From patchwork Thu Aug 29 07:05:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Colin Ian King X-Patchwork-Id: 1155062 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=fwts-devel-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46Jttx49hGz9sBp; Thu, 29 Aug 2019 17:06:15 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1i3EVW-00020d-Hw; Thu, 29 Aug 2019 07:06:10 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1i3EVU-00020Q-MP for fwts-devel@lists.ubuntu.com; Thu, 29 Aug 2019 07:06:08 +0000 Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1i3EUt-0000gf-8A; Thu, 29 Aug 2019 07:05:31 +0000 From: Colin King To: fwts-devel@lists.ubuntu.com Subject: [PATCH] opal: add more bounds checking and zero pstates array Date: Thu, 29 Aug 2019 08:05:30 +0100 Message-Id: <20190829070530.21397-1-colin.king@canonical.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-BeenThere: fwts-devel@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Firmware Test Suite Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: fwts-devel-bounces@lists.ubuntu.com Sender: "fwts-devel" From: Colin Ian King Currently there is no bounds checking on the maximum number of pstates, so we can potentially have an out-of-bounds read on the pstates array. Fix this by checking and force setting maximum bounds. Also zero the pstates array to ensure no uninitialized pstates values are printed. Finally add some missing spaces in some warning messages. Signed-off-by: Colin Ian King Acked-by: Alex Hung Acked-by: Ivan Hu --- src/opal/power_mgmt_info.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/opal/power_mgmt_info.c b/src/opal/power_mgmt_info.c index ab90b9f2..1175278c 100644 --- a/src/opal/power_mgmt_info.c +++ b/src/opal/power_mgmt_info.c @@ -152,6 +152,7 @@ static int pstate_limits_test(fwts_framework *fw) return FWTS_ERROR; } + memset(pstates, 0, sizeof(pstates)); ret = fwts_dt_property_read_u32_arr(fw->fdt, offset, "ibm,pstate-ids", pstates, &len); if (ret != FWTS_OK) { @@ -179,12 +180,12 @@ static int pstate_limits_test(fwts_framework *fw) if (proc_gen == proc_gen_p8 && nr_pstates > 128) fwts_log_warning(fw, - "More than 128 pstates found,nr_pstates = %d", + "More than 128 pstates found, nr_pstates = %d", nr_pstates); if (proc_gen == proc_gen_p9 && nr_pstates > 255) fwts_log_warning(fw, - "More than 255 pstates found,nr_pstates = %d", + "More than 255 pstates found, nr_pstates = %d", nr_pstates); if (len != nr_pstates) @@ -192,6 +193,12 @@ static int pstate_limits_test(fwts_framework *fw) "Expected %d pstates, found %d pstates", nr_pstates, len); + /* Avoid reads outside of pstates[] */ + if (nr_pstates > MAX_PSTATES) { + nr_pstates = MAX_PSTATES; + fwts_log_warning(fw, "Truncating to %d pstates\n", nr_pstates); + } + for (i = 0; i < nr_pstates; i++) { if (cmp_pstates(pstate_max, pstates[i]) < 0) { fwts_log_warning(fw, "Invalid Pstate id %d "