Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-23 12:42:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
4dea6e898c
linux/drivers/acpi/acpi_configfs.c
Qinglang Miao 67e40054de ACPI: configfs: add missing check after configfs_register_default_group() 
A list_add corruption is reported by Hulk Robot like this:
==============
list_add corruption.
Call Trace:
link_obj+0xc0/0x1c0
link_group+0x21/0x140
configfs_register_subsystem+0xdb/0x380
acpi_configfs_init+0x25/0x1000 [acpi_configfs]
do_one_initcall+0x149/0x820
do_init_module+0x1ef/0x720
load_module+0x35c8/0x4380
__do_sys_finit_module+0x10d/0x1a0
do_syscall_64+0x34/0x80

It's because of the missing check after configfs_register_default_group,
where configfs_unregister_subsystem should be called once failure.

Fixes: 612bd01fc6 ("ACPI: add support for loading SSDTs via configfs")
Reported-by: Hulk Robot <hulkci@huawei.com>
Suggested-by: Hanjun Guo <guohanjun@huawei.com>
Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
Cc: 4.10+ <stable@vger.kernel.org> # 4.10+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2021-01-22 16:35:34 +01:00

290 lines
6.5 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0-only
/*
* ACPI configfs support
*
* Copyright (c) 2016 Intel Corporation
*/
#define pr_fmt(fmt) "ACPI configfs: " fmt
#include <linux/init.h>
#include <linux/module.h>
#include <linux/configfs.h>
#include <linux/acpi.h>
#include <linux/security.h>
#include "acpica/accommon.h"
#include "acpica/actables.h"
static struct config_group *acpi_table_group;
struct acpi_table {
struct config_item cfg;
struct acpi_table_header *header;
u32 index;
};
static ssize_t acpi_table_aml_write(struct config_item *cfg,
const void *data, size_t size)
{
const struct acpi_table_header *header = data;
struct acpi_table *table;
int ret = security_locked_down(LOCKDOWN_ACPI_TABLES);
if (ret)
return ret;
table = container_of(cfg, struct acpi_table, cfg);
if (table->header) {
pr_err("table already loaded\n");
return -EBUSY;
}
if (header->length != size) {
pr_err("invalid table length\n");
return -EINVAL;
}
if (memcmp(header->signature, ACPI_SIG_SSDT, 4)) {
pr_err("invalid table signature\n");
return -EINVAL;
}
table = container_of(cfg, struct acpi_table, cfg);
table->header = kmemdup(header, header->length, GFP_KERNEL);
if (!table->header)
return -ENOMEM;
ret = acpi_load_table(table->header, &table->index);
if (ret) {
kfree(table->header);
table->header = NULL;
}
return ret;
}
static inline struct acpi_table_header *get_header(struct config_item *cfg)
{
struct acpi_table *table = container_of(cfg, struct acpi_table, cfg);
if (!table->header)
pr_err("table not loaded\n");
return table->header;
}
static ssize_t acpi_table_aml_read(struct config_item *cfg,
void *data, size_t size)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
if (data)
memcpy(data, h, h->length);
return h->length;
}
#define MAX_ACPI_TABLE_SIZE (128 * 1024)
CONFIGFS_BIN_ATTR(acpi_table_, aml, NULL, MAX_ACPI_TABLE_SIZE);
static struct configfs_bin_attribute *acpi_table_bin_attrs[] = {
&acpi_table_attr_aml,
NULL,
};
static ssize_t acpi_table_signature_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
return sprintf(str, "%.*s\n", ACPI_NAMESEG_SIZE, h->signature);
}
static ssize_t acpi_table_length_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
return sprintf(str, "%d\n", h->length);
}
static ssize_t acpi_table_revision_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
return sprintf(str, "%d\n", h->revision);
}
static ssize_t acpi_table_oem_id_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
