tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'acpi-6.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fix from Rafael Wysocki:
"Fix ACPI PPTT parsing code to address a regression introduced recently
and add more sanity checking of data supplied by the platform firmware
to avoid using invalid data (Jeremy Linton)"

* tag 'acpi-6.15-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: PPTT: Fix processor subtable walk

Linus Torvalds 3c21441e bd8bb9f3

+8 -3
+8 -3
drivers/acpi/pptt.c
··· 231 231 sizeof(struct acpi_table_pptt)); 232 232 proc_sz = sizeof(struct acpi_pptt_processor); 233 233 234 - while ((unsigned long)entry + proc_sz < table_end) { 234 + /* ignore subtable types that are smaller than a processor node */ 235 + while ((unsigned long)entry + proc_sz <= table_end) { 235 236 cpu_node = (struct acpi_pptt_processor *)entry; 237 + 236 238 if (entry->type == ACPI_PPTT_TYPE_PROCESSOR && 237 239 cpu_node->parent == node_entry) 238 240 return 0; 239 241 if (entry->length == 0) 240 242 return 0; 243 + 241 244 entry = ACPI_ADD_PTR(struct acpi_subtable_header, entry, 242 245 entry->length); 243 - 244 246 } 245 247 return 1; 246 248 } ··· 275 273 proc_sz = sizeof(struct acpi_pptt_processor); 276 274 277 275 /* find the processor structure associated with this cpuid */ 278 - while ((unsigned long)entry + proc_sz < table_end) { 276 + while ((unsigned long)entry + proc_sz <= table_end) { 279 277 cpu_node = (struct acpi_pptt_processor *)entry; 280 278 281 279 if (entry->length == 0) { 282 280 pr_warn("Invalid zero length subtable\n"); 283 281 break; 284 282 } 283 + /* entry->length may not equal proc_sz, revalidate the processor structure length */ 285 284 if (entry->type == ACPI_PPTT_TYPE_PROCESSOR && 286 285 acpi_cpu_id == cpu_node->acpi_processor_id && 286 + (unsigned long)entry + entry->length <= table_end && 287 + entry->length == proc_sz + cpu_node->number_of_priv_resources * sizeof(u32) && 287 288 acpi_pptt_leaf_node(table_hdr, cpu_node)) { 288 289 return (struct acpi_pptt_processor *)entry; 289 290 }