On 2024/10/16 17:54, Zheng Zengkai wrote:
As suggested by Marc and Lorenzo, first we need to check whether the platform_timer entry pointer is within gtdt bounds (< gtdt_end) before de-referencing what it points at to detect the length of the platform timer struct and then check that the length of current platform_timer struct is also valid, i.e. the length is not zero and within gtdt_end. Now next_platform_timer() only checks against gtdt_end for the entry of subsequent platform timer without checking the length of it and will not report error if the check failed and the existing check in function acpi_gtdt_init() is also not enough. Modify the for_each_platform_timer() iterator and use it combined with a dedicated check function platform_timer_valid() to do the check against table length (gtdt_end) for each element of platform timer array in function acpi_gtdt_init(), making sure that both their entry and length actually fit in the table. Suggested-by: Lorenzo Pieralisi <lpieralisi@xxxxxxxxxx> Co-developed-by: Marc Zyngier <maz@xxxxxxxxxx> Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
Nit: since there is a "Co-developed-by:" for Marc, the "Signed-off-by:" can be removed. The rest of the patch looks good to me. I did a test again Kunpeng ARM sever and no regressions, hopefully will not trigger firmware bugs for other platforms. Reviewed-by: Hanjun Guo <guohanjun@xxxxxxxxxx> Tested-by: Hanjun Guo <guohanjun@xxxxxxxxxx> Thanks Hanjun
