From patchwork Tue Aug 17 00:56:43 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jin Dongming <jin.dongming@np.css.fujitsu.com>
X-Patchwork-Id: 119830
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.4/8.14.3) with ESMTP id o7H0uQmT003510
	for <patchwork-acpi@patchwork.kernel.org>;
	Tue, 17 Aug 2010 00:56:26 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753887Ab0HQA4Z (ORCPT
	<rfc822;patchwork-acpi@patchwork.kernel.org>);
	Mon, 16 Aug 2010 20:56:25 -0400
Received: from fgwmail6.fujitsu.co.jp ([192.51.44.36]:57407 "EHLO
	fgwmail6.fujitsu.co.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753753Ab0HQA4Y (ORCPT
	<rfc822; linux-acpi@vger.kernel.org>); Mon, 16 Aug 2010 20:56:24 -0400
Received: from m3.gw.fujitsu.co.jp ([10.0.50.73])
	by fgwmail6.fujitsu.co.jp (Fujitsu Gateway) with ESMTP id
	o7H0uNsE031191 (envelope-from jin.dongming@np.css.fujitsu.com);
	Tue, 17 Aug 2010 09:56:23 +0900
Received: from smail (m3 [127.0.0.1])
	by outgoing.m3.gw.fujitsu.co.jp (Postfix) with ESMTP id 3DFF945DE51;
	Tue, 17 Aug 2010 09:56:23 +0900 (JST)
Received: from s3.gw.fujitsu.co.jp (s3.gw.fujitsu.co.jp [10.0.50.93])
	by m3.gw.fujitsu.co.jp (Postfix) with ESMTP id 14F6245DE4E;
	Tue, 17 Aug 2010 09:56:23 +0900 (JST)
Received: from s3.gw.fujitsu.co.jp (localhost.localdomain [127.0.0.1])
	by s3.gw.fujitsu.co.jp (Postfix) with ESMTP id DCE471DB8038;
	Tue, 17 Aug 2010 09:56:22 +0900 (JST)
Received: from m002.s.css.fujitsu.com (m002.s.css.fujitsu.com [10.23.4.32])
	by s3.gw.fujitsu.co.jp (Postfix) with ESMTP id 960DA1DB803C;
	Tue, 17 Aug 2010 09:56:19 +0900 (JST)
Received: from m002.css.fujitsu.com (m002 [127.0.0.1])
	by m002.s.css.fujitsu.com (Postfix) with ESMTP id 9C01450EBD1;
	Tue, 17 Aug 2010 09:56:17 +0900 (JST)
Received: from [127.0.0.1] (unknown [10.124.102.46])
	by m002.s.css.fujitsu.com (Postfix) with ESMTP id AE3BB50EBD4;
	Tue, 17 Aug 2010 09:56:16 +0900 (JST)
X-SecurityPolicyCheck: OK by SHieldMailChecker v1.5.1
Message-ID: <4C69DE4B.4090904@np.css.fujitsu.com>
Date: Tue, 17 Aug 2010 09:56:43 +0900
From: Jin Dongming <jin.dongming@np.css.fujitsu.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ja;
	rv:1.9.2.7) Gecko/20100713 Thunderbird/3.1.1
MIME-Version: 1.0
To: Huang Ying <ying.huang@intel.com>
CC: Randy Dunlap <randy.dunlap@oracle.com>,
	Stephen Rothwell <sfr@canb.auug.org.au>,
	Andi Kleen <andi@firstfloor.org>,
	Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>,
	ACPI <linux-acpi@vger.kernel.org>, LKLM <linux-kernel@vger.kernel.org>
Subject: [PATCH 2/4] [Patch-next] ACPI, APEI, EINJ Fix the wrong checking
	of Injection Header's length
Sender: linux-acpi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-acpi.vger.kernel.org>
X-Mailing-List: linux-acpi@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Tue, 17 Aug 2010 00:56:26 +0000 (UTC)


diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c
index 465c885..5fe876c 100644
--- a/drivers/acpi/apei/einj.c
+++ b/drivers/acpi/apei/einj.c
@@ -104,7 +104,8 @@ static struct einj_parameter *einj_param;
 static void einj_exec_ctx_init(struct apei_exec_context *ctx)
 {
 	apei_exec_ctx_init(ctx, einj_ins_type, ARRAY_SIZE(einj_ins_type),
-			   EINJ_TAB_ENTRY(einj_tab), einj_tab->entries);
+			   EINJ_TAB_ENTRY(einj_tab),
+			   einj_tab->inje_header.entries);
 }
 
 static int __einj_get_available_error_type(u32 *type)
@@ -153,7 +154,7 @@ static u64 einj_get_parameter_address(void)
 	struct acpi_whea_header *entry;
 
 	entry = EINJ_TAB_ENTRY(einj_tab);
-	for (i = 0; i < einj_tab->entries; i++) {
+	for (i = 0; i < einj_tab->inje_header.entries; i++) {
 		if (entry->action == ACPI_EINJ_SET_ERROR_TYPE &&
 		    entry->instruction == ACPI_EINJ_WRITE_REGISTER &&
 		    entry->register_region.space_id ==
@@ -426,12 +427,14 @@ DEFINE_SIMPLE_ATTRIBUTE(error_inject_fops, NULL,
 
 static int einj_check_table(struct acpi_table_einj *einj_tab)
 {
-	if (einj_tab->header_length != sizeof(struct acpi_table_einj))
+	if (einj_tab->common_header.length < sizeof(struct acpi_table_einj))
 		return -EINVAL;
-	if (einj_tab->header.length < sizeof(struct acpi_table_einj))
+
+	if (einj_tab->inje_header.length != sizeof(struct acpi_einj_header))
 		return -EINVAL;
-	if (einj_tab->entries !=
-	    (einj_tab->header.length - sizeof(struct acpi_table_einj)) /
+
+	if (einj_tab->inje_header.entries !=
+	    (einj_tab->common_header.length - sizeof(struct acpi_table_einj)) /
 	    sizeof(struct acpi_einj_entry))
 		return -EINVAL;
 
diff --git a/include/acpi/actbl1.h b/include/acpi/actbl1.h
index 821f8ac..e586c30 100644
--- a/include/acpi/actbl1.h
+++ b/include/acpi/actbl1.h
@@ -199,14 +199,21 @@ struct acpi_table_ecdt {
  *
  ******************************************************************************/
 
-struct acpi_table_einj {
-	struct acpi_table_header header;	/* Common ACPI table header */
-	u32 header_length;
-	u8 flags;
-	u8 reserved[3];
+/* EINJ Injection Header */
+struct acpi_einj_header {
+	u32 length;
+	u8  flags;
+	u8  reserved[3];
 	u32 entries;
 };
 
+/* EINJ Header */
+
+struct acpi_table_einj {
+	struct acpi_table_header common_header;	/* Common ACPI table header */
+	struct acpi_einj_header inje_header;	/* Injection Header */
+};
+
 /* EINJ Injection Instruction Entries (actions) */
 
 struct acpi_einj_entry {