github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
c8ec8ccf1b
linux/drivers/acpi
History
Dexuan Cui 56d772d831 ACPI: scan: Harden acpi_device_add() against device ID overflows 
commit a58015d638 upstream.

Linux VM on Hyper-V crashes with the latest mainline:

[    4.069624] detected buffer overflow in strcpy
[    4.077733] kernel BUG at lib/string.c:1149!
..
[    4.085819] RIP: 0010:fortify_panic+0xf/0x11
...
[    4.085819] Call Trace:
[    4.085819]  acpi_device_add.cold.15+0xf2/0xfb
[    4.085819]  acpi_add_single_object+0x2a6/0x690
[    4.085819]  acpi_bus_check_add+0xc6/0x280
[    4.085819]  acpi_ns_walk_namespace+0xda/0x1aa
[    4.085819]  acpi_walk_namespace+0x9a/0xc2
[    4.085819]  acpi_bus_scan+0x78/0x90
[    4.085819]  acpi_scan_init+0xfa/0x248
[    4.085819]  acpi_init+0x2c1/0x321
[    4.085819]  do_one_initcall+0x44/0x1d0
[    4.085819]  kernel_init_freeable+0x1ab/0x1f4

This is because of the recent buffer overflow detection in the
commit 6a39e62abb ("lib: string.h: detect intra-object overflow in
fortified string functions")

Here acpi_device_bus_id->bus_id can only hold 14 characters, while the
the acpi_device_hid(device) returns a 22-char string
"HYPER_V_GEN_COUNTER_V1".

Per ACPI Spec v6.2, Section 6.1.5 _HID (Hardware ID), if the ID is a
string, it must be of the form AAA#### or NNNN####, i.e. 7 chars or 8
chars.

The field bus_id in struct acpi_device_bus_id was originally defined as
char bus_id[9], and later was enlarged to char bus_id[15] in 2007 in the
commit bb0958544f ("ACPI: use more understandable bus_id for ACPI
devices")

Fix the issue by changing the field bus_id to const char *, and use
kstrdup_const() to initialize it.

