nfit: in acpi_nfit_init, break on a 0-length table

If acpi_nfit_init is called (such as from nfit_test), with an nfit table
that has more memory allocated than it needs (and a similarly large
'size' field, add_tables would happily keep adding null SPA Range tables
filling up all available memory.

Make it friendlier by breaking out if a 0-length header is found in any
of the tables.

Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: <linux-acpi@vger.kernel.org>
Cc: <linux-nvdimm@lists.01.org>
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

diff --git a/drivers/acpi/nfit.c b/drivers/acpi/nfit.c
index c1b8d03e262eeeedf21d24f58b528acefe827abb..35b4b5693110de1ebdb63d45832028a996db3a6e 100644 (file)
--- a/drivers/acpi/nfit.c
+++ b/drivers/acpi/nfit.c
@@ -335,6 +335,12 @@ static void *add_table(struct acpi_nfit_desc *acpi_desc, void *table,
                return NULL;
 
        hdr = table;
+       if (!hdr->length) {
+               dev_warn(dev, "found a zero length table '%d' parsing nfit\n",
+                       hdr->type);
+               return NULL;
+       }
+
        switch (hdr->type) {
        case ACPI_NFIT_TYPE_SYSTEM_ADDRESS:
                if (!add_spa(acpi_desc, table))