drivers/acpi/apei/ghes.c | 38 ++++++++++++++++++++++++++++----- drivers/firmware/efi/cper-arm.c | 12 +++++++---- drivers/firmware/efi/cper.c | 8 ++++++- drivers/ras/ras.c | 6 +++++- include/acpi/ghes.h | 1 + include/linux/cper.h | 3 ++- 6 files changed, 56 insertions(+), 12 deletions(-)
Rafael, Current parsing logic at apei/ghes for ARM Processor Error assumes that the record sizes are correct. Yet, a bad BIOS might produce malformed GHES reports. Worse than that, it may end exposing data from other memory addresses, as the logic may end dumping large portions of the memory. Avoid that by checking the buffer sizes where needed. --- v6: - No code changes, just a cosmetic change at patch 3 description - Added Jonathan's review on all patches v5: - Changed the name of a var as requested by Jonathan v4: - addressed Jonathan comments; - added two extra patches to prevent other OOM issues. v3: - addressed Shuai feedback; - moved all ghes code to one patch; - fixed a typo and a bad indent; - cleanup the size check logic at ghes.c. Mauro Carvalho Chehab (4): apei/ghes: ARM processor Error: don't go past allocated memory efi/cper: don't go past the ARM processor CPER record buffer apei/ghes: ensure that won't go past CPER allocated record efi/cper: don't dump the entire memory region drivers/acpi/apei/ghes.c | 38 ++++++++++++++++++++++++++++----- drivers/firmware/efi/cper-arm.c | 12 +++++++---- drivers/firmware/efi/cper.c | 8 ++++++- drivers/ras/ras.c | 6 +++++- include/acpi/ghes.h | 1 + include/linux/cper.h | 3 ++- 6 files changed, 56 insertions(+), 12 deletions(-) -- 2.52.0
On 2026/1/8 19:35, Mauro Carvalho Chehab wrote: > Rafael, > > Current parsing logic at apei/ghes for ARM Processor Error > assumes that the record sizes are correct. Yet, a bad BIOS > might produce malformed GHES reports. > > Worse than that, it may end exposing data from other memory > addresses, as the logic may end dumping large portions of > the memory. > > Avoid that by checking the buffer sizes where needed. > > --- > > v6: > - No code changes, just a cosmetic change at patch 3 description > - Added Jonathan's review on all patches > > v5: > - Changed the name of a var as requested by Jonathan > > v4: > - addressed Jonathan comments; > - added two extra patches to prevent other OOM issues. > > v3: > - addressed Shuai feedback; > - moved all ghes code to one patch; > - fixed a typo and a bad indent; > - cleanup the size check logic at ghes.c. > > Mauro Carvalho Chehab (4): > apei/ghes: ARM processor Error: don't go past allocated memory > efi/cper: don't go past the ARM processor CPER record buffer > apei/ghes: ensure that won't go past CPER allocated record > efi/cper: don't dump the entire memory region > > drivers/acpi/apei/ghes.c | 38 ++++++++++++++++++++++++++++----- > drivers/firmware/efi/cper-arm.c | 12 +++++++---- > drivers/firmware/efi/cper.c | 8 ++++++- > drivers/ras/ras.c | 6 +++++- > include/acpi/ghes.h | 1 + > include/linux/cper.h | 3 ++- > 6 files changed, 56 insertions(+), 12 deletions(-) Reviewed-by: Hanjun Guo <guohanjun@huawei.com> Thanks Hanjun
On Thu, 8 Jan 2026 at 12:35, Mauro Carvalho Chehab <mchehab+huawei@kernel.org> wrote: > > Rafael, > > Current parsing logic at apei/ghes for ARM Processor Error > assumes that the record sizes are correct. Yet, a bad BIOS > might produce malformed GHES reports. > > Worse than that, it may end exposing data from other memory > addresses, as the logic may end dumping large portions of > the memory. > > Avoid that by checking the buffer sizes where needed. > > --- > > v6: > - No code changes, just a cosmetic change at patch 3 description > - Added Jonathan's review on all patches > > v5: > - Changed the name of a var as requested by Jonathan > > v4: > - addressed Jonathan comments; > - added two extra patches to prevent other OOM issues. > > v3: > - addressed Shuai feedback; > - moved all ghes code to one patch; > - fixed a typo and a bad indent; > - cleanup the size check logic at ghes.c. > > Mauro Carvalho Chehab (4): > apei/ghes: ARM processor Error: don't go past allocated memory > efi/cper: don't go past the ARM processor CPER record buffer > apei/ghes: ensure that won't go past CPER allocated record > efi/cper: don't dump the entire memory region > I've skimmed over this and it all looks reasonable to me Acked-by: Ard Biesheuvel <ardb@kernel.org> Thanks for cleaning this up.
On Thu, Jan 8, 2026 at 12:35 PM Mauro Carvalho Chehab <mchehab+huawei@kernel.org> wrote: > > Rafael, > > Current parsing logic at apei/ghes for ARM Processor Error > assumes that the record sizes are correct. Yet, a bad BIOS > might produce malformed GHES reports. > > Worse than that, it may end exposing data from other memory > addresses, as the logic may end dumping large portions of > the memory. > > Avoid that by checking the buffer sizes where needed. > > --- > > v6: > - No code changes, just a cosmetic change at patch 3 description > - Added Jonathan's review on all patches > > v5: > - Changed the name of a var as requested by Jonathan > > v4: > - addressed Jonathan comments; > - added two extra patches to prevent other OOM issues. > > v3: > - addressed Shuai feedback; > - moved all ghes code to one patch; > - fixed a typo and a bad indent; > - cleanup the size check logic at ghes.c. > > Mauro Carvalho Chehab (4): > apei/ghes: ARM processor Error: don't go past allocated memory > efi/cper: don't go past the ARM processor CPER record buffer > apei/ghes: ensure that won't go past CPER allocated record > efi/cper: don't dump the entire memory region > > drivers/acpi/apei/ghes.c | 38 ++++++++++++++++++++++++++++----- > drivers/firmware/efi/cper-arm.c | 12 +++++++---- > drivers/firmware/efi/cper.c | 8 ++++++- > drivers/ras/ras.c | 6 +++++- > include/acpi/ghes.h | 1 + > include/linux/cper.h | 3 ++- > 6 files changed, 56 insertions(+), 12 deletions(-) > > -- Applied as 6.20 material, but I changed the spelling of EFI, APEI, CPER, and GHES in the subjects/changelogs to all capitals. Thanks!
© 2016 - 2026 Red Hat, Inc.