Commit 2004b49f authored Oct 02, 2024 by Mark Pearson Committed by Wen Zhiwei Nov 06, 2024

platform/x86: think-lmi: Fix password opcode ordering for workstations

stable inclusion
from stable-v6.6.55
commit 2deb10a99671afda30f834e95e5b992a805bba6a
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IB0MX4

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2deb10a99671afda30f834e95e5b992a805bba6a



--------------------------------

[ Upstream commit 6f7d0f5fd8e440c3446560100ac4ff9a55eec340 ]

The Lenovo workstations require the password opcode to be run before
the attribute value is changed (if Admin password is enabled).

Tested on some Thinkpads to confirm they are OK with this order too.

Signed-off-by: Mark Pearson <mpearson-lenovo@squebb.ca>
Fixes: 640a5fa5 ("platform/x86: think-lmi: Opcode support")
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20240209152359.528919-1-mpearson-lenovo@squebb.ca


Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
(cherry picked from commit 6f7d0f5fd8e440c3446560100ac4ff9a55eec340)
[Harshit: CVE-2024-26836; Resolve conflicts due to missing commit:
 318d97849fc2 ("platform/x86: think-lmi: Add bulk save feature") which is
 not in 6.6.y]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Wen Zhiwei <wenzhiwei@kylinos.cn>

parent 8d6d3a61

drivers/platform/x86/think-lmi.c

+9 −7

Original line number	Diff line number	Diff line
		@@ -1021,7 +1021,16 @@ static ssize_t current_value_store(struct kobject *kobj,
		* Note - this sets the variable and then the password as separate
		* WMI calls. Function tlmi_save_bios_settings will error if the
		* password is incorrect.
		* Workstation's require the opcode to be set before changing the
		* attribute.
		*/
		if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password[0]) {
		ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin",
		tlmi_priv.pwd_admin->password);
		if (ret)
		goto out;
		}

		set_str = kasprintf(GFP_KERNEL, "%s,%s;", setting->display_name,
		new_setting);
		if (!set_str) {
		@@ -1033,13 +1042,6 @@ static ssize_t current_value_store(struct kobject *kobj,
		if (ret)
		goto out;

		if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password[0]) {
		ret = tlmi_opcode_setting("WmiOpcodePasswordAdmin",
		tlmi_priv.pwd_admin->password);
		if (ret)
		goto out;
		}

		ret = tlmi_save_bios_settings("");
		} else { /* old non-opcode based authentication method (deprecated) */
		if (tlmi_priv.pwd_admin->valid && tlmi_priv.pwd_admin->password[0]) {