Signed-off-by: Dexuan Cui <decui@microsoft.com>
Tested-By: Jethro Beekman <jethro@fortanix.com>
[ rjw: Subject change, whitespace adjustment ]
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-01-19 18:22:35 +01:00
..
acpica ACPICA: Do not increment operation_region reference counts for field units 2020-08-19 08:14:53 +02:00
apei x86/mm: split vmalloc_sync_all() 2020-03-25 08:06:13 +01:00
arm64 ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() 2019-08-16 10:12:48 +02:00
dptf
nfit ACPI: NFIT: Fix comparison to '-ENXIO' 2020-11-10 12:36:00 +01:00
pmic ACPI / PMIC: xpower: Fix TS-pin current-source handling 2019-01-16 22:04:34 +01:00
x86 x86/cpu: Sanitize FAM6_ATOM naming 2019-05-14 19:17:53 +02:00
ac.c ACPI updates for 4.18-rc1 2018-06-05 10:08:27 -07:00
acpi_amba.c
acpi_apd.c ACPI: APD: Add AMD misc clock handler support 2018-05-17 12:44:06 +02:00
acpi_cmos_rtc.c
acpi_configfs.c
acpi_dbg.c ACPI: debug: don't allow debugging when ACPI is disabled 2020-11-05 11:08:47 +01:00
acpi_extlog.c ACPI / extlog: Check for RDMSR failure 2020-11-05 11:08:47 +01:00
acpi_ipmi.c
acpi_lpat.c
acpi_lpit.c ACPI / PM: LPIT: Register sysfs attributes based on FADT 2018-11-13 11:08:24 -08:00
acpi_lpss.c ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS 2020-01-27 14:51:00 +01:00
acpi_memhotplug.c mm/memory_hotplug: make remove_memory() take the device_hotplug_lock 2020-01-29 16:43:24 +01:00
acpi_pad.c ACPI: acpi_pad: Fix memory leak in power saving threads 2018-03-30 12:04:58 +02:00
acpi_platform.c ACPI / platform: Add SMB0001 HID to forbidden_id_list 2018-11-27 16:13:10 +01:00
acpi_pnp.c ACPI: PNP: compare the string length in the matching_id() 2020-12-30 11:26:08 +01:00
acpi_processor.c ACPI / processor: don't print errors for processorIDs == 0xff 2019-10-05 13:09:38 +02:00
acpi_tad.c ACPI: Add Time and Alarm Device (TAD) driver 2018-03-20 10:36:04 +01:00
acpi_video.c ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35 2019-10-01 08:26:11 +02:00
acpi_watchdog.c ACPI: watchdog: Allow disabling WDAT at boot 2020-03-20 11:55:52 +01:00
battery.c ACPI / battery: Deal better with neither design nor full capacity not being reported 2020-02-11 04:33:59 -08:00
bgrt.c
blacklist.c ACPI: blacklist: fix clang warning for unused DMI table 2019-08-06 19:06:50 +02:00
bus.c ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() 2019-12-17 20:35:05 +01:00
button.c ACPI: button: Add DMI quirk for Medion Akoya E2228T 2020-11-24 13:27:19 +01:00
cm_sbs.c
container.c
cppc_acpi.c ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() 2020-06-22 09:05:02 +02:00
custom_method.c ACPI: custom_method: fix memory leaks 2019-10-05 13:09:53 +02:00
debugfs.c
device_pm.c PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() 2020-12-30 11:26:08 +01:00
device_sysfs.c ACPI / device_sysfs: Avoid OF modalias creation for removed device 2019-03-23 20:09:57 +01:00
dock.c
ec_sys.c
ec.c ACPI: EC: Reference count query handlers under lock 2020-10-01 13:14:30 +02:00
event.c
evged.c ACPI: GED: fix -Wformat 2020-11-22 10:02:26 +01:00
fan.c treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
glue.c
hed.c
internal.h ACPI: scan: Harden acpi_device_add() against device ID overflows 2021-01-19 18:22:35 +01:00
ioapic.c
irq.c
Kconfig ACPI: fix menuconfig presentation of ACPI submenu 2018-08-23 10:20:07 +02:00
Makefile ACPI: Enable PPTT support on ARM64 2018-05-17 17:28:09 +01:00
numa.c ACPI: Add out of bounds and numa_off protections to pxm_to_node() 2020-11-05 11:08:42 +01:00
nvs.c
osi.c ACPI / OSI: Add OEM _OSI string to enable NVidia HDMI audio 2018-07-20 10:12:41 +02:00
osl.c ACPI: OSL: only free map once in osl.c 2019-12-17 20:35:05 +01:00
pci_irq.c ACPI / PCI: fix acpi_pci_irq_enable() memory leak 2019-10-05 13:09:53 +02:00
pci_link.c ACPI / PCI: pci_link: Allow the absence of _PRS and change log level 2018-02-27 17:15:39 +01:00
pci_mcfg.c
pci_root.c PCI/ACPI: Correct error message for ASPM disabling 2019-11-20 18:46:52 +01:00
pci_slot.c
power.c ACPI: power: Skip duplicate power resource references in _PRx 2019-01-16 22:04:33 +01:00
pptt.c ACPI/PPTT: Add support for ACPI 6.3 thread flag 2019-10-17 13:45:34 -07:00
proc.c
processor_core.c xen/ACPI: don't upload Px/Cx data for disabled processors 2018-08-20 14:46:18 -04:00
processor_driver.c
processor_idle.c More ACPI updates for v4.16-rc1 2018-02-09 09:44:25 -08:00
processor_pdc.c
processor_perflib.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
processor_thermal.c
processor_throttling.c x86: ACPI: fix CPU hotplug deadlock 2020-04-23 10:30:20 +02:00
property.c ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() 2019-05-31 06:46:11 -07:00
reboot.c ACPI: add missing newline to printk 2018-05-02 13:01:08 +02:00
resource.c Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" 2020-12-30 11:26:08 +01:00
sbs.c ACPI / SBS: Fix GPE storm on recent MacBookPro's 2019-04-20 09:16:01 +02:00
sbshc.c ACPI / SBS: Fix rare oops when removing modules 2019-11-24 08:20:31 +01:00
sbshc.h
scan.c ACPI: scan: Harden acpi_device_add() against device ID overflows 2021-01-19 18:22:35 +01:00
sleep.c ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle 2019-05-22 07:37:41 +02:00
sleep.h
spcr.c ACPI: SPCR: Consider baud rate 0 as preconfigured state 2019-02-12 19:47:02 +01:00
sysfs.c ACPI: sysfs: Fix pm_profile_attr type 2020-06-30 23:17:15 -04:00
tables.c arm64 updates for 4.18: 2018-06-08 11:10:58 -07:00
thermal.c
utils.c ACPI / utils: Drop reference in test for device presence 2019-04-20 09:15:58 +02:00
video_detect.c ACPI: video: use ACPI backlight for HP 635 Notebook 2020-11-05 11:08:47 +01:00
wakeup.c