4.19-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 3 Apr 2022 13:49:35 +0000 (15:49 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 3 Apr 2022 13:49:35 +0000 (15:49 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 3 Apr 2022 13:49:35 +0000 (15:49 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 3 Apr 2022 13:49:35 +0000 (15:49 +0200)
diff --git a/queue-4.19/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch b/queue-4.19/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch

new file mode 100644 (file)

index 0000000..7a9e0c9
--- /dev/null
+++ b/queue-4.19/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch
@@ -0,0 +1,37 @@
+From 40d8abf364bcab23bc715a9221a3c8623956257b Mon Sep 17 00:00:00 2001
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Tue, 22 Mar 2022 17:02:05 +0100
+Subject: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
+
+From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+
+commit 40d8abf364bcab23bc715a9221a3c8623956257b upstream.
+
+If the NumEntries field in the _CPC return package is less than 2, do
+not attempt to access the "Revision" element of that package, because
+it may not be present then.
+
+Fixes: 337aadff8e45 ("ACPI: Introduce CPU performance controls using CPPC")
+BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/
+Reported-by: kernel test robot <oliver.sang@intel.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Reviewed-by: Huang Rui <ray.huang@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/acpi/cppc_acpi.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/acpi/cppc_acpi.c
++++ b/drivers/acpi/cppc_acpi.c
+@@ -742,6 +742,11 @@ int acpi_cppc_processor_probe(struct acp
+       cpc_obj = &out_obj->package.elements[0];
+       if (cpc_obj->type == ACPI_TYPE_INTEGER) {
+               num_ent = cpc_obj->integer.value;
++              if (num_ent <= 1) {
++                      pr_debug("Unexpected _CPC NumEntries value (%d) for CPU:%d\n",
++                               num_ent, pr->id);
++                      goto out_free;
++              }
+       } else {
+               pr_debug("Unexpected entry type(%d) for NumEntries\n",
+                               cpc_obj->type);
diff --git a/queue-4.19/series b/queue-4.19/series

index fd5e2969623ebce6cece191675894940f688f265..4fba7dfa229a208d4738b163f958da3ddaeb61d7 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -243,3 +243,4 @@ can-mcba_usb-properly-check-endpoint-type.patch
  gfs2-make-sure-fitrim-minlen-is-rounded-up-to-fs-block-size.patch
  pinctrl-pinconf-generic-print-arguments-for-bias-pull.patch
  ubi-fix-race-condition-between-ctrl_cdev_ioctl-and-ubi_cdev_ioctl.patch
+acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 3 Apr 2022 13:49:35 +0000 (15:49 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 3 Apr 2022 13:49:35 +0000 (15:49 +0200)
queue-4.19/acpi-cppc-avoid-out-of-bounds-access-when-parsing-_cpc-data.patch	[new file with mode: 0644]	patch \| blob
queue-4.19/series		patch \| blob \| blame \| history