firmware: dmi_scan: Trim DMI table length before exporting it
The SMBIOS v3 entry points specify a maximum length for the DMI table,
not the exact length. Thus there may be garbage after the end-of-table
marker, which we don't want to export to user-space. Adjust dmi_len
when we find the end-of-table marker, so that only the actual table
payload is exported.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
index 14a8912..7fdf286 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
@@ -108,6 +108,9 @@
if (data - buf < dmi_len - 1)
decode(dm, private_data);
+ data += 2;
+ i++;
+
/*
* 7.45 End-of-Table (Type 127) [SMBIOS reference spec v3.0.0]
* For tables behind a 64-bit entry point, we have no item
@@ -118,10 +121,11 @@
*/
if (!dmi_num && dm->type == DMI_ENTRY_END_OF_TABLE)
break;
-
- data += 2;
- i++;
}
+
+ /* Trim DMI table length if needed */
+ if (dmi_len > data - buf)
+ dmi_len = data - buf;
}
static phys_addr_t dmi_base;
@@ -130,8 +134,9 @@
void *))
{
u8 *buf;
+ u32 orig_dmi_len = dmi_len;
- buf = dmi_early_remap(dmi_base, dmi_len);
+ buf = dmi_early_remap(dmi_base, orig_dmi_len);
if (buf == NULL)
return -1;
@@ -139,7 +144,7 @@
add_device_randomness(buf, dmi_len);
- dmi_early_unmap(buf, dmi_len);
+ dmi_early_unmap(buf, orig_dmi_len);
return 0;
}