summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVishal Verma <vishal.l.verma@intel.com>2015-10-27 23:58:26 +0100
committerDan Williams <dan.j.williams@intel.com>2015-11-02 21:28:07 +0100
commit564d501187317f8df79ddda173cf23735cbddd16 (patch)
treea3e5b42f64ee57bfe4df97b6ac405fcb27ee82c2
parentLinux 4.3-rc6 (diff)
downloadlinux-564d501187317f8df79ddda173cf23735cbddd16.tar.xz
linux-564d501187317f8df79ddda173cf23735cbddd16.zip
nfit: in acpi_nfit_init, break on a 0-length table
If acpi_nfit_init is called (such as from nfit_test), with an nfit table that has more memory allocated than it needs (and a similarly large 'size' field, add_tables would happily keep adding null SPA Range tables filling up all available memory. Make it friendlier by breaking out if a 0-length header is found in any of the tables. Cc: Dan Williams <dan.j.williams@intel.com> Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Cc: <linux-acpi@vger.kernel.org> Cc: <linux-nvdimm@lists.01.org> Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
-rw-r--r--drivers/acpi/nfit.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/acpi/nfit.c b/drivers/acpi/nfit.c
index c1b8d03e262e..35b4b5693110 100644
--- a/drivers/acpi/nfit.c
+++ b/drivers/acpi/nfit.c
@@ -335,6 +335,12 @@ static void *add_table(struct acpi_nfit_desc *acpi_desc, void *table,
return NULL;
hdr = table;
+ if (!hdr->length) {
+ dev_warn(dev, "found a zero length table '%d' parsing nfit\n",
+ hdr->type);
+ return NULL;
+ }
+
switch (hdr->type) {
case ACPI_NFIT_TYPE_SYSTEM_ADDRESS:
if (!add_spa(acpi_desc, table))