tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
firmware: dmi_scan: Trim DMI table length before exporting it
The SMBIOS v3 entry points specify a maximum length for the DMI table,
not the exact length. Thus there may be garbage after the end-of-table
marker, which we don't want to export to user-space. Adjust dmi_len
when we find the end-of-table marker, so that only the actual table
payload is exported.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>
+10
-5
+10
-5
drivers/firmware/dmi_scan.c
+10
-5
drivers/firmware/dmi_scan.c
···
108
108
if (data - buf < dmi_len - 1)
109
109
decode(dm, private_data);
110
110
111
+
data += 2;
112
+
i++;
113
+
111
114
/*
112
115
* 7.45 End-of-Table (Type 127) [SMBIOS reference spec v3.0.0]
113
116
* For tables behind a 64-bit entry point, we have no item
···
121
118
*/
122
119
if (!dmi_num && dm->type == DMI_ENTRY_END_OF_TABLE)
123
120
break;
124
-
125
-
data += 2;
126
-
i++;
127
121
}
122
+
123
+
/* Trim DMI table length if needed */
124
+
if (dmi_len > data - buf)
125
+
dmi_len = data - buf;
128
126
}
129
127
130
128
static phys_addr_t dmi_base;
···
134
130
void *))
135
131
{
136
132
u8 *buf;
133
+
u32 orig_dmi_len = dmi_len;
137
134
138
-
buf = dmi_early_remap(dmi_base, dmi_len);
135
+
buf = dmi_early_remap(dmi_base, orig_dmi_len);
139
136
if (buf == NULL)
140
137
return -1;
141
138
···
144
139
145
140
add_device_randomness(buf, dmi_len);
146
141
147
-
dmi_early_unmap(buf, dmi_len);
142
+
dmi_early_unmap(buf, orig_dmi_len);
148
143
return 0;
149
144
}
150
145