On Tue, Nov 13, 2012 at 08:08:15PM +0000, Matt Fleming wrote: > On Wed, 2012-11-07 at 16:46 +0000, Jan Beulich wrote: > > Header length should be validated for all ACPI tables before accessing > > any non-header field. > > > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > > > --- > > arch/x86/platform/efi/efi-bgrt.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > --- 3.7-rc4/arch/x86/platform/efi/efi-bgrt.c > > +++ 3.7-rc4-x86-EFI-BGRT-checks/arch/x86/platform/efi/efi-bgrt.c > > @@ -39,6 +39,8 @@ void efi_bgrt_init(void) > > if (ACPI_FAILURE(status)) > > return; > > > > + if (bgrt_tab->header.length < sizeof(*bgrt_tab)) > > + return; > > if (bgrt_tab->version != 1) > > return; > > if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address) > > Guys, do you want me to take this into the efi tree? Jan, have you see > machines that actually trip up without this check? I'm trying to gauge > the urgency of this patch. I'd expect this to either go through efi or through tip, whichever you prefer. If Jan has a system that would fail this check, then this patch seems urgent; otherwise, it could potentially wait until the merge window, but as a bugfix it doesn't necessarily need to. - Josh Triplett -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
