just a minor context wiggle.
The commit in question is:

commit 08c07cefb3042a55bc9f8243814b504d5eff93f3
Author: Colin Ian King <colin.king at canonical.com>
Date: Thu Mar 12 11:13:45 2020 +0000

    ACPI: sysfs: copy ACPI data using io memory copying

== Test ==

Running on hotdog with the reproducer below (run as root):

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>

int main(void)
{
        int fd;
        char buffer[3];
        ssize_t n;

        fd = open("/sys/firmware/acpi/tables/data/BERT", O_RDONLY);
        if (fd < 0) {
                fprintf(stderr, "open failed: %d (%s)\n", errno, strerror(errno));
                return -1;
        }
        do {
                n = read(fd, buffer, sizeof(buffer));
        } while (n > 0);

        return 0;
}

Without the fix it will oops. With the fix it works OK.

== Regession Potential ==

This only affects the reading of the ACPI BERT table from /sys as root
at an odd offset, generally this data is read in natually aligned
offsets so it is limited in scope to just a very narrow use case.
Normally the ACPI BERT table is just handled by the kernel, so access
to this table is just for debugging purposes.

Colin Ian King (1):
  ACPI: sysfs: copy ACPI data using io memory copying

 drivers/acpi/sysfs.c   |  2 +-
 fs/libfs.c             | 34 ++++++++++++++++++++++++++++++++++
 include/linux/string.h |  2 ++
 3 files changed, 37 insertions(+), 1 deletion(-)


-- 
2.7.4

More information about the kernel-team mailing list