Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp928156pxb; Sat, 9 Jan 2021 01:39:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJyLY4oF9e0luu5WItu8pGxUz2Cy/9yaPHomsbtZpdwdQamurXsCSwgJcXRedsU42O0zea2H X-Received: by 2002:a17:906:3513:: with SMTP id r19mr5044481eja.445.1610185187520; Sat, 09 Jan 2021 01:39:47 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1610185187; cv=pass; d=google.com; s=arc-20160816; b=BEU4WlGx0VE98S9Os3fTIdN8+iAMkJSFRbF3NFVNT7/DFUHepdGMfF7dOa5rJQDFXO St2BHtf7APdLdaR5HBD1VUBqL4AjBx/yTB5Y+hU4782bFVACXFho9Ejqj+bKTTtXLD8m cmck8gheL+AKmDCm00oJ9424ZMtjZwmpiYF9Zt+sg3VYUtqf07XevVl0uXDo/XyDv+A2 DqtfXWvSAi9ZNFn3ax7iFRrGdph5XjbiXAtElrTL+GfCobUzNUKXtzCR0KYcXYh7l15i Vt5Z4m9bjhlz+WxUWjmjQVIlJ+H7iXPfYKUaiWx12FqRcqc8Zuxso3UKjKE+PWWpskkr obUw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :msip_labels:content-language:accept-language:in-reply-to:references :message-id:date:thread-index:thread-topic:subject:cc:to:from :dkim-signature; bh=NzUhl2qBjjefEApuCTjSg5mZomXZMUoAH5UbfwXr58U=; b=HKTnuLgO3FQv3Nv5TKCIsLe4yQpySbk4hmDEuGYWyOJ8Td0xntv0d78Aq8WlgB1dMW qaThWJRlI5u5+ZKWlPuN883stvMCA1/4Y0wE+hkqzW+NMOOYxW6s3sVqaNOHDsS7rPcU Z9OA2PAzApUWRlORLIWLVYAxyfqIQkROVD70dr2qviqP8q8/B8TzU2ZqtgvqSaC9jpw5 syh+4XD0HwLl3e5xu4kikXTV4bDg39ET6M3ziwiQhGD8QxytGkZoufdSnFuGnbrsCNtD EwdBZWUmdFaLqd5SgimmzB0OM2xRY4jLJFFGWtZf4EJy5oiHRMfmMrUUi3FzkeAg0t6M nl5g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector2 header.b="CpBqV/H+"; arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m26si4818668ejn.304.2021.01.09.01.39.23; Sat, 09 Jan 2021 01:39:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector2 header.b="CpBqV/H+"; arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726819AbhAIJia (ORCPT + 99 others); Sat, 9 Jan 2021 04:38:30 -0500 Received: from mail-co1nam11on2104.outbound.protection.outlook.com ([40.107.220.104]:60257 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726661AbhAIJia (ORCPT ); Sat, 9 Jan 2021 04:38:30 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n1pDiH49MKajliwd2B+xRYn07is4Xjxz1TB1x4Y1ytPGg2v/xpsFL8WEU6FRX47sHjhPw7XmXfrVCcmQJpd3KfWKVLX0JX8bkOChJE5NgO1xz+lEddYFsmAoNg+HO+/D+uBSmqQ69d9S2YRA9CNGCO4Wp6TzBEjoyd+5k94OJrcDhhpkZBobOciOX1hneVZWCV0iRVerr4XcA8WjGI1YAFpXescEBnKxcdT6VwluL7YjNcvmNXkJaNbEgD8xt6MHJqSQGaWMFapafsNDv4ecag77hcVDWdGnJPyS/oX4l0ty2yZDCkatRZSdxTXsFiRBZEyuUJvr1l6h40A8mUGHOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NzUhl2qBjjefEApuCTjSg5mZomXZMUoAH5UbfwXr58U=; b=CA5l+LteBzh0CvBZ/h7XbiwgxAPgAOyw1wGuVRu64MR7bVvw8JlkAqmN/iyZK7CikANuqsypRgcebjrHCZ0Sr/v7LkC7I4njgcwHLDZIs/FHgYMsG8NIf0USoQ9WFOJfuS3iiUToq52hXSNsPrrlpTqIx0e3LhKb3aCxZqRzh3pytLsBVBoNn5nUskiVLxDTEfETSdhNfwkLtkKjEpiF52ZwNYHA+H1VPkQPsMJzfBY8nfnFti8pHuuu/mKQw2wksdYfN/vJKQ2ppA1zyXT7/XeESrDP43UnmlwypREMB1LK8LEpdz46EL8TpKxBXMZnOHr9DgxyZ5LIZI3E8Ztraw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NzUhl2qBjjefEApuCTjSg5mZomXZMUoAH5UbfwXr58U=; b=CpBqV/H+He+7HCYm/zrkjLB+Gv7P1pLKp7Pigje1xXW3dEcHdLDthOm6TppLIbO7gl2/DZDMNGV/nCzZE/mihU9kdqWbnGOLD/FuzMizGOZLUvQJQLeUWT+IeF5gVn7Voa7aGFdyDl8KqaI2agtqxEZo4XRXPyHZJM9cZWr5gow= Received: from (2603:10b6:300:128::18) by MWHPR21MB0512.namprd21.prod.outlook.com (2603:10b6:300:df::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.0; Sat, 9 Jan 2021 09:37:41 +0000 Received: from MWHPR21MB0798.namprd21.prod.outlook.com ([fe80::74c5:1aa5:e46f:8cb4]) by MWHPR21MB0798.namprd21.prod.outlook.com ([fe80::74c5:1aa5:e46f:8cb4%14]) with mapi id 15.20.3763.007; Sat, 9 Jan 2021 09:37:41 +0000 From: Dexuan Cui To: Andy Shevchenko CC: "rafael@kernel.org" , "linux-acpi@vger.kernel.org" , "rjw@rjwysocki.net" , "len.brown@intel.com" , Michael Kelley , "rui.zhang@intel.com" , "linux-kernel@vger.kernel.org" , "wei.liu@kernel.org" , Stephen Hemminger , Haiyang Zhang , KY Srinivasan , "dwaipayanray1@gmail.com" Subject: RE: [PATCH] ACPI: scan: Fix a Hyper-V Linux VM panic caused by buffer overflow Thread-Topic: [PATCH] ACPI: scan: Fix a Hyper-V Linux VM panic caused by buffer overflow Thread-Index: AQHW5msTvOtVmGN0LkKiF72uk6T6VQ== Date: Sat, 9 Jan 2021 09:37:41 +0000 Message-ID: References: <20210108072348.34091-1-decui@microsoft.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=1d08c07d-780a-4e7e-b7aa-36d737930967;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-01-09T09:15:15Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=microsoft.com; x-originating-ip: [73.140.237.219] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: ccd3669c-ade4-44dc-4d59-08d8b48235fa x-ms-traffictypediagnostic: MWHPR21MB0512: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 4T1IBK0C+4i+t2ihKm51txQ3PFWfqjBLqkSIZVHLcLOOegaW+twrOAUiagvqtjsrCIw0WoU2jXZw41IwUvWz10P6NkPXUebj9aqFnUd8GqzbfmyghAnn/yoWByOMH1dDtX+VX7lttZAODBngdE4e3EMyDtkO0+5bu1/iwoUTLizKbWvNJ2pJRmFe4D/MYVjqymmkXeAwHhjZGfS0TFnVBSnFwUTyC1M8w5k6TMLGaTLWpzEbh0b7a9+LZigWHo7neGNIID6MEMGmHN38k8UyqWrzkq6JWxQBLwi9KnExN4dK6vk45qirDTplfDur4CoXWzqDul0MGW7/nP+nl6mhjFWZxCq/dzQocYkKY4QCV2BFrx13JLsUZ/s3WWlsI3UQs0Kd+ZGvyrMkpibGCkDvw5sTjcv1Z9w1dXhm+vcBmi4795sC5IjePDOxGdQlFoj/oNoxrPzY9TyHr5xVT3ue6A== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR21MB0798.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(136003)(376002)(346002)(39860400002)(366004)(186003)(4326008)(5660300002)(6916009)(9686003)(55016002)(83380400001)(8990500004)(82960400001)(82950400001)(478600001)(6506007)(10290500003)(7696005)(71200400001)(54906003)(66476007)(8936002)(64756008)(66946007)(66446008)(26005)(76116006)(316002)(33656002)(8676002)(66556008)(52536014)(86362001)(2906002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?Dh9Uo3EWBapEaSgXwoXCuJack4/pSC1pexK4udshm6p+uT8ycL67DJpUhqwa?= =?us-ascii?Q?+HPDSQqiuF9gWFMkPJqNk3h0IVr6G8usNwHTH7e5L5NPymLM0nK1Ms/G2/zP?= =?us-ascii?Q?2Q9iZAxWqtQOcLh5BTi+sMMYLDOCAOwgiYaXEcZlNIBd8SFBFP1BFrzIsG1v?= =?us-ascii?Q?htYvr63tPUxAfO+nCo2rl5HgqmoUbUL9gcfu9sti6Oyrcvn0gdYt4uHuwE0Q?= =?us-ascii?Q?rLaFdxZCCyJz7mRZUGurScVx4QUOXIsIjiV0JJ0a6/GhZkmLFoQQ7C2GWQqr?= =?us-ascii?Q?p/o5NhAVJ5r4Ve299fw9t+VhtCgdbCPf1Vz+YSCA7Arof3l4bLLz9A7byQiD?= =?us-ascii?Q?6QQG/4BfpmV6KPNysUFPIPRJc28hjZSdJv6ypT+pCCUn1w8JuYpWlbvzuBWN?= =?us-ascii?Q?WgUSSAqCh1MtFFjAI2KBzJPuAKORRibh3Pa7JurwtJLs9uLFWJqrioi6p3ry?= =?us-ascii?Q?EGbfzYZZ0NQEef5llQoG1+y6R1lL9eeQxxC2K+1kRykk1Ds75dkYaQC75tVT?= =?us-ascii?Q?31JVRb1OqayY8LIAdPn+2K04Sn3akvWKx+Vckv4myuQ/xVtxzDA7ktLH611O?= =?us-ascii?Q?rwhztTtMMEb0gZXYlDDRVrx7Zz7CEk3UQdfNXOb9vf5v8pAC1zThD4p5Q/Fp?= =?us-ascii?Q?fRSLb26a9Dyv/R8/1aGg9hTflhcMS0IOAO+EMB2BhMektnq2uJNt4jSA4Dm+?= =?us-ascii?Q?asAAfuxNQSI1DfILS6vYXMatBjqfrl7bCagg9ykuNH0uacofz5bBNH+xPVTn?= =?us-ascii?Q?TULc4c4WHUVZqnpT3wRABcZqzZXbl+uzYZBaKi+4/7eHCAkQAhi2EmFPu4L0?