Commit f4327bad authored Oct 11, 2024 by Jonathan Cameron Committed by Heyuan Wang Oct 11, 2024

arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry

mainline inclusion
from mainline-v6.11-rc1
commit 2488444274c70038eb6b686cba5f1ce48ebb9cdd
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAU9OA
CVE: CVE-2024-46822

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2488444274c70038eb6b686cba5f1ce48ebb9cdd



--------------------------------

In a review discussion of the changes to support vCPU hotplug where
a check was added on the GICC being enabled if was online, it was
noted that there is need to map back to the cpu and use that to index
into a cpumask. As such, a valid ID is needed.

If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible
for the entry in cpu_madt_gicc[cpu] == NULL.  This function would
then cause a NULL pointer dereference.   Whilst a path to trigger
this has not been established, harden this caller against the
possibility.

Reviewed-by: Gavin Shan <gshan@redhat.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/20240529133446.28446-13-Jonathan.Cameron@huawei.com


Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: wangheyuan <wangheyuan2@h-partners.com>

parent f7c1291d

arch/arm64/include/asm/acpi.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -124,7 +124,8 @@ static inline int get_cpu_for_acpi_id(u32 uid)
		int cpu;

		for (cpu = 0; cpu < nr_cpu_ids; cpu++)
		if (uid == get_acpi_id_for_cpu(cpu))
		if (acpi_cpu_get_madt_gicc(cpu) &&
		uid == get_acpi_id_for_cpu(cpu))
		return cpu;

		return -EINVAL;