Unverified Commit ac905ba3 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!12214 platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses 

Merge Pull Request from: @ci-robot 
 
PR sync from: Wupeng Ma <mawupeng1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/KB7U65SD4APO3QWC2PLJUOKHQMSMGW7H/ 
 
https://gitee.com/src-openeuler/kernel/issues/IAUA6B 
 
Link:https://gitee.com/openeuler/kernel/pulls/12214

 

Reviewed-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents 535bd9e3 8744d3be

drivers/platform/x86/panasonic-laptop.c

+39 −10
Original line number Diff line number Diff line
@@ -773,6 +773,24 @@ static DEVICE_ATTR_RW(dc_brightness); 
static DEVICE_ATTR_RW(current_brightness);

static DEVICE_ATTR_RW(cdpower);



static umode_t pcc_sysfs_is_visible(struct kobject *kobj, struct attribute *attr, int idx)

{

	struct device *dev = kobj_to_dev(kobj);

	struct acpi_device *acpi = to_acpi_device(dev);

	struct pcc_acpi *pcc = acpi_driver_data(acpi);



	if (attr == &dev_attr_mute.attr)

		return (pcc->num_sifr > SINF_MUTE) ? attr->mode : 0;



	if (attr == &dev_attr_eco_mode.attr)

		return (pcc->num_sifr > SINF_ECO_MODE) ? attr->mode : 0;



	if (attr == &dev_attr_current_brightness.attr)

		return (pcc->num_sifr > SINF_CUR_BRIGHT) ? attr->mode : 0;



	return attr->mode;

}



static struct attribute *pcc_sysfs_entries[] = {

	&dev_attr_numbatt.attr,

	&dev_attr_lcdtype.attr,
@@ -789,6 +807,7 @@ static struct attribute *pcc_sysfs_entries[] = { 
static const struct attribute_group pcc_attr_group = {

	.name		= NULL,		/* put in device directory */

	.attrs		= pcc_sysfs_entries,

	.is_visible	= pcc_sysfs_is_visible,

};
@@ -941,11 +960,14 @@ static int acpi_pcc_hotkey_resume(struct device *dev) 
	if (!pcc)

		return -EINVAL;



	if (pcc->num_sifr > SINF_MUTE)

		acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute);

	if (pcc->num_sifr > SINF_ECO_MODE)

		acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode);

	acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, pcc->sticky_key);

	acpi_pcc_write_sset(pcc, SINF_AC_CUR_BRIGHT, pcc->ac_brightness);

	acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, pcc->dc_brightness);

	if (pcc->num_sifr > SINF_CUR_BRIGHT)

		acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness);



	return 0;
@@ -963,8 +985,12 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) 


	num_sifr = acpi_pcc_get_sqty(device);



	if (num_sifr < 0 || num_sifr > 255) {

		pr_err("num_sifr out of range");

	/*

	 * pcc->sinf is expected to at least have the AC+DC brightness entries.

	 * Accesses to higher SINF entries are checked against num_sifr.

	 */

	if (num_sifr <= SINF_DC_CUR_BRIGHT || num_sifr > 255) {

		pr_err("num_sifr %d out of range %d - 255\n", num_sifr, SINF_DC_CUR_BRIGHT + 1);

		return -ENODEV;

	}
@@ -1020,10 +1046,13 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) 
	acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, 0);

	pcc->sticky_key = 0;



	pcc->eco_mode = pcc->sinf[SINF_ECO_MODE];

	pcc->mute = pcc->sinf[SINF_MUTE];

	pcc->ac_brightness = pcc->sinf[SINF_AC_CUR_BRIGHT];

	pcc->dc_brightness = pcc->sinf[SINF_DC_CUR_BRIGHT];

	if (pcc->num_sifr > SINF_MUTE)

		pcc->mute = pcc->sinf[SINF_MUTE];

	if (pcc->num_sifr > SINF_ECO_MODE)

		pcc->eco_mode = pcc->sinf[SINF_ECO_MODE];

	if (pcc->num_sifr > SINF_CUR_BRIGHT)

		pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT];



	/* add sysfs attributes */