Re: [RFC PATCH v7 11/12] ACPI:RAS2: Add driver for ACPI RAS2 feature table (RAS2)

From: Daniel Ferguson
Date: Thu Mar 28 2024 - 19:41:32 EST

Next message: Daniel Ferguson: "Re: [RFC PATCH v7 12/12] memory: RAS2: Add memory RAS2 driver"
Previous message: Daniel Ferguson: "Re: [RFC PATCH v7 10/12] ACPI:RAS2: Add common library for RAS2 PCC interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+static int __init ras2_acpi_init(void)
+{
+ u8 count;
+ acpi_status status;
+ acpi_size ras2_size;
+ int pcc_subspace_idx;
+ struct platform_device *pdev;
+ struct acpi_table_ras2 *pRas2Table;
+ struct acpi_ras2_pcc_desc *pcc_desc_list;
+ struct platform_device **pdev_list = NULL;
+ struct acpi_table_header *pAcpiTable = NULL;
+
+ status = acpi_get_table("RAS2", 0, &pAcpiTable);
+ if (ACPI_FAILURE(status) || !pAcpiTable) {
+ pr_err("ACPI RAS2 driver failed to initialize, get table failed\n");
+ return RAS2_FAILURE;
+ }
+
+ ras2_size = pAcpiTable->length;
+ if (ras2_size < sizeof(struct acpi_table_ras2)) {
+ pr_err("ACPI RAS2 table present but broken (too short #1)\n");
+ goto free_ras2_table;
+ }
+
+ pRas2Table = (struct acpi_table_ras2 *)pAcpiTable;
+
+ if (pRas2Table->num_pcc_descs <= 0) {
+ pr_err("ACPI RAS2 table does not contain PCC descriptors\n");
+ goto free_ras2_table;
+ }
+
+ pdev_list = kzalloc((pRas2Table->num_pcc_descs * sizeof(struct platform_device *)),
+ GFP_KERNEL);
+ if (!pdev_list)
+ goto free_ras2_table;
+
+ pcc_desc_list = (struct acpi_ras2_pcc_desc *)
+ ((void *)pRas2Table + sizeof(struct acpi_table_ras2));
+ count = 0;
+ while (count < pRas2Table->num_pcc_descs) {
+ if (pcc_desc_list->feature_type == RAS2_FEATURE_TYPE_MEMORY) {
+ pcc_subspace_idx = pcc_desc_list->channel_id;
+ /* Add the platform device and bind ras2 memory driver */
+ pdev = ras2_add_platform_device("ras2", &pcc_subspace_idx,
+ sizeof(pcc_subspace_idx));
+ if (!pdev)
+ goto free_ras2_pdev;
+ pdev_list[count] = pdev;
+ }
+ count++;
+ pcc_desc_list = pcc_desc_list + sizeof(struct acpi_ras2_pcc_desc);

This line needs to be:
pcc_desc_list = pcc_desc_list + 1
because pcc_desc_list is a type larger than a byte.
This bug will crash the module when num_pcc_descs
is greater than 1

+ }
+
+ acpi_put_table(pAcpiTable);
+ return RAS2_SUCCESS;
+
+free_ras2_pdev:
+ count = 0;
+ while (count < pRas2Table->num_pcc_descs) {
+ if (pcc_desc_list->feature_type ==
+ RAS2_FEATURE_TYPE_MEMORY)
+ platform_device_put(pdev_list[count++]);
+ }
+ kfree(pdev_list);
+
+free_ras2_table:
+ acpi_put_table(pAcpiTable);
+ return RAS2_FAILURE;
+}

Next message: Daniel Ferguson: "Re: [RFC PATCH v7 12/12] memory: RAS2: Add memory RAS2 driver"
Previous message: Daniel Ferguson: "Re: [RFC PATCH v7 10/12] ACPI:RAS2: Add common library for RAS2 PCC interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]