return sprintf(str, "%.*s\n", ACPI_OEM_ID_SIZE, h->oem_id);
}
static ssize_t acpi_table_oem_table_id_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
return sprintf(str, "%.*s\n", ACPI_OEM_TABLE_ID_SIZE, h->oem_table_id);
}
static ssize_t acpi_table_oem_revision_show(struct config_item *cfg, char *str)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
return sprintf(str, "%d\n", h->oem_revision);
}
static ssize_t acpi_table_asl_compiler_id_show(struct config_item *cfg,
char *str)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
return sprintf(str, "%.*s\n", ACPI_NAMESEG_SIZE, h->asl_compiler_id);
}
static ssize_t acpi_table_asl_compiler_revision_show(struct config_item *cfg,
char *str)
{
struct acpi_table_header *h = get_header(cfg);
if (!h)
return -EINVAL;
return sprintf(str, "%d\n", h->asl_compiler_revision);
}
CONFIGFS_ATTR_RO(acpi_table_, signature);
CONFIGFS_ATTR_RO(acpi_table_, length);
CONFIGFS_ATTR_RO(acpi_table_, revision);
CONFIGFS_ATTR_RO(acpi_table_, oem_id);
CONFIGFS_ATTR_RO(acpi_table_, oem_table_id);
CONFIGFS_ATTR_RO(acpi_table_, oem_revision);
CONFIGFS_ATTR_RO(acpi_table_, asl_compiler_id);
CONFIGFS_ATTR_RO(acpi_table_, asl_compiler_revision);
static struct configfs_attribute *acpi_table_attrs[] = {
&acpi_table_attr_signature,
&acpi_table_attr_length,
&acpi_table_attr_revision,
&acpi_table_attr_oem_id,
&acpi_table_attr_oem_table_id,
&acpi_table_attr_oem_revision,
&acpi_table_attr_asl_compiler_id,
&acpi_table_attr_asl_compiler_revision,
NULL,
};
static const struct config_item_type acpi_table_type = {
.ct_owner = THIS_MODULE,
.ct_bin_attrs = acpi_table_bin_attrs,
.ct_attrs = acpi_table_attrs,
};
static struct config_item *acpi_table_make_item(struct config_group *group,
const char *name)
{
struct acpi_table *table;
table = kzalloc(sizeof(*table), GFP_KERNEL);
if (!table)
return ERR_PTR(-ENOMEM);
config_item_init_type_name(&table->cfg, name, &acpi_table_type);
return &table->cfg;
}
static void acpi_table_drop_item(struct config_group *group,
struct config_item *cfg)
{
struct acpi_table *table = container_of(cfg, struct acpi_table, cfg);
ACPI_INFO(("Host-directed Dynamic ACPI Table Unload"));
acpi_unload_table(table->index);
config_item_put(cfg);
}
static struct configfs_group_operations acpi_table_group_ops = {
.make_item = acpi_table_make_item,
.drop_item = acpi_table_drop_item,
};
static const struct config_item_type acpi_tables_type = {
.ct_owner = THIS_MODULE,
.ct_group_ops = &acpi_table_group_ops,
};
static const struct config_item_type acpi_root_group_type = {
.ct_owner = THIS_MODULE,
};
static struct configfs_subsystem acpi_configfs = {
.su_group = {
.cg_item = {
.ci_namebuf = "acpi",
.ci_type = &acpi_root_group_type,
},
},
.su_mutex = __MUTEX_INITIALIZER(acpi_configfs.su_mutex),
};
static int __init acpi_configfs_init(void)
{
int ret;
struct config_group *root = &acpi_configfs.su_group;
config_group_init(root);
ret = configfs_register_subsystem(&acpi_configfs);
if (ret)
return ret;
acpi_table_group = configfs_register_default_group(root, "table",
&acpi_tables_type);
if (IS_ERR(acpi_table_group)) {
configfs_unregister_subsystem(&acpi_configfs);
return PTR_ERR(acpi_table_group);
}
return 0;
}
module_init(acpi_configfs_init);
static void __exit acpi_configfs_exit(void)
{
configfs_unregister_default_group(acpi_table_group);
configfs_unregister_subsystem(&acpi_configfs);
}
module_exit(acpi_configfs_exit);
MODULE_AUTHOR("Octavian Purdila <octavian.purdila@intel.com>");
MODULE_DESCRIPTION("ACPI configfs support");
MODULE_LICENSE("GPL v2");
Reference in New Issue View Git Blame Copy Permalink