From: Oliver Upton <oliver.upton@linux.dev>
To: Lorenzo Pieralisi <lpieralisi@kernel.org>
Cc: linux-acpi@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, Hanjun Guo <guohanjun@huawei.com>,
Sudeep Holla <sudeep.holla@arm.com>,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Marc Zyngier <maz@kernel.org>,
Zheng Zengkai <zhengzengkai@huawei.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] ACPI: GTDT: Relax sanity checking on Platform Timers array count
Date: Tue, 28 Jan 2025 12:42:24 -0800 [thread overview]
Message-ID: <Z5lBMBY7XoFJmpGM@linux.dev> (raw)
In-Reply-To: <Z5i2j9gFB2iyN9g4@lpieralisi>
Hi Lorenzo,
On Tue, Jan 28, 2025 at 11:50:55AM +0100, Lorenzo Pieralisi wrote:
> > @@ -188,13 +188,17 @@ int __init acpi_gtdt_init(struct acpi_table_header *table,
> > cnt++;
> >
> > if (cnt != gtdt->platform_timer_count) {
> > + cnt = min(cnt, gtdt->platform_timer_count);
>
> Thank you for reporting this.
>
> There is something I need to understand.
>
> What's wrong cnt (because platform_timer_valid() fails for some
> reason on some entries whereas before the commit we
> are fixing was applied we *were* parsing those entries) or
> gtdt->platform_timer_count ?
>
> I *guess* the issue is the following:
>
> gtdt->platform_timer_count reports the number of GT blocks in the
> GTDT not including Arm generic watchdogs, whereas cnt counts both
> structure types (and that's what gtdt->platform_timer_count should
> report too if it was correct).
I've seen two different issues so far:
- In one case, the offset of the platform timer array is entirely
beyond the GTDT
- In another, the GTDT has a timer array of length 2, but only the
first structure falls within the length of the overall GTDT
Since cnt is the result of doing a bounds-checked walk of the platform
timer array, both of these issues cause the sanity check to fail.
> > if (platform_timer_count)
> > - *platform_timer_count = gtdt->platform_timer_count;
> > + *platform_timer_count = cnt;
>
> I think this should be fine as things stand (but see above).
>
> It is used in:
>
> gtdt_sbsa_gwdt_init() - just to check if there are platform timers entries
>
> arch_timer_mem_acpi_init() - to create a temporary array to init arch mem timer
> entries (the array is oversized because it
> includes watchdog entries in the count)
>
> In both cases taking the
>
> min(cnt, gtdt->platform_timer_count);
>
> should work AFAICS
It was probably worth noting in the changelog that I did this to
gracefully handle the reverse of this issue where we could dereference
platform timer entries that are within the bounds of the GTDT but exceed
gtdt->platform_timer_count.
> (hard to grok though, we - as in ACPI maintainers -
> need to clean this up).
Heh, thought this smelled a little ripe ;-) Went for the minimal fix
first.
--
Thanks,
Oliver
next prev parent reply other threads:[~2025-01-28 20:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-28 0:17 [PATCH] ACPI: GTDT: Relax sanity checking on Platform Timers array count Oliver Upton
2025-01-28 8:46 ` Marc Zyngier
2025-01-28 10:50 ` Lorenzo Pieralisi
2025-01-28 20:42 ` Oliver Upton [this message]
2025-01-30 17:37 ` Lorenzo Pieralisi
2025-02-12 10:33 ` Lorenzo Pieralisi
2025-02-13 11:45 ` Will Deacon
2025-02-13 13:59 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z5lBMBY7XoFJmpGM@linux.dev \
--to=oliver.upton@linux.dev \
--cc=catalin.marinas@arm.com \
--cc=guohanjun@huawei.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lpieralisi@kernel.org \
--cc=maz@kernel.org \
--cc=stable@vger.kernel.org \
--cc=sudeep.holla@arm.com \
--cc=will@kernel.org \
--cc=zhengzengkai@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.