From nobody Wed Feb 11 11:10:05 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E28DC7619A for ; Wed, 5 Apr 2023 14:03:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238399AbjDEODP convert rfc822-to-8bit (ORCPT ); Wed, 5 Apr 2023 10:03:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237972AbjDEOCP (ORCPT ); Wed, 5 Apr 2023 10:02:15 -0400 Received: from cloudserver094114.home.pl (cloudserver094114.home.pl [79.96.170.134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A55DB6E92; Wed, 5 Apr 2023 07:01:12 -0700 (PDT) Received: from localhost (127.0.0.1) (HELO v370.home.net.pl) by /usr/run/smtp (/usr/run/postfix/private/idea_relay_lmtp) via UNIX with SMTP (IdeaSmtpServer 5.1.0) id e9a06f4bd0d167b5; Wed, 5 Apr 2023 16:01:11 +0200 Received: from kreacher.localnet (unknown [213.134.163.219]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by v370.home.net.pl (Postfix) with ESMTPSA id 996111B4E9E1; Wed, 5 Apr 2023 16:01:10 +0200 (CEST) From: "Rafael J. Wysocki" To: Linux ACPI Cc: LKML , Bob Moore Subject: [PATCH 12/32] ACPICA: Avoid undefined behavior: load of misaligned address Date: Wed, 05 Apr 2023 15:41:50 +0200 Message-ID: <1879151.CQOukoFCf9@kreacher> In-Reply-To: <4845957.31r3eYUQgx@kreacher> References: <4845957.31r3eYUQgx@kreacher> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" X-CLIENT-IP: 213.134.163.219 X-CLIENT-HOSTNAME: 213.134.163.219 X-VADE-SPAMSTATE: clean X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvhedrvdejuddgjeduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecujffqoffgrffnpdggtffipffknecuuegrihhlohhuthemucduhedtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufffkfgjfhgggfgtsehtqhertddttdejnecuhfhrohhmpedftfgrfhgrvghlucflrdcuhgihshhotghkihdfuceorhhjfiesrhhjfiihshhotghkihdrnhgvtheqnecuggftrfgrthhtvghrnhepfeetteevgfelhfefveeutefhudekleejgfeviedufefgleeuteeftedvieelleeinecuffhomhgrihhnpegrshgrnhdrshhopdhgihhthhhusgdrtghomhenucfkphepvddufedrudefgedrudeifedrvdduleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvudefrddufeegrdduieefrddvudelpdhhvghlohepkhhrvggrtghhvghrrdhlohgtrghlnhgvthdpmhgrihhlfhhrohhmpedftfgrfhgrvghlucflrdcuhgihshhotghkihdfuceorhhjfiesrhhjfiihshhotghkihdrnhgvtheqpdhnsggprhgtphhtthhopeefpdhrtghpthhtoheplhhinhhugidqrggtphhisehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidqkhgvrhhnvghlsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheprhhosggvrhhtrdhmohhorhgvsehinhhtvghlrdgtohhm X-DCC--Metrics: v370.home.net.pl 1024; Body=3 Fuz1=3 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tamir Duberstein ACPICA commit 807665510f1ea71bbdc063c27782a1da56e8e10a Before this change we see the following UBSAN stack trace in Fuchsia: #0 0x00002234800696e6 in acpi_tb_get_root_table_entry(u8*, u32) ../../= third_party/acpica/source/components/tables/tbutils.c:231 +0x9106e6 #1.2 0x0000233d72c8777f in ubsan_get_stack_trace() compiler-rt/lib/ubsan= /ubsan_diag.cpp:41 +0x3d77f #1.1 0x0000233d72c8777f in maybe_print_stack_trace() compiler-rt/lib/ubs= an/ubsan_diag.cpp:51 +0x3d77f #1 0x0000233d72c8777f in ~scoped_report() compiler-rt/lib/ubsan/ubsan_= diag.cpp:387 +0x3d77f #2 0x0000233d72c88385 in handletype_mismatch_impl() compiler-rt/lib/ub= san/ubsan_handlers.cpp:137 +0x3e385 #3 0x0000233d72c87ead in compiler-rt/lib/ubsan/ubsan_handlers.cpp:142 = +0x3dead #4 0x00002234800696e6 in acpi_tb_get_root_table_entry(u8*, u32) ../../= third_party/acpica/source/components/tables/tbutils.c:231 +0x9106e6 #5 0x00002234800691dd in acpi_tb_parse_root_table(acpi_physical_addres= s) ../../third_party/acpica/source/components/tables/tbutils.c:385 +0x9101dd #6 0x0000223480070b06 in acpi_initialize_tables(struct