From: Mark Langsdorf <mlangsdo@redhat.com>
To: linux-acpi@vger.kernel.org
Subject: [PATCH] ACPI: SPCR: check if table->serial_port.access_width is too wide
Date: Wed, 5 Jan 2022 11:47:14 -0600 [thread overview]
Message-ID: <20220105174714.15723-1-mlangsdo@redhat.com> (raw)
If table->serial_port.access_width is more than 29, it causes
undefined behavior when ACPI_ACCESS_BIT_WIDTH shifts it to
(1 << ((size) + 2)):
[ 0.000000] UBSAN: Undefined behaviour in drivers/acpi/spcr.c:114:11
[ 0.000000] shift exponent 102 is too large for 32-bit type 'int'
Use the new ACPI_ACCESS_ defines to test that serial_port.access_width
is less than 30 and set it to 6 if it is not.
Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
---
drivers/acpi/spcr.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/acpi/spcr.c b/drivers/acpi/spcr.c
index 25c2d0be953e..d589543875b8 100644
--- a/drivers/acpi/spcr.c
+++ b/drivers/acpi/spcr.c
@@ -107,8 +107,13 @@ int __init acpi_parse_spcr(bool enable_earlycon, bool enable_console)
pr_info("SPCR table version %d\n", table->header.revision);
if (table->serial_port.space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) {
- switch (ACPI_ACCESS_BIT_WIDTH((
- table->serial_port.access_width))) {
+ u32 bit_width = table->serial_port.access_width;
+
+ if (bit_width > ACPI_ACCESS_BIT_MAX) {
+ pr_err("Unacceptable wide SPCR Access Width. Defaulting to byte size\n");
+ bit_width = ACPI_ACCESS_BIT_DEFAULT;
+ }
+ switch (ACPI_ACCESS_BIT_WIDTH((bit_width))) {
default:
pr_err("Unexpected SPCR Access Width. Defaulting to byte size\n");
fallthrough;
--
2.26.3
next reply other threads:[~2022-01-05 17:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-05 17:47 Mark Langsdorf [this message]
2022-01-11 15:41 ` [PATCH] ACPI: SPCR: check if table->serial_port.access_width is too wide Rafael J. Wysocki
-- strict thread matches above, loose matches on Subject: below --
2021-09-16 19:49 Mark Langsdorf
2021-09-24 16:10 ` Rafael J. Wysocki
2021-09-24 17:11 ` Mark Langsdorf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220105174714.15723-1-mlangsdo@redhat.com \
--to=mlangsdo@redhat.com \
--cc=linux-acpi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.