Commit 7c1bd64a authored Nov 16, 2024 by Antonio Quartulli Committed by Xia Fukun Nov 16, 2024

drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

mainline inclusion
from mainline-v6.12-rc7
commit a6dd15981c03f2cdc9a351a278f09b5479d53d2e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2BX5
CVE: CVE-2024-50117

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a6dd15981c03f2cdc9a351a278f09b5479d53d2e



--------------------------------

acpi_evaluate_object() may return AE_NOT_FOUND (failure), which
would result in dereferencing buffer.pointer (obj) while being NULL.

Although this case may be unrealistic for the current code, it is
still better to protect against possible bugs.

Bail out also when status is AE_NOT_FOUND.

This fixes 1 FORWARD_NULL issue reported by Coverity
Report: CID 1600951:  Null pointer dereferences  (FORWARD_NULL)

Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
Fixes: c9b7c809b89f ("drm/amd: Guard against bad data for ATIF ACPI method")
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20241031152848.4716-1-antonio@mandelbit.com


Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
(cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)
Cc: stable@vger.kernel.org
Signed-off-by: Xia Fukun <xiafukun@huawei.com>

parent bb62fec9

drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -115,8 +115,8 @@ static union acpi_object amdgpu_atif_call(struct amdgpu_atif atif,
		&buffer);
		obj = (union acpi_object *)buffer.pointer;

		/* Fail if calling the method fails and ATIF is supported */
		if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) {
		/* Fail if calling the method fails */
		if (ACPI_FAILURE(status)) {
		DRM_DEBUG_DRIVER("failed to evaluate ATIF got %s\n",
		acpi_format_exception(status));
		kfree(obj);