acpi_table_desc= *, u32, u8) ../../third_party/acpica/source/components/tables/tbxface.c:160= +0x917b06 #7 0x000022347fb803b4 in acpi::acpi_impl::initialize_acpi(acpi::acpi_i= mpl*) ../../src/devices/board/lib/acpi/acpi-impl.cc:200 +0x4273b4 #8 0x000022347fa30d14 in x86::X86::early_acpi_init(x86::X86*) ../../sr= c/devices/board/drivers/x86/init.cc:34 +0x2d7d14 #9 0x000022347fa310cf in x86::X86::early_init(x86::X86*) ../../src/dev= ices/board/drivers/x86/init.cc:43 +0x2d80cf #10 0x000022347fa79410 in x86::X86::Bind(x86::X86*) ../../src/devices/b= oard/drivers/x86/x86.cc:144 +0x320410 #11 0x000022347fa78ec0 in x86::X86::create_and_bind(void*, zx_device_t*= ) ../../src/devices/board/drivers/x86/x86.cc:123 +0x31= fec0 #12 0x000020dc8908502f in =CE=BB(const zx_driver::bind_op::(anon class)= *) ../../src/devices/bin/driver_host/zx_driver.cc:36 <>+0x4150= 2f #13 0x000020dc89084e03 in fit::internal::target<(lambda at../../src/dev= ices/bin/driver_host/zx_driver.cc:34:61), false, false, void>::invoke(void*= ) ../../sdk/lib/fit/include/lib/fit/internal/function.h:181 <>= +0x414e03 #14 0x000020dc8935a930 in fit::internal::function_base<16UL, false, voi= d()>::invoke(const fit::internal::function_base<16UL, false, void ()>*) ../= ../sdk/lib/fit/include/lib/fit/internal/function.h:505 <>+0x6e= a930 #15 0x000020dc893e2f8a in fit::function_impl<16UL, false, void()>::oper= ator()(const fit::function_impl<16UL, false, void ()>*) ../../sdk/lib/fit/i= nclude/lib/fit/function.h:300 <>+0x772f8a #16 0x000020dc8948dec5 in async::internal::retained_task::Handler(async= _dispatcher_t*, async_task_t*, zx_status_t) ../../zircon/system/ulib/async/= task.cc:25 <>+0x81dec5 #17 0x000023ab5abcf91e in =CE=BB(const driver_runtime::Dispatcher::post= _task::(anon class)*, std::__2::unique_ptr >, zx_status_t= ) ../../src/devices/bin/driver_runtime/dispatcher.cc:715 +0xed91e #18 0x000023ab5abcf621 in fit::internal::target<(lambda at../../src/dev= ices/bin/driver_runtime/dispatcher.cc:714:7), true, false, void, std::__2::= unique_ptr>, int>::invoke(void*, std::__2::unique_ptr >, int) ../../sdk/lib/fit/include/lib/fit/internal/function.= h:128 +0xed621 #19 0x000023ab5abaa482 in fit::internal::function_base<24UL, true, void= (std::__2::unique_ptr>, int)>::invoke(const fit::internal= ::function_base<24UL, true, void (std::__2::unique_ptr >,= int)>*, std::__2::unique_ptr >, int) ../../sdk/lib/fit/i= nclude/lib/fit/internal/function.h:505 +0xc8482 #20 0x000023ab5abaa0f8 in fit::callback_impl<24UL, true, void(std::__2:= :unique_ptr>, int)>::operator()(fit::callback_impl<24UL, = true, void (std::__2::unique_ptr >, int)>*, std::__2::uni= que_ptr >, int) ../../sdk/lib/fit/include/lib/fit/functio= n.h:451 +0xc80f8 #21 0x000023ab5ab81c76 in driver_runtime::callback_request::Call(driver= _runtime::callback_request*, std::__2::unique_ptr >, zx_s= tatus_t) ../../src/devices/bin/driver_runtime/callback_request.h:67 +0x9fc76 #22 0x000023ab5ab8e7ef in driver_runtime::Dispatcher::dispatch_callback= (driver_runtime::Dispatcher*, std::__2::unique_ptr >) ../= ../src/devices/bin/driver_runtime/dispatcher.cc:1093 = +0xac7ef #23 0x000023ab5ab91d67 in driver_runtime::Dispatcher::dispatch_callback= s(driver_runtime::Dispatcher*, std::__2::unique_ptr >, fbl::ref_ptr) ../../src/devices/b= in/driver_runtime/dispatcher.cc:1169 +0xafd67 #24 0x000023ab5abbe9a2 in =CE=BB(const driver_runtime::Dispatcher::crea= te_with_adder::(anon class)*, std::__2::unique_ptr >, fbl::ref_ptr) ../../src/devices/bi= n/driver_runtime/dispatcher.cc:338 +0xdc9a2 #25 0x000023ab5abbe6d2 in fit::internal::target<(lambda