= =?us-ascii?Q?sYm/RhlpGb8C3K8JK4MQ1KpUwwIpJsyIesS6MGi/EFUqp9pcL4KYGcquCNiB?= =?us-ascii?Q?FSWVG3t3h+DLEks9ZF34aZaHDMDK7g3AIOCvCVdAUVPnGqa+abeezjEBEyAt?= =?us-ascii?Q?bfsdKvdLr14F+6tSS69VuRUkhaSpkNKrJH+BoewKBk0=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR21MB0798.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ccd3669c-ade4-44dc-4d59-08d8b48235fa X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jan 2021 09:37:41.5570 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6NDPnrixMqiJoEcJj0Bxp58F/Uj7KeGXMiCxWQ1iDjL0JeG/VhWXaPV+b7inRSoCBuWJC99x6Rgyjlr4TWwLvQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0512 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > From: Andy Shevchenko =20 > Sent: Saturday, January 9, 2021 12:52 AM >>=20 >> Hi Rafael, Len, and all, >> Can you please take a look at the v2 patch? >>=20 >> The Linux mainline has been broken for several weeks when it >> runs as a guest on Hyper-V, so we'd like this to be fixed ASAP, >> as more people are being affected >=20 > I would like to see a warning printed when the dupped > string violates the spec. Hi Andy, Do you want a simple strlen() check like the below, or a full check of the AAA#### or NNNN#### format? Can we have the v2 (https://lkml.org/lkml/2021/1/8/53) merged=20 first, and then we can add another patch for the format checking? I'm trying to do one thing in one patch so the patch is small enough for easy reviewing. diff --git a/drivers/acpi/internal.h b/drivers/acpi/internal.h index cb229e24c563..e6a5d997241c 100644 --- a/drivers/acpi/internal.h +++ b/drivers/acpi/internal.h @@ -97,7 +97,7 @@ void acpi_scan_table_handler(u32 event, void *table, void= *context); extern struct list_head acpi_bus_id_list; =20 struct acpi_device_bus_id { - char bus_id[15]; + const char *bus_id; unsigned int instance_no; struct list_head node; }; diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c index a1b226eb2ce2..3b9902e5d965 100644 --- a/drivers/acpi/scan.c +++ b/drivers/acpi/scan.c @@ -486,6 +486,7 @@ static void acpi_device_del(struct acpi_device *device) acpi_device_bus_id->instance_no--; else { list_del(&acpi_device_bus_id->node); + kfree_const(acpi_device_bus_id->bus_id); kfree(acpi_device_bus_id); } break; @@ -674,7 +675,23 @@ int acpi_device_add(struct acpi_device *device, } if (!found) { acpi_device_bus_id =3D new_bus_id; - strcpy(acpi_device_bus_id->bus_id, acpi_device_hid(device)); + acpi_device_bus_id->bus_id =3D + kstrdup_const(acpi_device_hid(device), GFP_KERNEL); + if (!acpi_device_bus_id->bus_id) { + pr_err(PREFIX "Memory allocation error for bus id\n"); + result =3D -ENOMEM; + goto err_free_new_bus_id; + } + + /* + * ACPI Spec v6.2, Section 6.1.5 _HID (Hardware ID): if the + * ID is a string, it must be of the form AAA#### or NNNN####, + * i.e. 7 chars or 8 characters. + */ + if (strlen(acpi_device_bus_id->bus_id) > 8) + pr_warn(PREFIX "too long HID name: %s\n", + acpi_device_bus_id->bus_id); + acpi_device_bus_id->instance_no =3D 0; list_add_tail(&acpi_device_bus_id->node, &acpi_bus_id_list); } @@ -709,6 +726,10 @@ int acpi_device_add(struct acpi_device *device, if (device->parent) list_del(&device->node); list_del(&device->wakeup_list); + + err_free_new_bus_id: + if (!found) + kfree(new_bus_id); mutex_unlock(&acpi_device_lock); =20 err_detach: