From patchwork Thu Jun 10 06:47:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AceLan Kao X-Patchwork-Id: 1490206 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=D8jY7lod; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G0vgr5JCLz9sVt; Thu, 10 Jun 2021 16:48:24 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lrEUH-0002fO-Mz; Thu, 10 Jun 2021 06:48:21 +0000 Received: from mail-pf1-f169.google.com ([209.85.210.169]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lrEUE-0002Zp-GH for kernel-team@lists.ubuntu.com; Thu, 10 Jun 2021 06:48:18 +0000 Received: by mail-pf1-f169.google.com with SMTP id u18so772842pfk.11 for ; Wed, 09 Jun 2021 23:48:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=qoM9ozpxc2Na/5jNtotWh1UDAEKibBejwM+dekKjEBc=; b=D8jY7lodvBD8GgdwSX/GsLyco9FOLEOj5jConjCtgD7zxbb8hnayvyWxGqr1IWLRsZ TvyrqT/n5osc6BK0r9mhaVjhr9gjT9FX2AI9uNvV6fkCCgIGKq3XJk3U81ragu/eDN+D aKPeqs8KGDyxmC6LW1lvBBrJs71lZlkRcRwVTjnGjHmfRLJGWRBpL2hr8x7n9ZMxcLZ6 Ti1Ra25sN2woZILK5+h1Ya/XVtp5wh0+GX1rHJz2TL0vs9WiFD/mXWvWpaseRR9GAovL yeqsi0sTFOOdQnqvPK0s4+OzFFXhrMwBeX0rqKDnXYKToadWfXwOWskqm73dg5hL+oXr z9xQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=qoM9ozpxc2Na/5jNtotWh1UDAEKibBejwM+dekKjEBc=; b=OQhlB/zrUebxda2SQiYU0zKfZkQj7o9n81E2m5+G18DsUa1rbXxrwcZbScS0iOQzzV uY+sd+XdLWSdjiprv/Mw/O1h9VWgNVp3Uw5q4bg+RGquTHpI0sVpK7F0I4fuNzXxTRks Ad23q8pahzlw3jOb7KdTcKpFv2dAVd7jVa0m5m+ha5pksJ7XMyPca/+EXBrV/nv4aXSy DmnzMNUxTOj0LWmQBsH+uHDy2mcVi7HlD/p7p/QMBpUpJ9Q9Sx2cg4QYb5X1E4SlGSbk 9aLACV+Zq85yBmS52Y3M7K0WziXshfFCsk4riAbs03kH3uoVPL1s4Kvn8vY/ZQ1+CgYN MdVQ== X-Gm-Message-State: AOAM531Ig+k7AuwpVuR1FOyqE+SZNuUbcb9zC2ukF5EIneeVNv4dyCfF rX5AxVa2mMZGW2TRYMPxTWBa3ZnyCeklO9z1 X-Google-Smtp-Source: ABdhPJzwMxDNqXRgvuPfIMbTGtO8fMBsWamQd27kEYfYMTm2+rI/x2qCxOjhJX4k7De5IvhC3UQ0aQ== X-Received: by 2002:a65:5b0d:: with SMTP id y13mr1153404pgq.165.1623307694903; Wed, 09 Jun 2021 23:48:14 -0700 (PDT) Received: from localhost (220-135-95-34.HINET-IP.hinet.net. [220.135.95.34]) by smtp.gmail.com with ESMTPSA id w79sm1514649pff.21.2021.06.09.23.48.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Jun 2021 23:48:14 -0700 (PDT) From: AceLan Kao To: kernel-team@lists.ubuntu.com Subject: [PATCH 6/7][SRU][OEM-5.10] platform/x86: dell-wmi-sysman: Make init_bios_attributes() ACPI object parsing more robust Date: Thu, 10 Jun 2021 14:47:53 +0800 Message-Id: <20210610064754.1061717-7-acelan.kao@canonical.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210610064754.1061717-1-acelan.kao@canonical.com> References: <20210610064754.1061717-1-acelan.kao@canonical.com> MIME-Version: 1.0 Received-SPF: pass client-ip=209.85.210.169; envelope-from=acelan@gmail.com; helo=mail-pf1-f169.google.com X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Hans de Goede BugLink: https://bugs.launchpad.net/bugs/1931509 Make init_bios_attributes() ACPI object parsing more robust: 1. Always check that the type of the return ACPI object is package, rather then only checking this for instance_id == 0 2. Check that the package has the minimum amount of elements which will be consumed by the populate_foo_data() for the attr_type Note/TODO: The populate_foo_data() functions should also be made more robust. The should check the type of each of the elements matches the type which they expect and in case of populate_enum_data() obj->package.count should be passed to it as an argument and it should re-check this itself since it consume a variable number of elements. Fixes: e8a60aa7404b ("platform/x86: Introduce support for Systems Management Driver over WMI for Dell Systems") Cc: Divya Bharathi Cc: Mario Limonciello Signed-off-by: Hans de Goede Link: https://lore.kernel.org/r/20210321121607.35717-1-hdegoede@redhat.com (cherry picked from commit 5e3f5973c8dfd2b80268f1825ed2f2ddf81d3267) Signed-off-by: Chia-Lin Kao (AceLan) --- .../x86/dell/dell-wmi-sysman/sysman.c | 32 ++++++++++++++++--- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c b/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c index 5dd9b29d939c7..1d996bbf7f5a7 100644 --- a/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c +++ b/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c @@ -401,6 +401,7 @@ static int init_bios_attributes(int attr_type, const char *guid) union acpi_object *obj = NULL; union acpi_object *elements; struct kset *tmp_set; + int min_elements; /* instance_id needs to be reset for each type GUID * also, instance IDs are unique within GUID but not across @@ -411,14 +412,38 @@ static int init_bios_attributes(int attr_type, const char *guid) retval = alloc_attributes_data(attr_type); if (retval) return retval; + + switch (attr_type) { + case ENUM: min_elements = 8; break; + case INT: min_elements = 9; break; + case STR: min_elements = 8; break; + case PO: min_elements = 4; break; + default: + pr_err("Error: Unknown attr_type: %d\n", attr_type); + return -EINVAL; + } + /* need to use specific instance_id and guid combination to get right data */ obj = get_wmiobj_pointer(instance_id, guid); - if (!obj || obj->type != ACPI_TYPE_PACKAGE) + if (!obj) return -ENODEV; - elements = obj->package.elements; mutex_lock(&wmi_priv.mutex); - while (elements) { + while (obj) { + if (obj->type != ACPI_TYPE_PACKAGE) { + pr_err("Error: Expected ACPI-package type, got: %d\n", obj->type); + retval = -EIO; + goto err_attr_init; + } + + if (obj->package.count < min_elements) { + pr_err("Error: ACPI-package does not have enough elements: %d < %d\n", + obj->package.count, min_elements); + goto nextobj; + } + + elements = obj->package.elements; + /* sanity checking */ if (elements[ATTR_NAME].type != ACPI_TYPE_STRING) { pr_debug("incorrect element type\n"); @@ -483,7 +508,6 @@ static int init_bios_attributes(int attr_type, const char *guid) kfree(obj); instance_id++; obj = get_wmiobj_pointer(instance_id, guid); - elements = obj ? obj->package.elements : NULL; } mutex_unlock(&wmi_priv.mutex);