RE: [PATCH] ACPI: scan: Fix a Hyper-V Linux VM panic caused by buffer overflow

From: Dexuan Cui
Date: Fri Dec 18 2020 - 13:36:26 EST


> From: Dexuan Cui <decui@xxxxxxxxxxxxx>
> Sent: Thursday, December 17, 2020 8:08 PM
>
> Linux VM on Hyper-V crashes with the latest mainline:
> ...
> This is because of the recent buffer overflow detection in the
> commit 6a39e62abbaf ("lib: string.h: detect intra-object overflow in fortified
> string functions")
>
> Here acpi_device_bus_id->bus_id can only hold 14 characters, while the
> the acpi_device_hid(device) returns a 22-char string
> "HYPER_V_GEN_COUNTER_V1".
>
> Per ACPI Spec v6.2, Section 6.1.5 _HID (Hardware ID), if the ID is a
> string, it must be of the form AAA#### or NNNN####, i.e. 7 chars or 8
> chars.
>
> The field bus_id in struct acpi_device_bus_id was originally defined as
> char bus_id[9], and later was enlarged to char bus_id[15] in 2007 in the
> commit bb0958544f3c ("ACPI: use more understandable bus_id for ACPI
> devices")
>
> It looks like so far an ID string of >=15 chars is only seen in the guest
> BIOS/firmware by Hyper-V, and AFAIK the ID string
> "HYPER_V_GEN_COUNTER_V1"
> is never used by Linux VM on Hyper-V, so let's just truncate the string to
> fix the panic.
>
> Signed-off-by: Dexuan Cui <decui@xxxxxxxxxxxxx>

IMO this patch should also go to the stable trees, so please add
Cc: <stable@xxxxxxxxxxxxxxx>

Thanks,
-- Dexuan