Patch "ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes" has been added to the 4.19-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sat, 10 Nov 2018 08:34:28 -0800

This is a note to let you know that I've just added the patch titled

    ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes

to the 4.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     acpica-aml-parser-fix-parse-loop-to-correctly-skip-erroneous-extended-opcodes.patch
and it can be found in the queue-4.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From c64baa3a6fa207d112706bc5e7fd645cd8a8663f Mon Sep 17 00:00:00 2001
From: Erik Schmauss <erik.schmauss@xxxxxxxxx>
Date: Wed, 17 Oct 2018 14:20:51 -0700
Subject: ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes

From: Erik Schmauss <erik.schmauss@xxxxxxxxx>

commit c64baa3a6fa207d112706bc5e7fd645cd8a8663f upstream.

AML opcodes come in two lengths: 1-byte opcodes and 2-byte, extended opcodes.
If an error occurs due to illegal opcodes during table load, the AML parser
needs to continue loading the table. In order to do this, it needs to skip
parsing of the offending opcode and operands associated with that opcode.

This change fixes the AML parse loop to correctly skip parsing of incorrect
extended opcodes. Previously, only the short opcodes were skipped correctly.

Signed-off-by: Erik Schmauss <erik.schmauss@xxxxxxxxx>
Cc: All applicable <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/acpi/acpica/psloop.c |   14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

--- a/drivers/acpi/acpica/psloop.c
+++ b/drivers/acpi/acpica/psloop.c
@@ -417,6 +417,7 @@ acpi_status acpi_ps_parse_loop(struct ac
 	union acpi_parse_object *op = NULL;	/* current op */
 	struct acpi_parse_state *parser_state;
 	u8 *aml_op_start = NULL;
+	u8 opcode_length;
 
 	ACPI_FUNCTION_TRACE_PTR(ps_parse_loop, walk_state);
 
@@ -540,8 +541,19 @@ acpi_status acpi_ps_parse_loop(struct ac
 						    "Skip parsing opcode %s",
 						    acpi_ps_get_opcode_name
 						    (walk_state->opcode)));
+
+					/*
+					 * Determine the opcode length before skipping the opcode.
+					 * An opcode can be 1 byte or 2 bytes in length.
+					 */
+					opcode_length = 1;
+					if ((walk_state->opcode & 0xFF00) ==
+					    AML_EXTENDED_OPCODE) {
+						opcode_length = 2;
+					}
 					walk_state->parser_state.aml =
-					    walk_state->aml + 1;
+					    walk_state->aml + opcode_length;
+
 					walk_state->parser_state.aml =
 					    acpi_ps_get_next_package_end
 					    (&walk_state->parser_state);


Patches currently in stable-queue which might be from erik.schmauss@xxxxxxxxx are

queue-4.19/acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch
queue-4.19/acpica-aml-parser-fix-parse-loop-to-correctly-skip-erroneous-extended-opcodes.patch






