Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4715438pxj; Wed, 12 May 2021 11:33:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxOIDQw3iKoBhcelsflhtw4EKvWXTX1iXxG/CtQXaSBm6Ws++eZQ2oiUs7yA5hKqbnOkuJJ X-Received: by 2002:a17:906:5495:: with SMTP id r21mr39043909ejo.471.1620844384402; Wed, 12 May 2021 11:33:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620844384; cv=none; d=google.com; s=arc-20160816; b=PgoujZZJz6lt4upDaP6AUY/Y2Q93D28ueYOSNLRk4KE26JSB5hTloa0VbqRbrPNDvU Q+1XK9pUgvi2D7iDFuOcQ2eqyBPuBA/RKUgg4F63AX9bVoAFgj+2H+T4ZoSrKiGwEOVy UhFa6gYWgAzl8aO98hoNU6ZuRyee6Y4gY+0YHGXnnmbQLd9cq+qV/YaCNabggiECz/03 nzDXdohjZOaaclELhwp+uW+4xPQcAygtQtPja7UVu3BzBj2nc0mBFBk/0rCva22Hiy1w QqAQbUD0pRXiOix9eptlYR4N7TCsl5Mx6yGUYO1A4oUFyqESLoKdS21ANvHkacpnb/N8 E8VA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=N7LY5odjkfjKHyDOtIjrfKYv77gK4fCUmpR6RE+RNWM=; b=GQd9BGtdWV4xqn0SiKvTBq0e3i76QT5S5xHbPRCBAUSCNNriE9yj8L4WsmEzos3kC2 KxKCAJ/Q9CsMpj/ZS5xRh5VNR3zoCUGRoLkKGQmRAMXQNsufnj3IOqGECqRLjdU+SFTe Vj0SMu22ThbYvd1KJ7CdseSac9f3CglMP24aGq48R7v1nuc9u/RPXzHeTEGrNByw6nF0 PHe5bemMi432W1If1V7vd5EdLTWsTZW04ng5jVTL+xg0Vfs+28kexwLGcnqiug7g4upR YsvozJp+b4glC9OpNb5X0xt1QmU7PpQJoReWPWcJbivWtZ2YuA/3ya9S7TR6CQI1B9x3 fppw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=po3PjGm1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g27si633478ejb.616.2021.05.12.11.32.40; Wed, 12 May 2021 11:33:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=po3PjGm1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239202AbhELSa7 (ORCPT + 99 others); Wed, 12 May 2021 14:30:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:54972 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243125AbhELQgt (ORCPT ); Wed, 12 May 2021 12:36:49 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3DB4561CC6; Wed, 12 May 2021 16:00:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620835250; bh=36XL0zMbkgte9Ebs76dOv6AylxsdfBIJAAGFW+04kM8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=po3PjGm1+DIvxpUH9oYxvByMUTELVB402SJMyfWXQ80AvranciUhDPvuWusWacvuJ 1q23WYUWvFwZaNghK7xYb4Ysbze0dDlf8ua2sLQXaj3bJeHGCnCyZMOz1iG1TQdVpB 1EmpHFY/1Dy8BLBFQcnDq9LVcpUy+Hc2r/JYPlVU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Divya Bharathi , Mario Limonciello , Hans de Goede , Sasha Levin Subject: [PATCH 5.12 269/677] platform/x86: dell-wmi-sysman: Make init_bios_attributes() ACPI object parsing more robust Date: Wed, 12 May 2021 16:45:15 +0200 Message-Id: <20210512144846.165015661@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210512144837.204217980@linuxfoundation.org> References: <20210512144837.204217980@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hans de Goede [ Upstream commit 5e3f5973c8dfd2b80268f1825ed2f2ddf81d3267 ] Make init_bios_attributes() ACPI object parsing more robust: 1. Always check that the type of the return ACPI object is package, rather then only checking this for instance_id == 0 2. Check that the package has the minimum amount of elements which will be consumed by the populate_foo_data() for the attr_type Note/TODO: The populate_foo_data() functions should also be made more robust. The should check the type of each of the elements matches the type which they expect and in case of populate_enum_data() obj->package.count should be passed to it as an argument and it should re-check this itself since it consume a variable number of elements. Fixes: e8a60aa7404b ("platform/x86: Introduce support for Systems Management Driver over WMI for Dell Systems") Cc: Divya Bharathi Cc: Mario Limonciello Signed-off-by: Hans de Goede Link: https://lore.kernel.org/r/20210321121607.35717-1-hdegoede@redhat.com Signed-off-by: Sasha Levin --- .../x86/dell/dell-wmi-sysman/sysman.c | 32 ++++++++++++++++--- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c b/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c index 7410ccae650c..a90ae6ba4a73 100644 --- a/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c +++ b/drivers/platform/x86/dell/dell-wmi-sysman/sysman.c @@ -399,6 +399,7 @@ static int init_bios_attributes(int attr_type, const char *guid) union acpi_object *obj = NULL; union acpi_object *elements; struct kset *tmp_set; + int min_elements; /* instance_id needs to be reset for each type GUID * also, instance IDs are unique within GUID but not across @@ -409,14 +410,38 @@ static int init_bios_attributes(int attr_type, const char *guid) retval = alloc_attributes_data(attr_type); if (retval) return retval; + + switch (attr_type) { + case ENUM: min_elements = 8; break; + case INT: min_elements = 9; break; + case STR: min_elements = 8; break; + case PO: min_elements = 4; break; + default: + pr_err("Error: Unknown attr_type: %d\n", attr_type); + return -EINVAL; + } + /* need to use specific instance_id and guid combination to get right data */ obj = get_wmiobj_pointer(instance_id, guid); - if (!obj || obj->type != ACPI_TYPE_PACKAGE) + if (!obj) return -ENODEV; - elements = obj->package.elements; mutex_lock(&wmi_priv.mutex); - while (elements) { + while (obj) { + if (obj->type != ACPI_TYPE_PACKAGE) { + pr_err("Error: Expected ACPI-package type, got: %d\n", obj->type); + retval = -EIO; + goto err_attr_init; + } + + if (obj->package.count < min_elements) { + pr_err("Error: ACPI-package does not have enough elements: %d < %d\n", + obj->package.count, min_elements); + goto nextobj; + } + + elements = obj->package.elements; + /* sanity checking */ if (elements[ATTR_NAME].type != ACPI_TYPE_STRING) { pr_debug("incorrect element type\n"); @@ -481,7 +506,6 @@ nextobj: kfree(obj); instance_id++; obj = get_wmiobj_pointer(instance_id, guid); - elements = obj ? obj->package.elements : NULL; } mutex_unlock(&wmi_priv.mutex); -- 2.30.2