github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-29 17:43:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

ACPI fix for 6.15-rc7

Browse Source 
Fix ACPI PPTT parsing code to address a regression introduced recently
 and add more sanity checking of data supplied by the platform firmware
 to avoid using invalid data (Jeremy Linton).
 -----BEGIN PGP SIGNATURE-----
 
 iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAmgnY30SHHJqd0Byand5
 c29ja2kubmV0AAoJEO5fvZ0v1OO1/SsH/2UT//SvEWzrUmkstQ3Z24T1HlqEPp7a
 0uqamvkM505Bdeq3wgaDLH8LsMd/9MVpTdJ5gQ5gxLjTH8WnJUlzr8IN0K/ic13u
 ARgju9tW0PBE7iMpeS0npADkEzgD6YqJl4/c/EPQI9iKLn7U39W9z1UAo7hroWye
 zFfFTQx0kONYa8p6aoN/A3YhCQjsa1XyvMc4AwQHyNEtqbgLGrp3mGZ2M27vUPlr
 jamwJSBo5X3Gelrx81KBPuF1f3M0CYuI2m03FoVH1YBFm2dSqzSh+UfMdRUpD6oe
 d+EzygDHcxx+tyFHblaC3QOM+b7p8zoffxQqQtOXWfS/bIK9pAP7VgI=
 =nBNl
 -----END PGP SIGNATURE-----

Merge tag 'acpi-6.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fix from Rafael Wysocki:
 "Fix ACPI PPTT parsing code to address a regression introduced recently
  and add more sanity checking of data supplied by the platform firmware
  to avoid using invalid data (Jeremy Linton)"

* tag 'acpi-6.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI: PPTT: Fix processor subtable walk
This commit is contained in:
Linus Torvalds 2025-05-16 09:40:07 -07:00
commit 3c21441eef
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
drivers/acpi/pptt.c
View File

@ -231,16 +231,18 @@ static int acpi_pptt_leaf_node(struct acpi_table_header *table_hdr,
sizeof(struct acpi_table_pptt));
proc_sz = sizeof(struct acpi_pptt_processor);
while ((unsigned long)entry + proc_sz < table_end) {
/* ignore subtable types that are smaller than a processor node */
while ((unsigned long)entry + proc_sz <= table_end) {
cpu_node = (struct acpi_pptt_processor *)entry;
if (entry->type == ACPI_PPTT_TYPE_PROCESSOR &&
cpu_node->parent == node_entry)
return 0;
if (entry->length == 0)
return 0;
entry = ACPI_ADD_PTR(struct acpi_subtable_header, entry,
entry->length);
}
return 1;
}
@ -273,15 +275,18 @@ static struct acpi_pptt_processor *acpi_find_processor_node(struct acpi_table_he
proc_sz = sizeof(struct acpi_pptt_processor);
/* find the processor structure associated with this cpuid */
while ((unsigned long)entry + proc_sz < table_end) {
while ((unsigned long)entry + proc_sz <= table_end) {
cpu_node = (struct acpi_pptt_processor *)entry;
if (entry->length == 0) {
pr_warn("Invalid zero length subtable\n");
break;
}
/* entry->length may not equal proc_sz, revalidate the processor structure length */
if (entry->type == ACPI_PPTT_TYPE_PROCESSOR &&
acpi_cpu_id == cpu_node->acpi_processor_id &&
(unsigned long)entry + entry->length <= table_end &&
entry->length == proc_sz + cpu_node->number_of_priv_resources * sizeof(u32) &&
acpi_pptt_leaf_node(table_hdr, cpu_node)) {
return (struct acpi_pptt_processor *)entry;
}