Unverified Commit 81248561 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!13303 v2 fix CVE-2024-50141 

Merge Pull Request from: @ci-robot 
 
PR sync from: Xiangwei Li <liwei728@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/DJ2BMIVA5OQ6HHM2VGRT33CKVCWOEC35/ 
Dan Carpenter (1):
  ACPI: PRM: Clean up guid type in struct prm_handler_info

Koba Ko (1):
  ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/IB2SU5 
 
Link:https://gitee.com/openeuler/kernel/pulls/13303

 

Reviewed-by: default avatarXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: default avatarLi Nan <linan122@huawei.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents dcc36161 f740aaf3

drivers/acpi/prmt.c

+23 −6
Original line number Diff line number Diff line
@@ -52,7 +52,7 @@ struct prm_context_buffer { 
static LIST_HEAD(prm_module_list);



struct prm_handler_info {

	guid_t guid;

	efi_guid_t guid;

	void *handler_addr;

	u64 static_data_buffer_addr;

	u64 acpi_param_buffer_addr;
@@ -72,16 +72,20 @@ struct prm_module_info { 
	struct prm_handler_info handlers[];

};



static u64 efi_pa_va_lookup(u64 pa)

static u64 efi_pa_va_lookup(efi_guid_t *guid, u64 pa)

{

	efi_memory_desc_t *md;

	u64 pa_offset = pa & ~PAGE_MASK;

	u64 page = pa & PAGE_MASK;



	for_each_efi_memory_desc(md) {

		if (md->phys_addr < pa && pa < md->phys_addr + PAGE_SIZE * md->num_pages)

		if ((md->attribute & EFI_MEMORY_RUNTIME) &&

		    (md->phys_addr < pa && pa < md->phys_addr + PAGE_SIZE * md->num_pages)) {

			return pa_offset + md->virt_addr + page - md->phys_addr;

		}

	}



	pr_warn("Failed to find VA for GUID: %pUL, PA: 0x%llx", guid, pa);



	return 0;

}
@@ -148,9 +152,15 @@ acpi_parse_prmt(union acpi_subtable_headers *header, const unsigned long end) 
		th = &tm->handlers[cur_handler];



		guid_copy(&th->guid, (guid_t *)handler_info->handler_guid);

		th->handler_addr = (void *)efi_pa_va_lookup(handler_info->handler_address);

		th->static_data_buffer_addr = efi_pa_va_lookup(handler_info->static_data_buffer_address);

		th->acpi_param_buffer_addr = efi_pa_va_lookup(handler_info->acpi_param_buffer_address);

		th->handler_addr =

			(void *)efi_pa_va_lookup(&th->guid, handler_info->handler_address);



		th->static_data_buffer_addr =

			efi_pa_va_lookup(&th->guid, handler_info->static_data_buffer_address);



		th->acpi_param_buffer_addr =

			efi_pa_va_lookup(&th->guid, handler_info->acpi_param_buffer_address);



	} while (++cur_handler < tm->handler_count && (handler_info = get_next_handler(handler_info)));



	return 0;
@@ -253,6 +263,13 @@ static acpi_status acpi_platformrt_space_handler(u32 function, 
		if (!handler || !module)

			goto invalid_guid;



		if (!handler->handler_addr ||

		    !handler->static_data_buffer_addr ||

		    !handler->acpi_param_buffer_addr) {

			buffer->prm_status = PRM_HANDLER_ERROR;

			return AE_OK;

		}



		ACPI_COPY_NAMESEG(context.signature, "PRMC");

		context.revision = 0x0;

		context.reserved = 0x0;