Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
UPSTREAM: ACPICA: Fix operand resolution
In our tests we get UBSAN warning coming from ACPI parser. This is caused by trying to resolve operands when there is none. [ 0.000000] Linux version 5.15.0-rc3chromeavsrel1.0.184+ (root@...) (gcc (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #1 SMP PREEMPT Sat Oct 16 00:08:27 UTC 2021 ... [ 14.719508] ================================================================================ [ 14.719551] UBSAN: array-index-out-of-bounds in /.../linux/drivers/acpi/acpica/dswexec.c:401:12 [ 14.719594] index -1 is out of range for type 'acpi_operand_object *[9]' [ 14.719621] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc3chromeavsrel1.0.184+ #1 [ 14.719657] Hardware name: Intel Corp. Geminilake/GLK RVP2 LP4SD (07), BIOS GELKRVPA.X64.0214.B50.2009111159 09/11/2020 [ 14.719694] Call Trace: [ 14.719712] dump_stack_lvl+0x38/0x49 [ 14.719749] dump_stack+0x10/0x12 [ 14.719775] ubsan_epilogue+0x9/0x45 [ 14.719801] __ubsan_handle_out_of_bounds.cold+0x44/0x49 [ 14.719835] acpi_ds_exec_end_op+0x1d7/0x6b5 [ 14.719870] acpi_ps_parse_loop+0x942/0xb34 ... Problem happens because WalkState->NumOperands is 0 and it is used when trying to access into operands table. Actual code is: WalkState->Operands [WalkState->NumOperands -1] which causes out of bound access. Improve the check before above access to check if ACPI opcode should have any arguments (operands) at all. Link: acpica/acpica#745 Signed-off-by: Amadeusz Sławiński <[email protected]> Reviewed-by: Cezary Rojewski <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]> Change-Id: Ia77b057e5f2b293f1f27fae79c491cfcd6de8891 (cherry picked from commit 7dfb216eda99bbfc2a8c3b03d2eec63314f52b3c) Signed-off-by: Cezary Rojewski <[email protected]>
- Loading branch information
1 parent
c38068c
commit 718a364