From 9741a559971856fca61a83840b558b4f94500d89 Mon Sep 17 00:00:00 2001 From: Ross Zwisler Date: Tue, 27 Feb 2018 10:29:51 -0700 Subject: nfit_test: fix buffer overrun, add sanity check It turns out that we were overrunning the 'nfit_buf' buffer in nfit_test0_setup() in the (t->setup_hotplug == 1) case because we failed to correctly account for all of the acpi_nfit_memory_map structures. Fix the structure count which will increase the allocation size of 'nfit_buf' in nfit_test0_alloc(). Also add some WARN_ON()s to nfit_test0_setup() and nfit_test1_setup() to catch future issues where the size of the buffer doesn't match the amount of data we're writing. Signed-off-by: Ross Zwisler Signed-off-by: Dan Williams --- tools/testing/nvdimm/test/nfit.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'tools') diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c index 1376fc95c33a..fcd233342273 100644 --- a/tools/testing/nvdimm/test/nfit.c +++ b/tools/testing/nvdimm/test/nfit.c @@ -104,7 +104,8 @@ enum { NUM_HINTS = 8, NUM_BDW = NUM_DCR, NUM_SPA = NUM_PM + NUM_DCR + NUM_BDW, - NUM_MEM = NUM_DCR + NUM_BDW + 2 /* spa0 iset */ + 4 /* spa1 iset */, + NUM_MEM = NUM_DCR + NUM_BDW + 2 /* spa0 iset */ + + 4 /* spa1 iset */ + 1 /* spa11 iset */, DIMM_SIZE = SZ_32M, LABEL_SIZE = SZ_128K, SPA_VCD_SIZE = SZ_4M, @@ -2047,6 +2048,9 @@ static void nfit_test0_setup(struct nfit_test *t) flush->hint_address[i] = t->flush_dma[4] + i * sizeof(u64); offset += flush->header.length; + + /* sanity check to make sure we've filled the buffer */ + WARN_ON(offset != t->nfit_size); } post_ars_status(&t->ars_state, &t->badrange, t->spa_set_dma[0], @@ -2165,6 +2169,9 @@ static void nfit_test1_setup(struct nfit_test *t) dcr->windows = 0; offset += dcr->header.length; + /* sanity check to make sure we've filled the buffer */ + WARN_ON(offset != t->nfit_size); + post_ars_status(&t->ars_state, &t->badrange, t->spa_set_dma[0], SPA2_SIZE); -- cgit v1.2.3-59-g8ed1b