Felix Held submitted this change.

View Change

soc/amd/common/fsp/fsp-acpi: add check for maximum table size

If the ACPI table size in the HOB data header is larger than the maximum
HOB payload, don't add the table at all and print an error instead,
since in this case the memcpy would read past the end of the HOB data
structure.

Signed-off-by: Felix Held <felix-coreboot@felixheld.de>
Change-Id: I965c01bd9ab66b14d6f77b6f23c28479ae6d6a50
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52897
Reviewed-by: Jason Glenesk <jason.glenesk@amd.corp-partner.google.com>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
M src/soc/amd/common/fsp/fsp-acpi.c
1 file changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/soc/amd/common/fsp/fsp-acpi.c b/src/soc/amd/common/fsp/fsp-acpi.c
index b530688..f92d571 100644
--- a/src/soc/amd/common/fsp/fsp-acpi.c
+++ b/src/soc/amd/common/fsp/fsp-acpi.c
@@ -28,6 +28,12 @@
 		return current;
 	}
 
+	if (data->table_size_in_bytes > sizeof(data->hob_payload)) {
+		printk(BIOS_ERR, "AGESA %s ACPI table size larger than maximum HOB payload "
+		       "size.\n", name);
+		return current;
+	}
+
 	printk(BIOS_INFO, "ACPI:    * %s (AGESA).\n", name);
 
 	memcpy(table, data->hob_payload, data->table_size_in_bytes);

To view, visit change 52897. To unsubscribe, or for help writing mail filters, visit settings.