at../../src/dev= ices/bin/driver_runtime/dispatcher.cc:337:7), true, false, void, std::__2::= unique_ptr>, fbl::ref_ptr>::invoke(void*, std::__2::unique_ptr >, fbl::ref_ptr) ../../sdk/lib/fit/inc= lude/lib/fit/internal/function.h:128 +0xdc6d2 #26 0x000023ab5abac1e5 in fit::internal::function_base<8UL, true, void(= std::__2::unique_ptr>, fbl::ref_ptr)>::invoke(const fit::internal::function_base<8UL, tr= ue, void (std::__2::unique_ptr >, fbl::re= f_ptr)>*, std::__2::unique_ptr >, fbl::ref_ptr) ../../sdk/li= b/fit/include/lib/fit/internal/function.h:505 +0xca1e5 #27 0x000023ab5ababe32 in fit::function_impl<8UL, true, void(std::__2::= unique_ptr>, fbl::ref_ptr)>::operator()(const fit::function_impl<8UL, true, void (std::_= _2::unique_ptr >, fbl::ref_ptr)>*, std::__2::unique_ptr >, fbl::ref_ptr) ../../sdk/lib/fit/include/li= b/fit/function.h:300 +0xc9e32 #28 0x000023ab5ab95444 in driver_runtime::Dispatcher::event_waiter::inv= oke_callback(driver_runtime::Dispatcher::event_waiter*, std::__2::unique_pt= r >, fbl::ref_ptr) ../../src/devices/bin/driver_runtime/dispatcher.h:299 +0xb3444 #29 0x000023ab5ab94feb in driver_runtime::Dispatcher::event_waiter::han= dle_event(std::__2::unique_ptr >, async_d= ispatcher_t*, async::wait_base*, zx_status_t, zx_packet_signal_t const*) ..= /../src/devices/bin/driver_runtime/dispatcher.cc:1259 +0xb2feb #30 0x000023ab5abbef74 in async_loop_owned_event_handler::handle_event(async_loop_owned_event_handler*, async_dispatcher_t*, async::wait_= base*, zx_status_t, zx_packet_signal_t const*) ../../src/devices/bin/driver= _runtime/async_loop_owned_event_handler.h:59 +0xdcf74 #31 0x000023ab5abbf1cb in async::wait_method, &async_loop_owned_event_han= dler::handle_event>::call_handler= (async_dispatcher_t*, async_wait_t*, zx_status_t, zx_packet_signal_t const*= ) ../../zircon/system/ulib/async/include/lib/async/cpp/wait.h:201 +0xdd1cb #32 0x000023ab5ac323a9 in async_loop_dispatch_wait(async_loop_t*, async= _wait_t*, zx_status_t, zx_packet_signal_t const*) ../../zircon/system/ulib/= async-loop/loop.c:381 +0x1503a9 #33 0x000023ab5ac2ba82 in async_loop_run_once(async_loop_t*, zx_time_t)= ../../zircon/system/ulib/async-loop/loop.c:330 +0x14= 9a82 #34 0x000023ab5ac2b102 in async_loop_run(async_loop_t*, zx_time_t, _Boo= l) ../../zircon/system/ulib/async-loop/loop.c:288 +0x= 149102 #35 0x000023ab5ac2ceb7 in async_loop_run_thread(void*) ../../zircon/sys= tem/ulib/async-loop/loop.c:840 +0x14aeb7 #36 0x000040b3be411f1c in start_c11(void*) ../../zircon/third_party/uli= b/musl/pthread/pthread_create.c:55 +0xd7f1c #37 0x000040b3be53ce8d in thread_trampoline(uintptr_t, uintptr_t) ../..= /zircon/system/ulib/runtime/thread.cc:100 +0x202e8d Link: https://github.com/acpica/acpica/commit/80766551 Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki --- drivers/acpi/acpica/tbutils.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/acpica/tbutils.c b/drivers/acpi/acpica/tbutils.c index cfe50c53ad4d..bb4a56e5673a 100644 --- a/drivers/acpi/acpica/tbutils.c +++ b/drivers/acpi/acpica/tbutils.c @@ -165,6 +165,7 @@ struct acpi_table_header *acpi_tb_copy_dsdt(u32 table_i= ndex) static acpi_physical_address acpi_tb_get_root_table_entry(u8 *table_entry, u32 table_entry_size) { + u32 address32; u64 address64; =20 /* @@ -176,8 +177,8 @@ acpi_tb_get_root_table_entry(u8 *table_entry, u32 table= _entry_size) * 32-bit platform, RSDT: Return 32-bit table entry * 64-bit platform, RSDT: Expand 32-bit to 64-bit and return */ - return ((acpi_physical_address) - (*ACPI_CAST_PTR(u32, table_entry))); + ACPI_MOVE_32_TO_32(&address32, table_entry); + return address32; } else { /* * 32-bit platform, XSDT: Truncate 64-bit to 32-bit and return --=20 2.35.3