mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers/acpi
History
Rafael J. Wysocki 38e251d356 ACPICA: Fix error code path in acpi_ds_call_control_method() 
[ Upstream commit 404ec60438 ]

A use-after-free in acpi_ps_parse_aml() after a failing invocaion of
acpi_ds_call_control_method() is reported by KASAN [1] and code
inspection reveals that next_walk_state pushed to the thread by
acpi_ds_create_walk_state() is freed on errors, but it is not popped
from the thread beforehand.  Thus acpi_ds_get_current_walk_state()
called by acpi_ps_parse_aml() subsequently returns it as the new
walk state which is incorrect.

To address this, make acpi_ds_call_control_method() call
acpi_ds_pop_walk_state() to pop next_walk_state from the thread before
returning an error.

Link: https://lore.kernel.org/linux-acpi/20221019073443.248215-1-chenzhongjin@huawei.com/ # [1]
Reported-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-01-07 12:07:31 +01:00
..
acpica ACPICA: Fix error code path in acpi_ds_call_control_method() 2023-01-07 12:07:31 +01:00
apei ACPI/APEI: Limit printable size of BERT table data 2022-04-20 09:06:38 +02:00
arm64 ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() 2019-08-25 10:51:31 +02:00
dptf
nfit ACPI: NFIT: Fix support for virtual SPA ranges 2021-08-26 08:37:22 -04:00
pmic ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses 2021-11-26 11:48:39 +01:00
Kconfig
Makefile ACPI: tables: Add custom DSDT file as makefile prerequisite 2021-07-20 16:21:00 +02:00
ac.c
acpi_amba.c ACPI: AMBA: Fix resource name in /proc/iomem 2021-07-20 16:21:14 +02:00
acpi_apd.c
acpi_cmos_rtc.c
acpi_configfs.c ACPI: configfs: add missing check after configfs_register_default_group() 2021-03-03 17:44:41 +01:00
acpi_dbg.c ACPI: debug: don't allow debugging when ACPI is disabled 2020-11-10 10:23:56 +01:00
acpi_extlog.c ACPI / extlog: Check for RDMSR failure 2020-11-10 10:23:56 +01:00
acpi_ipmi.c
acpi_lpat.c
acpi_lpss.c ACPI / LPSS: Ignore acpi_device_fix_up_power() return value 2019-12-05 15:34:18 +01:00
acpi_memhotplug.c mm/memory_hotplug: make add_memory() take the device_hotplug_lock 2019-11-28 18:28:51 +01:00
acpi_pad.c ACPI: acpi_pad: Fix memory leak in power saving threads 2018-05-30 07:50:43 +02:00
acpi_platform.c ACPI / platform: Add SMB0001 HID to forbidden_id_list 2018-11-27 16:09:41 +01:00
acpi_pnp.c ACPI: PNP: compare the string length in the matching_id() 2020-12-29 13:45:03 +01:00
acpi_processor.c Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" 2017-12-20 10:07:26 +01:00
acpi_video.c ACPI: video: Add Toshiba Satellite/Portege Z830 quirk 2022-10-26 13:15:45 +02:00
acpi_watchdog.c ACPI: watchdog: Allow disabling WDAT at boot 2020-03-20 09:07:56 +01:00
battery.c ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 2022-03-28 08:06:06 +02:00
battery.h
bgrt.c
blacklist.c
bus.c ACPI: bus: Call kobject_put() in acpi_init() error path 2021-07-20 16:21:00 +02:00
button.c
cm_sbs.c
container.c
cppc_acpi.c ACPI: CPPC: Avoid out of bounds access when parsing _CPC data 2022-04-20 09:06:40 +02:00
custom_method.c ACPI: custom_method: fix a possible memory leak 2021-05-22 10:40:15 +02:00
debugfs.c
device_pm.c ACPI: PM: Avoid using power resources if there are none for D0 2020-06-20 10:24:09 +02:00
device_sysfs.c ACPI: sysfs: Fix a buffer overrun problem with description_show() 2021-07-20 16:21:01 +02:00
dock.c
ec.c ACPI: EC: Reference count query handlers under lock 2020-10-01 20:40:05 +02:00
ec_sys.c ACPI: EC: Fix debugfs_create_*() usage 2018-04-13 19:48:10 +02:00
event.c
evged.c ACPI: GED: fix -Wformat 2020-11-22 09:58:15 +01:00
fan.c
glue.c ACPI / scan: Prefer devices without _HID/_CID for _ADR matching 2018-01-31 12:55:52 +01:00
gsi.c
hed.c
internal.h ACPI: scan: Use unique number for instance_no 2021-03-30 14:41:41 +02:00
ioapic.c
numa.c ACPI: NUMA: Use correct type for printing addresses on i386-PAE 2019-02-20 10:18:28 +01:00
nvs.c
osi.c
osl.c ACPI: OSL: only free map once in osl.c 2019-12-21 10:42:05 +01:00
pci_irq.c ACPI / PCI: fix acpi_pci_irq_enable() memory leak 2019-10-05 12:30:26 +02:00
pci_link.c
pci_mcfg.c
pci_root.c PCI/ACPI: Correct error message for ASPM disabling 2019-11-25 09:52:26 +01:00
pci_slot.c
power.c ACPI: power: Skip duplicate power resource references in _PRx 2019-01-16 22:12:32 +01:00
proc.c
processor_core.c Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" 2017-12-20 10:07:26 +01:00
processor_driver.c ACPI/processor: Replace racy task affinity logic 2018-03-24 11:00:09 +01:00
processor_idle.c ACPI: processor idle: Fix up C-state latency if not ordered 2021-07-20 16:20:59 +02:00
processor_pdc.c
processor_perflib.c ACPI: processor_perflib: Do not send _PPC change notification if not ready 2018-05-30 07:50:24 +02:00
processor_thermal.c
processor_throttling.c ACPI/processor: Replace racy task affinity logic 2018-03-24 11:00:09 +01:00
property.c
reboot.c
resource.c Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" 2020-12-29 13:45:03 +01:00
sbs.c ACPI / SBS: Fix GPE storm on recent MacBookPro's 2019-04-20 09:07:52 +02:00
sbshc.c ACPI / SBS: Fix rare oops when removing modules 2019-11-25 09:53:39 +01:00
sbshc.h
scan.c ACPI: scan: Fix a memory leak in an error handling path 2021-05-22 10:40:32 +02:00
sleep.c ACPI / PM: save NVS memory for ASUS 1025C laptop 2018-08-22 07:47:15 +02:00
sleep.h ACPI / power: Delay turning off unused power resources after suspend 2018-03-24 11:00:20 +01:00
spcr.c
sysfs.c ACPI: sysfs: Fix pm_profile_attr type 2020-06-30 15:38:44 -04:00
tables.c
thermal.c ACPI: thermal: Do not call acpi_thermal_check() directly 2021-02-10 09:09:27 +01:00
utils.c
video_detect.c ACPI: video: Force backlight native for more TongFang devices 2022-11-03 23:49:15 +09:00
wakeup.c