firmware: dmi_scan: Trim DMI table length before exporting it

The SMBIOS v3 entry points specify a maximum length for the DMI table,
not the exact length. Thus there may be garbage after the end-of-table
marker, which we don't want to export to user-space. Adjust dmi_len
when we find the end-of-table marker, so that only the actual table
payload is exported.

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>

1 files changed, 10 insertions, 5 deletions

diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
index 14a89123cb7c..7fdf2868a276 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
@@ -108,6 +108,9 @@ static void dmi_decode_table(u8 *buf,
 		if (data - buf < dmi_len - 1)
 			decode(dm, private_data);
 
+		data += 2;
+		i++;
+
 		/*
 		 * 7.45 End-of-Table (Type 127) [SMBIOS reference spec v3.0.0]
 		 * For tables behind a 64-bit entry point, we have no item
@@ -118,10 +121,11 @@ static void dmi_decode_table(u8 *buf,
 		 */
 		if (!dmi_num && dm->type == DMI_ENTRY_END_OF_TABLE)
 			break;
-
-		data += 2;
-		i++;
 	}
+
+	/* Trim DMI table length if needed */
+	if (dmi_len > data - buf)
+		dmi_len = data - buf;
 }
 
 static phys_addr_t dmi_base;
@@ -130,8 +134,9 @@ static int __init dmi_walk_early(void (*decode)(const struct dmi_header *,
 		void *))
 {
 	u8 *buf;
+	u32 orig_dmi_len = dmi_len;
 
-	buf = dmi_early_remap(dmi_base, dmi_len);
+	buf = dmi_early_remap(dmi_base, orig_dmi_len);
 	if (buf == NULL)
 		return -1;
 
@@ -139,7 +144,7 @@ static int __init dmi_walk_early(void (*decode)(const struct dmi_header *,
 
 	add_device_randomness(buf, dmi_len);
 
-	dmi_early_unmap(buf, dmi_len);
+	dmi_early_unmap(buf, orig_dmi_len);
 	return 0;
 }