summaryrefslogtreecommitdiffstats
path: root/kernel/drivers/firmware
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/drivers/firmware')
-rw-r--r--kernel/drivers/firmware/dmi_scan.c13
-rw-r--r--kernel/drivers/firmware/efi/cper.c15
-rw-r--r--kernel/drivers/firmware/efi/efi.c5
3 files changed, 26 insertions, 7 deletions
diff --git a/kernel/drivers/firmware/dmi_scan.c b/kernel/drivers/firmware/dmi_scan.c
index 97b1616aa..bba843c2b 100644
--- a/kernel/drivers/firmware/dmi_scan.c
+++ b/kernel/drivers/firmware/dmi_scan.c
@@ -89,9 +89,9 @@ static void dmi_table(u8 *buf,
/*
* Stop when we have seen all the items the table claimed to have
- * (SMBIOS < 3.0 only) OR we reach an end-of-table marker OR we run
- * off the end of the table (should never happen but sometimes does
- * on bogus implementations.)
+ * (SMBIOS < 3.0 only) OR we reach an end-of-table marker (SMBIOS
+ * >= 3.0 only) OR we run off the end of the table (should never
+ * happen but sometimes does on bogus implementations.)
*/
while ((!dmi_num || i < dmi_num) &&
(data - buf + sizeof(struct dmi_header)) <= dmi_len) {
@@ -110,8 +110,13 @@ static void dmi_table(u8 *buf,
/*
* 7.45 End-of-Table (Type 127) [SMBIOS reference spec v3.0.0]
+ * For tables behind a 64-bit entry point, we have no item
+ * count and no exact table length, so stop on end-of-table
+ * marker. For tables behind a 32-bit entry point, we have
+ * seen OEM structures behind the end-of-table marker on
+ * some systems, so don't trust it.
*/
- if (dm->type == DMI_ENTRY_END_OF_TABLE)
+ if (!dmi_num && dm->type == DMI_ENTRY_END_OF_TABLE)
break;
data += 2;
diff --git a/kernel/drivers/firmware/efi/cper.c b/kernel/drivers/firmware/efi/cper.c
index 4fd9961d5..d42537425 100644
--- a/kernel/drivers/firmware/efi/cper.c
+++ b/kernel/drivers/firmware/efi/cper.c
@@ -305,10 +305,17 @@ const char *cper_mem_err_unpack(struct trace_seq *p,
return ret;
}
-static void cper_print_mem(const char *pfx, const struct cper_sec_mem_err *mem)
+static void cper_print_mem(const char *pfx, const struct cper_sec_mem_err *mem,
+ int len)
{
struct cper_mem_err_compact cmem;
+ /* Don't trust UEFI 2.1/2.2 structure with bad validation bits */
+ if (len == sizeof(struct cper_sec_mem_err_old) &&
+ (mem->validation_bits & ~(CPER_MEM_VALID_RANK_NUMBER - 1))) {
+ pr_err(FW_WARN "valid bits set for fields beyond structure\n");
+ return;
+ }
if (mem->validation_bits & CPER_MEM_VALID_ERROR_STATUS)
printk("%s""error_status: 0x%016llx\n", pfx, mem->error_status);
if (mem->validation_bits & CPER_MEM_VALID_PA)
@@ -405,8 +412,10 @@ static void cper_estatus_print_section(
} else if (!uuid_le_cmp(*sec_type, CPER_SEC_PLATFORM_MEM)) {
struct cper_sec_mem_err *mem_err = (void *)(gdata + 1);
printk("%s""section_type: memory error\n", newpfx);
- if (gdata->error_data_length >= sizeof(*mem_err))
- cper_print_mem(newpfx, mem_err);
+ if (gdata->error_data_length >=
+ sizeof(struct cper_sec_mem_err_old))
+ cper_print_mem(newpfx, mem_err,
+ gdata->error_data_length);
else
goto err_section_too_small;
} else if (!uuid_le_cmp(*sec_type, CPER_SEC_PCIE)) {
diff --git a/kernel/drivers/firmware/efi/efi.c b/kernel/drivers/firmware/efi/efi.c
index e14363d12..63226e903 100644
--- a/kernel/drivers/firmware/efi/efi.c
+++ b/kernel/drivers/firmware/efi/efi.c
@@ -57,6 +57,11 @@ bool efi_runtime_disabled(void)
static int __init parse_efi_cmdline(char *str)
{
+ if (!str) {
+ pr_warn("need at least one option\n");
+ return -EINVAL;
+ }
+
if (parse_option_str(str, "noruntime"))
disable_runtime = true;