Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers/acpi
History
Suraj Sonawane 5af95e7013 acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl 
[ Upstream commit 265e98f72bac6c41a4492d3e30a8e5fd22fe0779 ]

Fix an issue detected by syzbot with KASAN:

BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/
core.c:416 [inline]
BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0
drivers/acpi/nfit/core.c:459

The issue occurs in cmd_to_func when the call_pkg->nd_reserved2
array is accessed without verifying that call_pkg points to a buffer
that is appropriately sized as a struct nd_cmd_pkg. This can lead
to out-of-bounds access and undefined behavior if the buffer does not
have sufficient space.

To address this, a check was added in acpi_nfit_ctl() to ensure that
buf is not NULL and that buf_len is less than sizeof(*call_pkg)
before accessing it. This ensures safe access to the members of
call_pkg, including the nd_reserved2 array.

Reported-by: syzbot+7534f060ebda6b8b51b3@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=7534f060ebda6b8b51b3
Tested-by: syzbot+7534f060ebda6b8b51b3@syzkaller.appspotmail.com
Fixes: ebe9f6f19d80 ("acpi/nfit: Fix bus command validation")
Signed-off-by: Suraj Sonawane <surajsonawane0215@gmail.com>
Reviewed-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://patch.msgid.link/20241118162609.29063-1-surajsonawane0215@gmail.com
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-01-02 17:00:49 +01:00
..
acpica Revert "ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails" 2024-11-24 00:23:10 +01:00
apei ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events 2024-11-18 12:13:09 +01:00
arm64 acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() 2024-12-17 13:23:59 +01:00
dptf Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nfit acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl 2025-01-02 17:00:49 +01:00
numa Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pmic Revert "ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()" 2024-11-24 00:23:31 +01:00
x86 ACPI: x86: Force StorageD3Enable on more products 2024-11-19 14:19:30 +01:00
ac.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_adxl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_amba.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_apd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_cmos_rtc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_configfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_dbg.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_extlog.c ACPI: extlog: fix NULL pointer dereference check 2024-11-18 12:13:09 +01:00
acpi_ipmi.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_lpat.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_lpit.c ACPI: LPIT: Avoid u32 multiplication overflow 2024-11-18 12:12:20 +01:00
acpi_lpss.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_memhotplug.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_pad.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_platform.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_pnp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_processor.c Revert "ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add()" 2024-11-24 00:23:37 +01:00
acpi_tad.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
acpi_video.c ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop 2024-11-18 12:13:09 +01:00
acpi_watchdog.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
battery.c Revert "ACPI: battery: Simplify battery hook locking" 2024-11-24 00:23:00 +01:00
bgrt.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
blacklist.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bus.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
button.c ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue 2024-11-23 23:22:01 +01:00
container.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cppc_acpi.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
custom_method.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
debugfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
device_pm.c ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint 2024-11-19 14:19:30 +01:00
device_sysfs.c Revert "ACPI: sysfs: validate return type of _STR method" 2024-11-24 00:23:16 +01:00
dock.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ec.c Revert "ACPI: EC: Do not release locks during operation region accesses" 2024-11-24 00:23:10 +01:00
ec_sys.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
event.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
evged.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fan.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fan.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
glue.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hed.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
internal.h ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint 2024-11-19 14:19:30 +01:00
ioapic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
irq.c ACPI: irq: Fix incorrect return value in acpi_register_gsi() 2024-11-08 11:26:19 +01:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nvs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
osi.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
osl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pci_irq.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pci_link.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pci_mcfg.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pci_root.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pci_slot.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
power.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pptt.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
proc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
processor_core.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
processor_driver.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
processor_idle.c ACPI: processor_idle: Fix invalid comparison with insertion sort for latency 2024-11-19 14:19:50 +01:00
processor_pdc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
processor_perflib.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
processor_thermal.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
processor_throttling.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
property.c acpi: property: Let args be NULL in __acpi_node_get_property_reference 2024-11-18 12:12:49 +01:00
reboot.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
resource.c Revert "ACPI: resource: Add another DMI match for the TongFang GMxXGxx" 2024-11-24 00:23:16 +01:00
sbs.c ACPI: SBS: manage alarm sysfs attribute through psy core 2024-11-23 23:20:23 +01:00
sbshc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sbshc.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
scan.c ACPI: scan: Fix device check notification handling 2024-11-19 08:44:47 +01:00
sleep.c Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" 2024-11-19 09:23:14 +01:00
sleep.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
spcr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sysfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tables.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
thermal.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tiny-power-button.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
utils.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
video_detect.c ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 2024-11-19 14:19:06 +01:00
wakeup.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00