From patchwork Wed Aug 10 12:14:52 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prarit Bhargava X-Patchwork-Id: 657686 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3s8VTL51FJz9t0F; Wed, 10 Aug 2016 22:15:02 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1bXSPU-0003FM-1k; Wed, 10 Aug 2016 12:15:00 +0000 Received: from mx1.redhat.com ([209.132.183.28]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1bXSPP-0003F7-K4 for fwts-devel@lists.ubuntu.com; Wed, 10 Aug 2016 12:14:55 +0000 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 68E46C04D2EF; Wed, 10 Aug 2016 12:14:54 +0000 (UTC) Received: from praritdesktop.bos.redhat.com (prarit-guest.khw.lab.eng.bos.redhat.com [10.16.186.145]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u7ACErJp012271; Wed, 10 Aug 2016 08:14:53 -0400 From: Prarit Bhargava To: fwts-devel@lists.ubuntu.com Subject: [PATCH] acpi/nfit: Fix endless loop on broken NFIT tables Date: Wed, 10 Aug 2016 08:14:52 -0400 Message-Id: <1470831292-29649-1-git-send-email-prarit@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 10 Aug 2016 12:14:54 +0000 (UTC) X-BeenThere: fwts-devel@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Firmware Test Suite Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: fwts-devel-bounces@lists.ubuntu.com Sender: fwts-devel-bounces@lists.ubuntu.com When running 'fwts nfit' on a system with an incorrect subtable length of zero, the nfit test will loop endlessly. This results.log contains many entries of NFIT NVDIMM Firmware Interface Table: Reserved: 0x00000000 NFIT Subtable: Type: 0x0000 Length: 0x0000 SPA Range Structure Index: 0x0000 Flags: 0x0000 Reserved: 0x00000000 Proximity Domain: 0x00000000 Address Range Type GUID: 00000000-0000-0000-0000-000000000000 System Physical Address Range Base: 0x0000000000000000 System Physical Address Range Length: 0x0000000000000000 Address Range Memory Mapping Attribute: 0x0000000000000000 FAILED [HIGH] NFITBadRangeIndexZero: Test 1, NFIT SPA Range Structure Index must not be zero This occurs because the test assumes a valid table length. While the ACPI specification is not explicit in indicating that a zero length is invalid, it certainly is implied that it cannot be zero. This patch adds a check and aborts the NFIT test on a zero subtable length. As a result the output of the test is now NFIT NVDIMM Firmware Interface Table: Reserved: 0x00000000 NFIT Subtable: Type: 0x0000 Length: 0x0000 FAILED [HIGH] NFITLengthZero: Test 1, NFIT Subtable (offset 0x28) length cannot be 0 Signed-off-by: Prarit Bhargava Cc: Alex Hung Acked-by: Alex Hung Acked-by: Colin Ian King --- src/acpi/nfit/nfit.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/acpi/nfit/nfit.c b/src/acpi/nfit/nfit.c index 3738a5037f82..253070eb8bbd 100644 --- a/src/acpi/nfit/nfit.c +++ b/src/acpi/nfit/nfit.c @@ -76,6 +76,14 @@ static int nfit_test1(fwts_framework *fw) fwts_log_info_verbatim(fw, " Type: 0x%4.4" PRIx16, entry->type); fwts_log_info_verbatim(fw, " Length: 0x%4.4" PRIx16, entry->length); + if (entry->length == 0) { + passed = false; + fwts_failed(fw, LOG_LEVEL_HIGH, "NFITLengthZero", + "NFIT Subtable (offset 0x%x) length " + "cannot be 0", (int)offset); + break; + } + if (entry->type == FWTS_ACPI_NFIT_TYPE_SYSTEM_ADDRESS) { fwts_acpi_table_nfit_system_memory *nfit_struct = (fwts_acpi_table_nfit_system_memory *) entry; char guid_str[37];