From: Bjorn Helgaas <bhelgaas@xxxxxxxxxx> The basic idea is to validate VPD resource *size* without validating the actual content, since the kernel really doesn't care about the content. Thanks very much for the feedback on v1, and I'd be glad for any additional feedback. Follow-up to: https://lore.kernel.org/r/20210715215959.2014576-1-helgaas@xxxxxxxxxx Changes since v1: - Incorporate Heiner's patch to reject VPD if first byte is 0x00 or 0xff (https://lore.kernel.org/r/8de8c906-9284-93b9-bb44-4ffdc3470740@xxxxxxxxx/) - Update size checks to reject resources that would extend past the maximum VPD size Bjorn Helgaas (5): PCI/VPD: Correct diagnostic for VPD read failure PCI/VPD: Check Resource Item Names against those valid for type PCI/VPD: Reject resource tags with invalid size PCI/VPD: Don't check Large Resource Item Names for validity PCI/VPD: Allow access to valid parts of VPD if some is invalid Heiner Kallweit (1): PCI/VPD: Treat initial 0xff as missing EEPROM drivers/pci/vpd.c | 55 +++++++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 30 deletions(-) -- 2.25.1
