Commit 55b74e68 authored Oct 22, 2024 by Jonathan Cameron Committed by Heyuan Wang Oct 22, 2024

arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry

stable inclusion
from stable-v5.10.226
commit 4c3b21204abb4fa3ab310fbbb5cf7f0e85f3a1bc
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAU9OA
CVE: CVE-2024-46822

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4c3b21204abb



--------------------------------

[ Upstream commit 2488444274c70038eb6b686cba5f1ce48ebb9cdd ]

In a review discussion of the changes to support vCPU hotplug where
a check was added on the GICC being enabled if was online, it was
noted that there is need to map back to the cpu and use that to index
into a cpumask. As such, a valid ID is needed.

If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible
for the entry in cpu_madt_gicc[cpu] == NULL.  This function would
then cause a NULL pointer dereference.   Whilst a path to trigger
this has not been established, harden this caller against the
possibility.

Reviewed-by: Gavin Shan <gshan@redhat.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/20240529133446.28446-13-Jonathan.Cameron@huawei.com


Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: wangheyuan <wangheyuan2@h-partners.com>

parent 10a7462e

arch/arm64/include/asm/acpi.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -105,7 +105,8 @@ static inline int get_cpu_for_acpi_id(u32 uid)
		int cpu;

		for (cpu = 0; cpu < nr_cpu_ids; cpu++)
		if (uid == get_acpi_id_for_cpu(cpu))
		if (acpi_cpu_get_madt_gicc(cpu) &&
		uid == get_acpi_id_for_cpu(cpu))
		return cpu;

		return -EINVAL;