| From foo@baz Mon Apr 9 17:09:24 CEST 2018 |
| From: Bob Moore <robert.moore@intel.com> |
| Date: Mon, 5 Jun 2017 16:40:34 +0800 |
| Subject: ACPICA: Disassembler: Abort on an invalid/unknown AML opcode |
| |
| From: Bob Moore <robert.moore@intel.com> |
| |
| |
| [ Upstream commit 6f0527b77d9e0129dd8e50945b0d610ed943d6b2 ] |
| |
| ACPICA commit ed0389cb11a61e63c568ac1f67948fc6a7bd1aeb |
| |
| An invalid opcode indicates something seriously wrong with the |
| input AML file. The AML parser is immediately confused and lost, |
| causing the resulting parse tree to be ill-formed. The actual |
| disassembly can then cause numerous unrelated errors and faults. |
| |
| This change aborts the disassembly upon discovery of such an |
| opcode during the AML parse phase. |
| |
| Link: https://github.com/acpica/acpica/commit/ed0389cb |
| Signed-off-by: Bob Moore <robert.moore@intel.com> |
| Signed-off-by: Lv Zheng <lv.zheng@intel.com> |
| Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/acpi/acpica/psobject.c | 14 ++++++++++++++ |
| 1 file changed, 14 insertions(+) |
| |
| --- a/drivers/acpi/acpica/psobject.c |
| +++ b/drivers/acpi/acpica/psobject.c |
| @@ -121,6 +121,9 @@ static acpi_status acpi_ps_get_aml_opcod |
| (u32)(aml_offset + |
| sizeof(struct acpi_table_header))); |
| |
| + ACPI_ERROR((AE_INFO, |
| + "Aborting disassembly, AML byte code is corrupt")); |
| + |
| /* Dump the context surrounding the invalid opcode */ |
| |
| acpi_ut_dump_buffer(((u8 *)walk_state->parser_state. |
| @@ -129,6 +132,14 @@ static acpi_status acpi_ps_get_aml_opcod |
| sizeof(struct acpi_table_header) - |
| 16)); |
| acpi_os_printf(" */\n"); |
| + |
| + /* |
| + * Just abort the disassembly, cannot continue because the |
| + * parser is essentially lost. The disassembler can then |
| + * randomly fail because an ill-constructed parse tree |
| + * can result. |
| + */ |
| + return_ACPI_STATUS(AE_AML_BAD_OPCODE); |
| #endif |
| } |
| |
| @@ -293,6 +304,9 @@ acpi_ps_create_op(struct acpi_walk_state |
| if (status == AE_CTRL_PARSE_CONTINUE) { |
| return_ACPI_STATUS(AE_CTRL_PARSE_CONTINUE); |
| } |
| + if (ACPI_FAILURE(status)) { |
| + return_ACPI_STATUS(status); |
| + } |
| |
| /* Create Op structure and append to parent's argument list */ |
| |