Hey Dmitry,
On Wed, 06. Aug 19:13, Dmitry Antipov wrote:
> ACPI_RESOURCE_NAME_LARGE_MAX should be equal to the last actually
> used resource descriptor index (ACPI_RESOURCE_NAME_CLOCK_INPUT).
> Otherwise 'resource_index' in 'acpi_ut_validate_resource()' may be
> clamped incorrectly and resulting value may issue an out-of-bounds
> access for 'acpi_gbl_resource_types' array. Compile tested only.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 520d4a0ee5b6 ("ACPICA: add support for ClockInput resource (v6.5)")
> Signed-off-by: Dmitry Antipov <dmantipov@xxxxxxxxx>
> ---
ACPICA patches should go through the separate Github project [1] first.
Please see [2] and [3] for examples.
[1]: https://github.com/acpica/acpica
[2]: https://docs.kernel.org/driver-api/acpi/linuxized-acpica.html
[3]: https://lore.kernel.org/acpica-devel/CAJZ5v0i7LYzF13M0qdeYWXZ7uO6HUpAS7pE5RJnOAJtKB8o88A@xxxxxxxxxxxxxx/T/#u
> drivers/acpi/acpica/aclocal.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/acpi/acpica/aclocal.h b/drivers/acpi/acpica/aclocal.h
> index 0c41f0097e8d..f98640086f4e 100644
> --- a/drivers/acpi/acpica/aclocal.h
> +++ b/drivers/acpi/acpica/aclocal.h
> @@ -1141,7 +1141,7 @@ struct acpi_port_info {
> #define ACPI_RESOURCE_NAME_PIN_GROUP_FUNCTION 0x91
> #define ACPI_RESOURCE_NAME_PIN_GROUP_CONFIG 0x92
> #define ACPI_RESOURCE_NAME_CLOCK_INPUT 0x93
> -#define ACPI_RESOURCE_NAME_LARGE_MAX 0x94
> +#define ACPI_RESOURCE_NAME_LARGE_MAX 0x93
I think some brief comment in the code explaining the reasoning for such a
definition for the MAX value would be worth it.
Though another way is to tweak the check inside acpi_ut_validate_resource()
to have '>=':
if (resource_type > ACPI_RESOURCE_NAME_LARGE_MAX) {
goto invalid_resource;
}
Maybe that'd be a bit clearer?
Thanks!
>
> /*****************************************************************************
> *
> --
> 2.50.1
