diff options
author | Jean Delvare <jdelvare@suse.de> | 2015-06-25 07:06:56 (GMT) |
---|---|---|
committer | Jean Delvare <jdelvare@suse.de> | 2015-06-25 07:06:56 (GMT) |
commit | 6e0ad59e3d838a2887e7aa657baee5896030d009 (patch) | |
tree | f28be09d52fab1cbc528db8d485370b25cc17317 | |
parent | eb4c5ea50e60aa8faaf6aae762cb06ee1c8e0b8e (diff) | |
download | linux-6e0ad59e3d838a2887e7aa657baee5896030d009.tar.xz |
firmware: dmi_scan: Trim DMI table length before exporting it
The SMBIOS v3 entry points specify a maximum length for the DMI table,
not the exact length. Thus there may be garbage after the end-of-table
marker, which we don't want to export to user-space. Adjust dmi_len
when we find the end-of-table marker, so that only the actual table
payload is exported.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>
-rw-r--r-- | drivers/firmware/dmi_scan.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c index 14a8912..7fdf286 100644 --- a/drivers/firmware/dmi_scan.c +++ b/drivers/firmware/dmi_scan.c @@ -108,6 +108,9 @@ static void dmi_decode_table(u8 *buf, if (data - buf < dmi_len - 1) decode(dm, private_data); + data += 2; + i++; + /* * 7.45 End-of-Table (Type 127) [SMBIOS reference spec v3.0.0] * For tables behind a 64-bit entry point, we have no item @@ -118,10 +121,11 @@ static void dmi_decode_table(u8 *buf, */ if (!dmi_num && dm->type == DMI_ENTRY_END_OF_TABLE) break; - - data += 2; - i++; } + + /* Trim DMI table length if needed */ + if (dmi_len > data - buf) + dmi_len = data - buf; } static phys_addr_t dmi_base; @@ -130,8 +134,9 @@ static int __init dmi_walk_early(void (*decode)(const struct dmi_header *, void *)) { u8 *buf; + u32 orig_dmi_len = dmi_len; - buf = dmi_early_remap(dmi_base, dmi_len); + buf = dmi_early_remap(dmi_base, orig_dmi_len); if (buf == NULL) return -1; @@ -139,7 +144,7 @@ static int __init dmi_walk_early(void (*decode)(const struct dmi_header *, add_device_randomness(buf, dmi_len); - dmi_early_unmap(buf, dmi_len); + dmi_early_unmap(buf, orig_dmi_len); return 0; } |